(05-08-2016, 06:41 PM)Ron-e Wrote: If that 104.XXX.XXX.XXX is your server IP i think it's comming from your own server.
Code:Received-SPF: pass (google.com: domain of contact[at]MYDOMAINNAME.com designates 104.XXX.XXX.XXX as permitted sender) client-ip=104.XXX.XXX.XXX;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of contact[at]MYDOMAINNAME.com designates 104.XXX.XXX.XXX as permitted sender) smtp.mailfrom=contact[at]MYDOMAINNAME.com
Do you have a insecure email form on your site of maybe one of your clients?
p.s. The received: by 10.194.xxx.xxx part is i think a ip adress from gmail itself..
Thanks Ron-E! Yes, the IP 104.XXX.XXX.XXX is my server IP address. So what does this mean? They are somehow sending the email to me via my email server? How can I figure out how this is possible?
I am the only person that uses this server and it just has a handful of Drupal websites. If my email server was insecure, I assume spammers would be using my server for a lot more than it's being used now.
As for the IP address, yes I think you are right. I wasn't thinking clearly, that's a private IP address, so I guess it's gmail's internal IP address. It seems the spammer IP is identified by the line:
Code:
Received: from [41.60.100.77] (unknown [41.60.100.77])So any ideas how I can confirm this email was sent by using my server and how I can confirm/prevent it from happening in the future?
