-3

I have an email header which is showing the following information, which i believe is faked.

The mail purports to be from a gmail account but I'm not sure if this is the case. Ordinarily you read the headers from the bottom up, which suggests the email came from mail-am1.bigfish.com 213.199.154.202 (a Microsoft server) but then, bizarrely, the top line of the mail looks like there's a parallel journey in from Google.

What could cause the pattern I'm seeing (could be spam as the Google server doesn't seem to exist)?

Received: from mail-yi0-f41.google.com (209.85.218.41) by AM1EHSMHS013.bigfish.com (10.3.207.151) 

Received: from AM1EHSMHS013.bigfish.com (unknown [10.3.201.249]) by mail60-am1.bigfish.com (Postfix) 

Received: from mail60-am1 (localhost.localdomain [127.0.0.1]) by mail60-am1 (MessageSwitch) 

Received: by 10.142.58.20 
Received: by 10.68.19.4 
Received: by abc25 

Received: from mail60-am1 (localhost.localdomain [127.0.0.1])   by mail60-am1-R.bigfish.com (Postfix) 

Received: from mycompanyrelay.gmessaging.net (10.90.1.161) by mymail.mycompany.com (10.90.0.178) 

Received: from mycompanyrelay.gmessaging.net (localhost.localdomain  [127.0.0.1])   by localhost.gmessaging.net (Postfix) 

Received: from mail60-am1-R.bigfish.com (mail-am1.bigfish.com [213.199.154.202])    by  mycompanyrelay.gmessaging.net
HopelessN00b
  • 53,795
  • 33
  • 135
  • 209

1 Answers1

1

While the headers look odd for a variety of reasons, not the least of which is that they're partial headers. It's entirely possible that the e-mail was originally from Microsoft, to a g-mail account, which is forwarded to another e-mail account. This will cause the e-mail to have headers from Microsoft, receiving headers from GMail, sending headers from GMail, and receiving headers for your Organization.

Chris S
  • 77,945
  • 11
  • 124
  • 216