Can this whois thing be used to trace down someone who sent me a virus? I put the IP# that was in the email and some cable company out of calgary came up, would that mean my little virus speader was from the calgary area and the cable company is thier ISP?

Thanks Danielle,

Another quik question? I just did the email address also, I had forwarded this email to abuse@hotmail.com and THEY said its was a forged email BUT according to whois it IS a valid email, Did hotmail tell a fib? or am I missing something.

Return-path: <jewels3d21@hotmail.com>
Envelope-to: webmaiden@steelsheen.com
Delivery-date: Fri, 19 Mar 2004 21:21:18 -0800
Received: from [68.150.64.57] (helo=steelsheen.com)
     by abell.lunarpages.com with esmtp (Exim 4.24)
     id 1B4Yv6-0007ex-Qm
     for webmaiden@steelsheen.com; Fri, 19 Mar 2004 21:21:16 -0800
From: jewels3d21@hotmail.com
To: webmaiden@steelsheen.com
Subject: Re: unknown
Date: Fri, 19 Mar 2004 22:20:18 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
     boundary="----=_NextPart_000_0000_000021A7.00003E43"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <E1B4Yv6-0007ex-Qm@abell.lunarpages.com>


here it is

Hi EJ,

The email jewels3d21@hotmail.com is a forged email.  People take other email/domain names of existing domains/addresses and spoof them.  Thus, this would not be the originating email address.  You aren't required when sending email to put a valid from address in that field at all, and this should never be assumed to be the originating email account.  The original, first IP noted in the first Received from: field, however, can't be forged.  It is the following (if you included the full header above that is):

Received: from [68.150.64.57]

That is the one that you would need to verify the ISP and could send a note with the full email and header to that ISP to complain.

I hope this is useful.

AND LO.
Its the same company  

Hi EJ,

Yes, it is always the very first IP listed in the very first Received: from field.  That is how the header is read.  I just look for the first one, and tell people that IP.  It is a good way to check to ensure your own IP isn't infected with a virus and sending you emails (people sometimes get them from their own domain as a bounce).

And thanks for the thanks.  

I have an odd question. I signed up with Lunarpages in January. I know that I made the necesary changes for things to point to Lunarpages, as I read the how to on whois in the how to section. Yet, a few minutes ago when I did a whois search on my domain, dreadhead7.com, the nameservers don't point to Lunarpages. Am I not seeing things right? I am sure that I own the domain name, as I purchased it two years ago. Will someone do a check to see if I'm not mistaken? How do I know if my site is truely being hosted by Lunarpages? Sorry, but I'm starting to freak out here!

Thanks in advance,

Dread

Whew, I'm relieved! I saw all that information about my former host, and nothing that referred directly to Lunarpages, and it scared me...I didn't even notice the update date...thanks a bunch!