Need to know when this E-mail was Sent.
November 12, 2010 2:43 PM
What does this header say? When was this E-mail sent?
I was served two days late via E-mail in one of my cases. I'd love to knock this guy out of the game right now. I've read past E-mail header questions and they were greek to me.
What does this header say? When was this E-mail sent?
Received: (qmail 26527 invoked from network); 12 Nov 2010 06:52:25 -0000
Received: from unknown (HELO p3pismtp01-010.prod.phx3.secureserver.net) ([10.6.12.10])
(envelope-sender)
by p3plsmtp03-04.prod.phx3.secureserver.net (qmail-1.03) with SMTP
for; 12 Nov 2010 06:52:25 -0000
Received: from nm4-vm1.bullet.mail.sp2.yahoo.com ([98.139.91.191])
by p3pismtp01-010.prod.phx3.secureserver.net with SMTP; 11 Nov 2010 23:52:25 -0700
Received: from [98.139.91.70] by nm4.bullet.mail.sp2.yahoo.com with NNFMP; 10 Nov 2010 17:33:58 -0000
Received: from [98.139.91.50] by tm10.bullet.mail.sp2.yahoo.com with NNFMP; 10 Nov 2010 17:33:58 -0000
Received: from [127.0.0.1] by omp1050.mail.sp2.yahoo.com with NNFMP; 10 Nov 2010 17:33:58 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 553181.33507.bm@omp1050.mail.sp2.yahoo.com
Received: (qmail 86653 invoked by uid 60001); 10 Nov 2010 17:33:57 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1289410437; bh=7ZTFjH/1wiyvkDYnIDTfrVr8VQ6Y15ERJgX4dU5IWtY=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=AgAIaChMBYERRnzb9m5XjsqArRP09/kKlP4SjX8JYFiNNY+mSlR92TkTbsrEANgdBiZXaXXgPQ9HfcXMRCnOaJ/37FZz9bJgVdmdysmQ5ElsIFP+p/9AvMSg265uLKY9irAjraUQJSzrndgyD/YHGRQ0jDuXbWY6smXicoTxHqQ=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type;
b=T2YePXVAz3fqeLzsvL2/i3hhBVJcv58Uos+V0er0J8A9qSt2IN5K51DZyXQdYX8C8WRUwxfQsqzIPd6ecl8J2x5Ea89UwoBURBKInAZmJDX+2LIdHKLAicNt2pnRd7UdFV2OZoqW1W4ojpSe/TY2LjHh9nVj3Wp3SwfZ6vVjWFk=;
Message-ID: <4>
X-YMail-OSG: 1Ue7_1YVM1lpVojOW0SBye6HDkKwspyYtOhII4_aurH6XfB
m9qaHihw0LNxesHOGgqN05zE.09B9q55MaghQ9zkCnHmGioFaItR_NB.wBFJ
6u56hWll8uJQxvC6.ovm3h2ijIN0dCXKG_nZwFpCg3pd53eMjzRlWhxIuWqA
Ey8iX9iF1YvPeetDx.pLnPqGQVhdLND.OH8STozD4O0cCkZHsEmHVNqSpd1W
brN.Of0tYq5Cn9YNvqfNbVbcK_NYsJ03jSAY7ul4i1uzlzUMAVbeodhpHqR_
oizgG49fO37EH75msFwGtJd1zhZrDmW9Es0vA6dtr0Mufqoj1pmTS63bfPAn
vQAicVhZykK5UfgoKn15kUnwOfteCxPGMRb4-
Received: from [70.21.2.86] by web112106.mail.gq1.yahoo.com via HTTP; Wed, 10 Nov 2010 09:33:57 PST
X-Mailer: YahooMailRC/504.5 YahooMailWebService/0.8.107.285259
References: <0>
Date: Wed, 10 Nov 2010 09:33:57 -0800 (PST)
From: xxxxx
Subject: xxxxxxx
To: XXXX>
In-Reply-To: <0>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1905103839-1289410437=:85203"
X-Nonspam: None
Did this guy set his clock back? Why was this delayed two days? I could file for dismissal if he missed the deadline. The properties on the Word file attached seem to say it was sent on Wed.
Thanks.
I was served two days late via E-mail in one of my cases. I'd love to knock this guy out of the game right now. I've read past E-mail header questions and they were greek to me.
What does this header say? When was this E-mail sent?
Received: (qmail 26527 invoked from network); 12 Nov 2010 06:52:25 -0000
Received: from unknown (HELO p3pismtp01-010.prod.phx3.secureserver.net) ([10.6.12.10])
(envelope-sender
by p3plsmtp03-04.prod.phx3.secureserver.net (qmail-1.03) with SMTP
for
Received: from nm4-vm1.bullet.mail.sp2.yahoo.com ([98.139.91.191])
by p3pismtp01-010.prod.phx3.secureserver.net with SMTP; 11 Nov 2010 23:52:25 -0700
Received: from [98.139.91.70] by nm4.bullet.mail.sp2.yahoo.com with NNFMP; 10 Nov 2010 17:33:58 -0000
Received: from [98.139.91.50] by tm10.bullet.mail.sp2.yahoo.com with NNFMP; 10 Nov 2010 17:33:58 -0000
Received: from [127.0.0.1] by omp1050.mail.sp2.yahoo.com with NNFMP; 10 Nov 2010 17:33:58 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 553181.33507.bm@omp1050.mail.sp2.yahoo.com
Received: (qmail 86653 invoked by uid 60001); 10 Nov 2010 17:33:57 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1289410437; bh=7ZTFjH/1wiyvkDYnIDTfrVr8VQ6Y15ERJgX4dU5IWtY=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=AgAIaChMBYERRnzb9m5XjsqArRP09/kKlP4SjX8JYFiNNY+mSlR92TkTbsrEANgdBiZXaXXgPQ9HfcXMRCnOaJ/37FZz9bJgVdmdysmQ5ElsIFP+p/9AvMSg265uLKY9irAjraUQJSzrndgyD/YHGRQ0jDuXbWY6smXicoTxHqQ=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type;
b=T2YePXVAz3fqeLzsvL2/i3hhBVJcv58Uos+V0er0J8A9qSt2IN5K51DZyXQdYX8C8WRUwxfQsqzIPd6ecl8J2x5Ea89UwoBURBKInAZmJDX+2LIdHKLAicNt2pnRd7UdFV2OZoqW1W4ojpSe/TY2LjHh9nVj3Wp3SwfZ6vVjWFk=;
Message-ID: <4>
X-YMail-OSG: 1Ue7_1YVM1lpVojOW0SBye6HDkKwspyYtOhII4_aurH6XfB
m9qaHihw0LNxesHOGgqN05zE.09B9q55MaghQ9zkCnHmGioFaItR_NB.wBFJ
6u56hWll8uJQxvC6.ovm3h2ijIN0dCXKG_nZwFpCg3pd53eMjzRlWhxIuWqA
Ey8iX9iF1YvPeetDx.pLnPqGQVhdLND.OH8STozD4O0cCkZHsEmHVNqSpd1W
brN.Of0tYq5Cn9YNvqfNbVbcK_NYsJ03jSAY7ul4i1uzlzUMAVbeodhpHqR_
oizgG49fO37EH75msFwGtJd1zhZrDmW9Es0vA6dtr0Mufqoj1pmTS63bfPAn
vQAicVhZykK5UfgoKn15kUnwOfteCxPGMRb4-
Received: from [70.21.2.86] by web112106.mail.gq1.yahoo.com via HTTP; Wed, 10 Nov 2010 09:33:57 PST
X-Mailer: YahooMailRC/504.5 YahooMailWebService/0.8.107.285259
References: <0>
Date: Wed, 10 Nov 2010 09:33:57 -0800 (PST)
From: xxxxx
Subject: xxxxxxx
To: XXXX>
In-Reply-To: <0>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1905103839-1289410437=:85203"
X-Nonspam: None
Did this guy set his clock back? Why was this delayed two days? I could file for dismissal if he missed the deadline. The properties on the Word file attached seem to say it was sent on Wed.
Thanks.
It looks to me like he sent it on Wednesday, then it bounced around a few internal Yahoo mailservers, then the last of these held it up for a while for some reason before sending it on to you:
He didn't just set his clock back, because the headers from the Yahoo servers show it being received on Wednesday too. Headers can be spoofed without too much difficulty and there is no guarantee that they are accurate, but faking them would be more involved than just setting the system to the wrong time.
You may know this, but "12 Nov 2010 06:52:25 -0000" and "11 Nov 2010 23:52:25 -0700" are the same time -- the last four digits indicate how the rest of the time is offset from GMT, so these servers are in different time zones but they are each talking about the same actual moment in time.
I'm not an expert, just a guy who has dealt with mailservers now and then.
posted by enn at 2:55 PM on November 12, 2010
Received: from nm4-vm1.bullet.mail.sp2.yahoo.com ([98.139.91.191])
by p3pismtp01-010.prod.phx3.secureserver.net with SMTP; 11 Nov 2010 23:52:25 -0700
Received: from [98.139.91.70] by nm4.bullet.mail.sp2.yahoo.com with NNFMP; 10 Nov 2010 17:33:58 -0000He didn't just set his clock back, because the headers from the Yahoo servers show it being received on Wednesday too. Headers can be spoofed without too much difficulty and there is no guarantee that they are accurate, but faking them would be more involved than just setting the system to the wrong time.
You may know this, but "12 Nov 2010 06:52:25 -0000" and "11 Nov 2010 23:52:25 -0700" are the same time -- the last four digits indicate how the rest of the time is offset from GMT, so these servers are in different time zones but they are each talking about the same actual moment in time.
I'm not an expert, just a guy who has dealt with mailservers now and then.
posted by enn at 2:55 PM on November 12, 2010
It appears that for some reason it took two days to get from Yahoos mail server to your mail server. Smtp does not guarantee speedy delivery, nor does it actually guarantee delivery, but that it will do is keep trying for a while.
The user changing his or her clock on his or her computer would not effect the yahoo servers
nm4.bullet.mail.sp2.yahoo.com, tm10.bullet.mail.sp2.yahoo.com.
posted by digividal at 2:58 PM on November 12, 2010
The user changing his or her clock on his or her computer would not effect the yahoo servers
nm4.bullet.mail.sp2.yahoo.com, tm10.bullet.mail.sp2.yahoo.com.
posted by digividal at 2:58 PM on November 12, 2010
Looks like it was sent on Wednesday, November 10th via Yahoo webmail.
It bounced around yahoo for a while, then got delayed on the handoff between yahoo and secureserver.net. If the headers are untampered with, it's not possible to know whether yahoo failed to send, or secureserver failed to receive, or a combination of the two. By that I mean, yahoo could have gotten busy and not attempted to deliver, or secureserver could have gotten busy and refused to accept the mail, or might have been in the process of switching MX (mail server) records and it took a few delays until they straightened out again.
Did he set his clock back? Very unlikely. If that mail was sent via regular means his local clock wouldn't have a bearing on the timestamps for those first few hops.
Did he fake out those yahoo headers? It's possible. ** If ** (and it's a big if) he could originate the email from the machine that claims to be nm4-vm1.bullet.mail.sp2.yahoo.com ([98.139.91.191]) he could fake all the received headers up until that point (perhaps using an earlier mail as a template). Not knowing the individual I don't know whether or not that's reasonable or likely. If he or his colleagues have non-typical knowledgeable (not "expert", just the sort of thing that your regular webmail user doesn't know) about mail routing then it might be
Godaddy and others resell secureserver.net mail services, so they're a moderately big player. Yahoo is bigger. Between the two I'd suspect it's SS who delayed the mail.
My cursory glance suggests this: for some unknown reason secureserver.net got overloaded or had a transient configuration problem and didn't process mail prompty for a couple of days.
posted by devbrain at 2:58 PM on November 12, 2010
It bounced around yahoo for a while, then got delayed on the handoff between yahoo and secureserver.net. If the headers are untampered with, it's not possible to know whether yahoo failed to send, or secureserver failed to receive, or a combination of the two. By that I mean, yahoo could have gotten busy and not attempted to deliver, or secureserver could have gotten busy and refused to accept the mail, or might have been in the process of switching MX (mail server) records and it took a few delays until they straightened out again.
Did he set his clock back? Very unlikely. If that mail was sent via regular means his local clock wouldn't have a bearing on the timestamps for those first few hops.
Did he fake out those yahoo headers? It's possible. ** If ** (and it's a big if) he could originate the email from the machine that claims to be nm4-vm1.bullet.mail.sp2.yahoo.com ([98.139.91.191]) he could fake all the received headers up until that point (perhaps using an earlier mail as a template). Not knowing the individual I don't know whether or not that's reasonable or likely. If he or his colleagues have non-typical knowledgeable (not "expert", just the sort of thing that your regular webmail user doesn't know) about mail routing then it might be
Godaddy and others resell secureserver.net mail services, so they're a moderately big player. Yahoo is bigger. Between the two I'd suspect it's SS who delayed the mail.
My cursory glance suggests this: for some unknown reason secureserver.net got overloaded or had a transient configuration problem and didn't process mail prompty for a couple of days.
posted by devbrain at 2:58 PM on November 12, 2010
It looks like it was legitimately sent on November 10 around 9:33 AM Pacific time. Even the Yahoo DomainKeys signature matches this time (t = 1289410437 means Wed Nov 10 2010 18:33:57 GMT+0100), and this header is added by Yahoo itself and therefore wouldn't depend on the local user's clock (and even if the user somehow tried to forge headers, it's extremely unlikely that they would think of trying to forge a DomainKeys header with the correct epoch value anyway).
It looks like an issue with secureserver.net, which I assume is your mail host; if I'm reading the headers correctly, it looks like your mail server even bounced it back to Yahoo one time before it came back to you again a day later.
posted by helios at 2:59 PM on November 12, 2010
It looks like an issue with secureserver.net, which I assume is your mail host; if I'm reading the headers correctly, it looks like your mail server even bounced it back to Yahoo one time before it came back to you again a day later.
posted by helios at 2:59 PM on November 12, 2010
I agree that the headers do not obviously look fake. Typically a sending mail server will retry every 4 hours if it can't make a connection, for up to a week. I humbly suggest that your mail server was not accepting connections for 36 hours due to configuration or capacity issues, or that Yahoo could not connect due to a problem with your mail server's DNS. You should consult with your IT department.
posted by miyabo at 3:05 PM on November 12, 2010
posted by miyabo at 3:05 PM on November 12, 2010
There's a great, free tool that parses email headers out to a more readable format.
http://www.mxtoolbox.com/Public/Tools/EmailHeaders.aspx
posted by msbutah at 3:06 PM on November 12, 2010
http://www.mxtoolbox.com/Public/Tools/EmailHeaders.aspx
posted by msbutah at 3:06 PM on November 12, 2010
Even if the Date: line could be changed by turning back your system clock, that wouldn't affect any of the Received: lines; those are all created by the various servers the email passes through & can generally be trusted to be accurate. Unless he's a fairly accomplished hacker or has a friend who's an admin at Yahoo those're not trivial to forge these days what with all the open SMTP servers having long ago been hunted into extinction by spammers. Like everybody else says, it looks like there was a snag somewhere along the way & the email sat around a while before being delivered.
posted by scalefree at 3:56 PM on November 12, 2010
posted by scalefree at 3:56 PM on November 12, 2010
As an aside, double-check whether he is even *allowed* to serve you via email. In many jurisdictions, email is not a valid means of service.
Even if he sent it Wednesday, you didn't receive it within the time limits, if I read your question correctly. If email is valid for service, check the rules about when a message is deemed to be received. For example, things sent by post are in some sets of rules deemed to be received within 7 days of sending.
A technicality like this may not save you if the judge (?) finds you suffered no prejudice from service two days late in any event.
posted by Pomo at 5:35 PM on November 12, 2010
Even if he sent it Wednesday, you didn't receive it within the time limits, if I read your question correctly. If email is valid for service, check the rules about when a message is deemed to be received. For example, things sent by post are in some sets of rules deemed to be received within 7 days of sending.
A technicality like this may not save you if the judge (?) finds you suffered no prejudice from service two days late in any event.
posted by Pomo at 5:35 PM on November 12, 2010
This thread is closed to new comments.
When reading these the bottom most "Received" header is usually the first. For some reason it took a day to get from yahoo to
posted by bitdamaged at 2:53 PM on November 12, 2010