It happens that David W. Hodgins formulated :
> On Fri, 29 Aug 2014 09:59:56 -0400, FromTheRafters 
>  wrote:
>
>> Virus Guy presented the following explanation :
>>> 216.218.133.250 = qtn1a-out-s6.mail.zscaler.net
>>> How can you not see zscaler in that?
>
>> http://216.218.133.250.ipaddress.com/
>> *Not* zscaler. Not then, and not now.
>
> That info is from a whois lookup, which only tells you which isp owns
> the ip address, not who is using it.

Or abusing it?

> [dave@x3 ~]$ host 216.218.133.250
> 250.133.218.216.in-addr.arpa is an alias for 
> 250.192-26.133.218.216.in-addr.arpa.
> 250.192-26.133.218.216.in-addr.arpa domain name pointer 
> qtn1a-out-s6.mail.zscaler.net.
> [dave@x3 ~]$ host qtn1a-out-s6.mail.zscaler.net
> qtn1a-out-s6.mail.zscaler.net has address 216.218.133.250
>
> For a change, I have to actually agree with Virus Guy.
>
> Regards, Dave Hodgins

So, you're saying that the entire "Received: " header is legitimate and 
zscaler was indeed spamming?

I'm saying that the IP# in the square brackets is legitimate - and one 
has to work back from there to see where it goes afoul - if it does 
indeed go afoul.

In your opinion, just how much of an e-mail header can be trusted to 
have no bogus information?


--- NewsGate v1.0 gamma 2