1

In this SMTP Received: header:

Received: from mail.dgfip.finances.gouv.fr (bdmprod002-1.dgfip.finances.gouv.fr. [145.242.11.193]) by ... (truncation mine),

there are two "FQDNs" (maybe am I using a wrong appellation) for the sending server:

  • a FQDN (bdmprod002-1.dgfip.finances.gouv.fr.) tightly associated with the sending IP address
  • a "secondary" (not included in the parentheses) and different FQDN: mail.dgfip.finances.gouv.fr

For investigation purposes, I would like to know the correct appellations of these two FQDN-like names.

Some context: a relative of mines received a strange e-mail from the French government network. We fear that the potentially hacked server bdmprod002-1.dgfip.finances.gouv.fr. tries to masquerade as the legit governamental mail-sending server mail.dgfip.finances.gouv.fr, in a phishing attempt. With the correct appellations, I will be able to search more efficiently on the web.

Improve this question
1
  • bdmprod002-1.dgfip.finances.gouv.fr is the name registered to the IP address that connected to you to send the email. mail.dgfip.finances.gouv.fr is the friendly name claimed by the sender, which is also the MX host record for that domain. Commented 17 hours ago

1 Answer 1

Reset to default
3

Received headers are not really standardized but often follow the same premise. In your example

from mail.dgfip.finances.gouv.fr (bdmprod002-1.dgfip.finances.gouv.fr. [145.242.11.193]) by

  • mail.dgfip.finances.gouv.fr is the source MTA's HELO FQDN, the hostname the MTA identified itself with.
  • (bdmprod002-1.dgfip.finances.gouv.fr. [145.242.11.193]) is the source MTA's IP address preceeded by its reverse DNS hostname (PTR record). Most MXes confirm the rDNS name via forward resolution (A record) to detect forgery. The A record needs to show the original IP address (FCrDNS). Note that the HELO FQDN often doesn't match the PTR too closely.

MTA: SMTP client role (source)

MX: SMTP server role (destination)

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.