Satoshi email analysis
- Here's a quick technical analysis of the email sent to the bitcoin-dev mailing list today at http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-August/010238.html
- The email was sent from an anonymous email provider called vistomail.com which gives the appearance of being out of service. However you can see the logins at https://webmail.vistomail.com/
- The vistomail servers are authorised to originate email by their IP address via the SPF DNS records . Satoshi used firstname.lastname@example.org when first announcing Bitcoin http://www.metzdowd.com/pipermail/cryptography/2009-January/014994.html
- From this you can safely conclude the email did originate from vistomail.com servers and was not spoofed. It does not prove the account was not hacked of course.
- Partial headers from the email:
- Received: from mail.vistomail.com (vistomail.com [126.96.36.199])
- by smtp1.linuxfoundation.org (Postfix) with ESMTP id 2175813F
- for <email@example.com>;
- Sat, 15 Aug 2015 19:00:05 +0000 (UTC)
- Received: from DS04 ([188.8.131.52]) by vistomail.com with MailEnable ESMTP;
- Sat, 15 Aug 2015 13:51:14 -0500
- DNS RECORDS FOLLOW:
- vistomail.com descriptive text "v=spf1 include:_spf.google.com ip4:184.108.40.206 ~all"
- vistomail.com has address 220.127.116.11
- vistomail.com mail is handled by 10 vistomail.com.
RAW Paste Data