Yep, those names do look bogus, don't they ? Not sure why.
The return address "says" it is from do_not_reply@eevblog.com
I would think that there are plenty of folks here that understand more than I do about this.
A partial part of the header says received from :
from [192.200.109.226] ([192.200.109.226:44348] helo=cpanel1.eevblog.com) by smtp14.gate.ord1d.rsapps.net (envelope-from <eevblog@eevblog.com>) (ecelerity 4.2.38.62370 r(
) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 98/18-16649-28E11A26; Wed, 08 Jun 2022 18:11:14 -0400
Doing a Trace Route I get...
C:\Users\boBWin10Fast>tracert 192.200.109.226
Tracing route to cpanel1.eevblog.com [192.200.109.226]
over a maximum of 30 hops:
1 2 ms 2 ms 2 ms router.asus.com [192.168.50.1]
2 22 ms 20 ms 17 ms 10.61.243.130
3 14 ms 24 ms 11 ms 24.153.84.237
4 9 ms 10 ms 9 ms 69.139.162.214
5 10 ms 10 ms 10 ms 69.139.160.245
6 10 ms 10 ms 12 ms 24.124.128.249
7 13 ms 12 ms 16 ms 24.124.128.122
8 11 ms 11 ms 10 ms be-36121-cs02.seattle.wa.ibone.comcast.net [68.86.93.5]
9 10 ms 11 ms 23 ms be-2201-pe01.seattle.wa.ibone.comcast.net [96.110.39.206]
10 * * * Request timed out.
11 20 ms 14 ms * port-channel4.core2.pdx1.he.net [184.105.64.138]
12 40 ms 39 ms * port-channel1.core2.slc1.he.net [184.105.80.114]
13 40 ms 39 ms 42 ms 100ge1-1.core1.slc1.he.net [184.105.80.113]
14 40 ms 40 ms 39 ms webnx-inc.100gigabitethernet0-25.switch2.slc1.he.net [64.71.130.42]
15 40 ms 41 ms 41 ms 104-250-156-210.static.gorillaservers.com [104.250.156.210]
16 41 ms 39 ms 41 ms cpanel1.eevblog.com [192.200.109.226]
Trace complete.
So, from this at least, it looks legit. I don't know how good people can spoof these days but I have a feeling this is correct.
gorillaservers.com was another name I saw when doing a whois on an IP in the header so that makes sense.
Comcast/xfinity is my internet provider here north of Seattle and those are the first several hops.
boB