Am I correct that this email originated from Nigeria

Hi Scamwarners,
Just want to check that I am now correctly identifying the originating host, based on the fact I was previously scammed and have done research on your website, I now always look at the headers, and I just want to check that I am doing this correctly. I checked the very first received IP (Received: from [41.107.59.226] by web28515.mail.ukl.yahoo.com via HTTP; Wed, 14 Jul 2010 10:48:07 GMT) and it comes up as Nigeria. Am I doing this correctly?

If this is the case, its the third one I have identified through emails in the last week, but just want to be sure I am looking at the right thing.

Thankyou,
--------------------------------------------------------------------------------------------------------------------------

X-Apparently-To:
Return-Path: [email protected]
Received-SPF: none (mta1298.mail.mud.yahoo.com: domain of [email protected] does not designate permitted sender hosts)
X-YMailISG:
X-Originating-IP: [87.248.110.194]
Authentication-Results: mta1298.mail.mud.yahoo.com from=yahoo.fr; domainkeys=pass (ok); from=yahoo.fr; dkim=pass (ok)
Received: from 127.0.0.1 (HELO web28515.mail.ukl.yahoo.com) (87.248.110.194) by mta1298.mail.mud.yahoo.com with SMTP; Wed, 14 Jul 2010 03:48:09 -0700
Received: (qmail 89958 invoked by uid 60001); 14 Jul 2010 10:48:07 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.fr; s=s1024; t=1279104487; bh=MHfFc2r6Pb4gjfCyuDmBYc/k33cGeP5oZoWtvhobvTw=; h=Message-ID:X-YMail-OSG:Received:X-RocketSRV:X-Mailer:Date:From:Subject:To:Cc:MIME-Version:Content-Type; b=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.fr; h=Message-ID:X-YMail-OSG:Received:X-RocketSRV:X-Mailer:Date:From:Subject:To:Cc:MIME-Version:Content-Type; b=
Message-ID: <[email protected]>
X-YMail-OSG:
Received: from [41.107.59.226] by web28515.mail.ukl.yahoo.com via HTTP;
Wed, 14 Jul 2010 10:48:07 GMT
X-Mailer: YahooMailRC/420.4 YahooMailWebService/0.8.104.276605
Date: Wed, 14 Jul 2010 10:48:07 +0000 (GMT)
From: This sender is DomainKeys verified
Eddine R <[email protected]>
Add sender to Contacts

Subject: test
To:
Cc: [email protected]
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1900373931-1279104487=:89064"
Content-Length: 23882

Tidied header by removing domain keys - Ralph

Hi Great 26day, welcome to Scamwarners.

I tidied up the header you posted a little just to prevent it from blowing out the screen on some computers and to make it easier to see the good bits, it makes no difference to any IP look ups or IP extractors you may use.

When reading a header always look from the bottom up and look for something like this "Received: from [41.107.59.226]" that is the IP the email came from, you where right there.

I have put that IP into an IP tool and I get 41.107.59.226 Algeria (Maghnia)* and not nigeria.

Of course, the Algerian IP does not mean that its not a scam but there may be other factors to look at to know if it is.

If you have more questions please ask

Hello Great26day.
Ralph has given a good explanation. Does not matter which Header analysis tool is used, they all perform well.
Usually, the last ip number is the originating IP. The ip number in this case leads us to Maghnia, (formerly Marnia) a town in northwestern Algeria, near the border with Morocco.