Jump to content
Sign in to follow this  
PROGAME

Gmail's server blocked

Recommended Posts

OK, finally got a response from them;

26736[/snapback]

Hello,

Thanks for your report. We are aware of this problem, and our engineers

are working diligently to find a solution.

We apologize for any inconvenience this issue may have caused.

Sincerely,

The Gmail Team

Share this post


Link to post
Share on other sites
OK, finally got a response from them;

26736[/snapback]

26943[/snapback]

Yeah, I got that one too.

Edited by WisTex

Share this post


Link to post
Share on other sites
I hope you mean that you report the person who signed you up as the spammer, and not the mailing list owner.  Legitimate mailing list senders have a vested interest in preventing their list as being used as a spam attack.  Instead of alienating potential allies by reporting the wrong people, perhaps you should find out who really signed you up and go after them.  Otherwise the guilty go free and the innocent get punished.

26941[/snapback]

No. I mean if a list owner allows an address to be added to their list with no confirmation from the person controlling the address (via a confirmation which needs to be responded to), then they deserve to be listed. If adding my address to your list is possible, it is also just as easy for someone to add a spamtrap list to it, which will get you blocked immediately.

Yes, I could complain to the ISP, and if I had the IP address, I would also do that, but list ownership also requires being responsible. The list is the one that send unsolicited bulk email to my address, therefore, spammed me, and will be reported as such.

If it only happened to one address, your IP would not be blocklisted, as it requires multiple reports.

Share this post


Link to post
Share on other sites

Well, it sounds like an easy way to harass innocent people then. Just sign up with spamtrap e-mails. Even if they use a confirmation e-mail, they get banned immediately. Fair system, huh?

And getting back on topic, I was thinking about how Google could avoid being blacklisted.

What if their first received statement looked like this:

Received: from sender[at]gmail.com (x.x.x.x)

by gmail.com with HTTP; Thu, 21 Apr 2005 12:00:56 -0700 (PDT)

where sender[at]gmail.com is the accountholder's gmail e-mail address and x.x.x.x is the IP address of the computer the sender is using.

If they did that, the spammer's IP address would be available for banning. Would something like that solve the problem?

Share this post


Link to post
Share on other sites

spam trap email addresses are secret addresses that have never been used. The only way to get them is to run a 'spider' program that scapes them off the web. If the mailing list operator is on the ball, they will send a confirmation email to that address and not ever send anything else if there is no reply. The spam traps are set to recognize confirmation emails and ignore them.

I am not technically fluent, but I think that there is already a standard way of listing the IP address from which the emailer used the web mail. IIRC, Gmail was not using that accepted header line.

Miss Betsy

Share this post


Link to post
Share on other sites

That's good to hear that spam traps are configured to ignore one-time confirmation messages.

And looking at Gmail's headers, they do not look the same as everyone elses' which I think is the problem, and it also omits the senders IP address. The example I pasted above was one that was used in another web-based e-mail application that did track the senders IP address.

Share this post


Link to post
Share on other sites

Well, on one hand, it would be more anonymous, which in some cases is a good thing. On the other hand, your IP address is given to any website or server you visit on the internet out of necessity. There really is no hiding anyway, unless you go through great lengths to hide your identity.

Does anyone know if Yahoo! Mail or Hotmail identify the IP address of the sender in the header?

Share this post


Link to post
Share on other sites

i disagree

hiding my IP address means hiding some personal information about myself which i don't always wish to be known (my email can actually be treated differently if the receiver has something against Israel for example)

my IP address can also be used to spam me using the messenger service (if it's not shutdown) or using a direct connection instant messenger protocol, not to mention scan for holes and exploits (if i wasn't using a router and a software firewall...) and gather more personal information about me....use my IP address to report me using a fake abuse report (i did that once for a spammer, he wasn't using his IP address to send the spam, but i managed to find it and send a fake abuse report to make it look like he was - the ISP fell for that)

a hidden IP address is just as good to the spammers as to the rest of us

Edited by PROGAME

Share this post


Link to post
Share on other sites

I don't think its such a big issue, especially since most people don't know that the IP address of the sender is included in the header. If they were that smart, they would have probably found other ways to find out who you are already. Everytime you go on the internet, you leave your IP address all over the place.

I just checked, Yahoo! Mail identifies the IP address of the sender's computer in the headers. I don't have a hotmail account, but looking at hotmail headers for mail I received, it appears Hotmail also identifies the IP address of the sender's computer as well. The web-based e-mail software we use on our server (CMail Server) also identifies the IP address of the sender's computer in the header. It appears that Gmail is the only one who doesn't.

Edited by WisTex

Share this post


Link to post
Share on other sites

i am obviously to referring to most people and i am not talking about "all over the place", only where it is needed like in instant messaging programs. email is a common way to get someone's IP address either by planting a webbug in it (which Gmail blocks) or making the other side reply

since i am often targeted by stupid kids trying to take over my attractive ICQ account by scams and trojans i believe a hidden IP address is a blessing

too bad the spammers think so too

Share this post


Link to post
Share on other sites

There are clueless ISPs who shut down customers, without investigating the situation, based on one report. However, it is not a good business practice and those who are innocent will find another ISP quickly.

If the ISP wants to provide a service where the IP address of the email sender is hidden, then, in order to prevent being blocked by those who do not want spam, that ISP will have to respond quickly to reports of spam or its servers will be blocked, not just by spamcop, but by others who think that the sender should be responsible for controlling spam and for selecting a reliable ISP who knows how to handle spam reports.

AIUI, in this case Gmail did not respond or act on spam reports in a responsible way.

Also, isn't it much more effective to use firewalls against hackers than to hide one's IP address?

Miss Betsy

Share this post


Link to post
Share on other sites
my IP address can also be used to spam me using the messenger service (if it's not shutdown) or using a direct connection instant messenger protocol, not to mention scan for holes and exploits (if i wasn't using a router and a software firewall...) and gather more personal information about me....use my IP address to report me using a fake abuse report (i did that once for a spammer, he wasn't using his IP address to send the spam, but i managed to find it and send a fake abuse report to make it look like he was - the ISP fell for that)

a hidden IP address is just as good to the spammers as to the rest of us

27064[/snapback]

A lot of ifs.

If you have a Microsoft based operating system that can be spammed with the messenger service, it usually means that the spammer and unknown others have easy access to your system through many known exploits.

Shutting off the messenger service does not stop the serious exploits that receiving a messenger spam indicates are available. All that is done by shutting off the messenger service is to disable the most visible and harmless exploit of the set. This is documented in the Microsoft bulletin on the issue.

Only the use of a firewall will block the more serious exploits which include full access to your harddrive under the right conditions, and as a side effect it totally blocks the minor messenger spam exploit.

Since you are implying that you have a firewall, if it is properly configured, the onlything that shutting off the messenger service is doing is likley preventing you from being notified of remote printing jobs, assuming that you have a separate computer for spooling print jobs.

For anyone to make the claim that shutting off the messenger service is a solution to messenger spam is an indicator that they do not have enough of a background in computer security to even understand what is given away by activities over a network.

It is quite possible and even likely that gmail is encoding the originating IP in the headers and in a form that with only a little work a human could decipher. That seems to be a standard procedure for webmailers so that they do not have to depend on historical records to track a complaint.

It just apparently is not a format that spamcop.net knows how to decipher.

Gmail is aparrently going through a learning curve, and if they want their service to succeed, they will need to make it impossible for spammers to use it.

A search of news.admin.net-abuse.sightings will show what spam has been seen coming from google servers.

-John

Personal Opinion Only

Share this post


Link to post
Share on other sites

[at]Miss Betsy

yes you may be right, maybe google really should change the header or respond faster to spam reports

[at]WB8TYW

funny how 4 short words i gave no thought to allowed you to write 5 irrelevant paragraphs but hey... what ever does it for you...

Share this post


Link to post
Share on other sites

OK, apparently part of the data lost in the crash ... here we go again ... (thanks)

E-mail sent using an iBook ... OS-X 10.2.xxx Safari web browser / Apple Mail to send, OE in a Win-98SE machine to APOP the receiving HotMail account for both e-mails

HTTP results - GMail server identified

http://www.spamcop.net/sc?id=z757097821zc9...bd9c860b9a8caez

SMTP results - I get pegged (OK, IP was changed a bit <g>)

http://www.spamcop.net/sc?id=z757099670z9e...9adae5974094e6z

Share this post


Link to post
Share on other sites

I contacted Gmail and suggested they identify the IP address of the sender's computer in the header like most other web-based e-mail software / service providers. I even included examples based on their existing headers, and also an example from a web-based e-mail software that includes the IP address of the sender's computer. I also told them without that information, spamcop.net and other blacklists will blacklist their servers instead of the spammers because their IP address is listed at the originator of the spam.

I got a response back thanking me for my suggestion and saying they were forwarding it to the appropriate people. So it looks like they are seriously looking into the issue.

Share this post


Link to post
Share on other sites
No data found  :huh:

27136[/snapback]

If you are referring to the error message you sometimes get when viewing Gmail, then there is a simple explaination for it.

When viewing your Gmail inbox, it periodically queries the Gmail servers to see if you have new e-mail. It does this without you having to refresh your browser. If, for some reason, it cannot reach the Gmail servers, you get the error message "No data found." Refreshing your browser window will usually solve it, assuming your internet connection is still up.

Edited by WisTex

Share this post


Link to post
Share on other sites

He was referring to my post which pointed to a previous post in this Topic ... the Tracking URLs provided in the first post were part of the data lost in the crash ... that first post was edited, and the last post with new Tracking URLs started with this explanation ....

Share this post


Link to post
Share on other sites

So, in summary, GMail's "Received: by 10.54.62.18 with HTTP; Wed, 26 Apr 2005 19:04:30 -0700 (PDT)" Header Line contains no "from reverse-fqdn [iP Address]" clause, which is causing GMail's servers to be blamed for spam that they are allowing their customers to send. Hopefully, their admins will learn their lesson.

Share this post


Link to post
Share on other sites
So, in summary, GMail's "Received: by 10.54.62.18 with HTTP; Wed, 26 Apr 2005 19:04:30 -0700 (PDT)" Header Line contains no "from reverse-fqdn [iP Address]" clause, which is causing GMail's servers to be blamed for spam that they are allowing their customers to send.  Hopefully, their admins will learn their lesson.

27197[/snapback]

Yep.

Some web-based e-mail programs format their as "from email[at]address.com [iP Address]" instead of "from reverse-fqdn [iP Address]" like SMTP would. Would this be acceptable to SpamCop.net or would the IP of the web host get pinned for it still?

Example:

Received: from user[at]webmailservice.com(0.0.0.0) 
by mail.webmailservice.net with CMailServer 5.2 SMTP; Sun, 24 Apr 2005 21:51:56 -0500 

where user[at]webmailservice.com is the users e-mail address on the webmailservice, and 0.0.0.0 is the IP address of the sender's computer.

Would that be acceptable or should it be in another format?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×