Spamcop blocked e-mail, but only when at Starbucks

[gsimmons]

I'm a mobile user, and one of my customer's ISP is using SpamCop.

The funky thing is, I can send e-mail all day long from my home DSL using outgoing.verizon.net as the SMTP, and from several remote locations. However, when I take my laptop to Starbuck's and send e-mail USING THE SAME SMTP (Outlook settings), SpamCop blocks e-mail going to that customer.

Understand that the ISP's I use have NOTHING to do with my e-mail service. It's a corporate e-mail service, and I have no control over it (verizon is hosting our company.)

But, for some reason, Spamcop appears to be looking at HOW I get to outgoing.verizon.net.

Does this make ANY sense? Why would it do this?

[gsimmons]

I may not have included enough information. (Been reading! )

The e-mails bounced back to me when I'm in a Starbuck's (T-mobile HotSpot,) are

all referencing an IP of 208.54.142.1 which resolves to m018e36d0.tmodns.net.

A traceroute to said machine gets into the bowls of t-mobile.com before looping (T-mobile used to be VoiceStream and traceroute gets stuck at voicestream1-gw.customer.alter.net.)

Any help?

[turetzsr]

Hi, gsimmons,

...IIUC, since your e-mail is likely to take different routes depending on where you are when you send, your experience is not totally surprising.

...You may want to take a look at SpamCop checkblock [iP address 208.54.142.1] .

[Miss Betsy]

I am not technically fluent, but looking that up in the spamcop bl shows a lot of spam coming from it.

In another thread there was something about a Laptop virus, I think. Unexplained blocking usually is due to a virus, though it might not be on your computer unless that is always your IP address on your laptop.

Don't give up. The real gurus weren't around this afternoon and now that they have an IP address will get right on it as soon as they do!

Miss Betsy

[Merlyn]

I may not have included enough information. (Been reading!  )

The e-mails bounced back to me when I'm in a Starbuck's (T-mobile HotSpot,) are

all referencing an IP of 208.54.142.1 which resolves to m018e36d0.tmodns.net.

A traceroute to said machine gets into the bowls of t-mobile.com before looping (T-mobile used to be VoiceStream and traceroute gets stuck at voicestream1-gw.customer.alter.net.)

Any help?

Thats a TMobile IP. Are you running a mail server on your laptop? When you send mail it should have the IP of your provider not the IP you connect with on your laptop unless you are running your own mail server.

[Ellen]

Well if it's 208.54.142.1 that is a tmobile IP and it is one used at/with Starbucks and it is listed or gets listed a bunch because there is spam being sent thru it. Whether some spammer is paying $30/mth or whatever to send the spam or various people with compromised machines are sitting around at Starbucks drinking coffee I have no idea. The most recent hits do look like someone with a compromised machine ...

[gsimmons]

You guys are on the right track!!

No, I am not running a mailserver on my laptop, just an e-mail client - Outlook.

SMTP is outgoing.verizon.net, so why is SpamCop complaining about a T-mobile IP?

Also, remember if I leave Starbuck's and go someplace else, everything works fine.

I don't understand all the nuances about SMTP, but I thought that a mail client just connected to the SMTP with a TCP session, just like any other application. If SpamCop were to complain about an e-mail sending location, I would have expected it to complain about Verizon not T-mobile.

Does SpamCop care about "How" I connect to a SMTP server? (Internet Hops and such?)

[gsimmons]

One other thing I failed to mention (shame ) is that I called and talked to T-mobile Customer Service - just trying to verify that 208.54.142.1 was, in fact, a T-mobile IP router.

The Customer Service gal I talked to said that they were having problems e-mailing certain customers for the very same reason! She forwarded me to a level 2 tech, and he said that the problem was under investigation by their engineering staff, and that they were hoping to have a resolution soon.

Interesting....

(They may be calling you soon!)

[WB8TYW]

No, I am not running a mailserver on my laptop, just an e-mail client - Outlook.

If you are not running a software firewall on a wireless connection, you may have all sorts of things running on your machine that you do not know about.

But realistically if it were something on your notebook you would be seeing the rejections from everywhere.

If you do not have a software firewall, get one. Your company security policy should require it, and also require a VPN to make sure that your business is secure.

This also would mean that only your company's I.P. addresses would be assocated with your e-mail, not starbucks.

If your company I.T. network or security people do not know these things, either get them educated or outsource things to someone that does. Otherwise you could be sharing your information with your competitors.

Now usually a mail server only blocks based on the last I.P. address that it got the e-mail from, so if you are being rejected, it would indicate that instead of mailing through your mail server, you were mailing through a third pary.

How is that possible? Easy. Your computer is likely configured to pick up it's settings from what ever mobile network it is in range. It needs to be in order to use the Starbucks lan to connect to the Internet.

This can also result in your e-mail being redirected to their mail server instead of your own.

What is likely is that your e-mail program knows to send e-mail to a server known as "MAIL". And to add the rest of the name from what ever network you are connected to at the time. So if you are in an area served by example.com, and they had a mail server that would respond to mail.example.com, your outgoing mail would go through it, and as long as others accepted mail from it, you would never know. And the domain name of the mail server does not have to match your company name.

So when you are in example.net, your mail would go through example.net.

A mail server can have many names, and it is common to have them answer to the alias mail for incomming connections.

Also a router or other network equipment can redirect your e-mail from a server that you specify to one that is the proxy for the network.

I strongly recommend that your company change to using VPNs so that you are not at the mercy of what ever settings happen to be in place where you are sending mail from. With a VPN (Virtual Private Network), you are connected to your company network in a secure (if set up right) method, and to the rest of the internet, you appear to be at the company office.

-John

Personal Opinion Only

[gsimmons]

Yes, I am running a SW firewall. In fact, my laptop is an Apple Powerbook G4, meaning it's ALOT more immune to viruses, adware, spyware, etc, just by it's very nature.

As var as VPN's, you might have missed the point about Verizon Hosting our company's web and e-mail service. We're a small company of less than 25 people in 4 locations, and we don't even have a server in any of those locations - we haven't needed it. So, a VPN connection doesn't make sense.

I was on a corporate VPN in a previous life, and your right it does make things easier - sometimes.

As far as your points about the computer picking up settings from a wireless network - for me DHCP is only picking up IP address, Gateway, Subnet mask, and DNS information; not anything releated to E-mail. In fact, I know DHCP can serve Windows networking information like a WINS Server address, but I don't think it has provisions for configuring e-mail clients; at least not yet. Boy! that could be REALLY ugly!

Unless I don't understand something about SMTP, its really not possible for me to be e-mailing though a 3rd party, only when I'm at a T-mobile HotSpot. I also confirmed with T-mobile that they provide NO e-mail services whatsoever.

And as var as aliasing, outgoing.verizon.net maps directly to a Verizon SMTP server and not somewhere unknown - AND it's not related to T-mobile, who's suspect IP address was reported by SpamCop.

[gsimmons]

I have a question:

I'm using Outlook 2000 for my e-mail client. When I get a bounce back from SpamCop, I'd like to examine the envelope information (Headers) of the bounced e-mail to see where it went before it hit my customer's ISP's e-mail server w/SpamCop.

This is easy to do with Unix based e-mail clients, but Outlook seems to mangle all this information.

Does anyone know how to examine this using Outlook?

[WB8TYW]

If you are not using encryption on your e-mail, everyone at the same wireless spot can easily read your outgoing e-mail, and anything that you download.

It is possible for a wireless spot to have a proxy server/firewall which will redirect things.

It is also probably possible for someone to hijack your DHCP settings which means that they can redirect everything through their machine.

And you do not want to know how many times I have had an ISP insist that they were not doing something that I could easily prove they are doing. And this "misunderstanding" was maintained for several escalation levels until I reached someone who actually knew what they were doing, and knew that I could easily prove it. In one case, I was told that they the reason they did not tell people the truth was that most of their customers could not handle the reasons for why they did it, and would make a big fuss about it.

To really see what is going on, the complete bounce message would be needed.

Outlook (not outlook express) puts the headers under "PROPERTIES". It should just verify what server generated the bounce message.

If the client you are trying to reach has their mail server configured nice, it will generate a reject code, and then the mail server that you used to actually send the message will generate the bounce.

The bounced message should be an attachment, which if you save, rename to what your platform thinks is a text file, will contain the headers that tell how it got from your machine to the one that rejected the message.

-John

Personal Opinion Only

[Mikey]

gsimmons,

This is an explanation of how to get your information in Outlook 2000:

http://www.spamcop.net/fom-serve/cache/122.html

Oddly enough, its much easier to get the whole thing in Outlook Express than it is in Outlook. Its a pain in the shorts. At the bottom of that page you'll see some third-party add-ons that might help. I haven't tried any of them.

In Outlook express its just right-click/properties/Details/Message Source/CTRL-A/CTRL-C and you're done.

Its a bit easier in Mozilla and Firebird (http://www.mozilla.org) you just do CTRL-U/CTRL-A/CTRL-C. The mouse doesn't work though, been a bug for the last four versions....

[Merlyn]

In Outlook express its just right-click/properties/Details/Message Source/CTRL-A/CTRL-C and you're done.

CTRL-F3/CTRL-A/CTRL-C Does the same thing :-)

[Mikey]

Ah... true, grasshopper...BUT....

At least on my machine, F3 only appears to work if the message is open (i.e. you are viewing it). If you are just highlighting the message in the list (say your inbox) it doesn't appear to work. Not a problem if you trust an E-mail enough to view it. If it looks suspiciously funky, I like to open it in properties view first.

But that is a good tip, I never knew about CTRL-F3. See, you learn something every day out here.....

Thanks Old Bean.

[scutterbup]

I use wireless hotspots often, but I open an ssh tunnel to port 25, and send mail that way. Mail is encrypted, no port 25 redirect, voila.

[gsimmons]

Well, Mikey you were right about Outlook 2000 not saving header information. The suggestion to look at PROPERTIES yeilded only Outlook junk and not the actual e-mail headers with routing information. Bummer.

The intersting thing is that the bounce I got back from Spamcop had 2 attachments, the e-mail in Outlook form, and one labeled ATT00002.dat. This file had the actual responses from SpamCop.

The diagnostic code you were looking for is SMTP; 553, 5.3.0 <recipient> Message rejected.

Maybe I'll try sending an e-mail from Starbuck's to my customer from a different e-mail client, one that I can see the relay information.