Gmail's server blocked

[Wazoo]

OK, finally got a response from them;

26736[/snapback]

Hello,

Thanks for your report. We are aware of this problem, and our engineers

are working diligently to find a solution.

We apologize for any inconvenience this issue may have caused.

Sincerely,

The Gmail Team

[WisTex]

OK, finally got a response from them;

26736[/snapback]

26943[/snapback]

Yeah, I got that one too.

[StevenUnderwood]

I hope you mean that you report the person who signed you up as the spammer, and not the mailing list owner.  Legitimate mailing list senders have a vested interest in preventing their list as being used as a spam attack.  Instead of alienating potential allies by reporting the wrong people, perhaps you should find out who really signed you up and go after them.  Otherwise the guilty go free and the innocent get punished.

26941[/snapback]

No. I mean if a list owner allows an address to be added to their list with no confirmation from the person controlling the address (via a confirmation which needs to be responded to), then they deserve to be listed. If adding my address to your list is possible, it is also just as easy for someone to add a spamtrap list to it, which will get you blocked immediately.

Yes, I could complain to the ISP, and if I had the IP address, I would also do that, but list ownership also requires being responsible. The list is the one that send unsolicited bulk email to my address, therefore, spammed me, and will be reported as such.

If it only happened to one address, your IP would not be blocklisted, as it requires multiple reports.

[WisTex]

Well, it sounds like an easy way to harass innocent people then. Just sign up with spamtrap e-mails. Even if they use a confirmation e-mail, they get banned immediately. Fair system, huh?

And getting back on topic, I was thinking about how Google could avoid being blacklisted.

What if their first received statement looked like this:

Received: from sender[at]gmail.com (x.x.x.x)

by gmail.com with HTTP; Thu, 21 Apr 2005 12:00:56 -0700 (PDT)

where sender[at]gmail.com is the accountholder's gmail e-mail address and x.x.x.x is the IP address of the computer the sender is using.

If they did that, the spammer's IP address would be available for banning. Would something like that solve the problem?

[Miss Betsy]

spam trap email addresses are secret addresses that have never been used. The only way to get them is to run a 'spider' program that scapes them off the web. If the mailing list operator is on the ball, they will send a confirmation email to that address and not ever send anything else if there is no reply. The spam traps are set to recognize confirmation emails and ignore them.

I am not technically fluent, but I think that there is already a standard way of listing the IP address from which the emailer used the web mail. IIRC, Gmail was not using that accepted header line.

Miss Betsy

[WisTex]

That's good to hear that spam traps are configured to ignore one-time confirmation messages.

And looking at Gmail's headers, they do not look the same as everyone elses' which I think is the problem, and it also omits the senders IP address. The example I pasted above was one that was used in another web-based e-mail application that did track the senders IP address.

[PROGAME]

a webmail that keeps its users's ip addresses hidden is more secure

i hope it won't change

[StevenUnderwood]

How do you consider it more secure?

[dra007]

The only security it gives is to spammers, makeing it harder to track them down!

[WisTex]

Well, on one hand, it would be more anonymous, which in some cases is a good thing. On the other hand, your IP address is given to any website or server you visit on the internet out of necessity. There really is no hiding anyway, unless you go through great lengths to hide your identity.

Does anyone know if Yahoo! Mail or Hotmail identify the IP address of the sender in the header?

[PROGAME]

i disagree

hiding my IP address means hiding some personal information about myself which i don't always wish to be known (my email can actually be treated differently if the receiver has something against Israel for example)

my IP address can also be used to spam me using the messenger service (if it's not shutdown) or using a direct connection instant messenger protocol, not to mention scan for holes and exploits (if i wasn't using a router and a software firewall...) and gather more personal information about me....use my IP address to report me using a fake abuse report (i did that once for a spammer, he wasn't using his IP address to send the spam, but i managed to find it and send a fake abuse report to make it look like he was - the ISP fell for that)

a hidden IP address is just as good to the spammers as to the rest of us

[WisTex]

I don't think its such a big issue, especially since most people don't know that the IP address of the sender is included in the header. If they were that smart, they would have probably found other ways to find out who you are already. Everytime you go on the internet, you leave your IP address all over the place.

I just checked, Yahoo! Mail identifies the IP address of the sender's computer in the headers. I don't have a hotmail account, but looking at hotmail headers for mail I received, it appears Hotmail also identifies the IP address of the sender's computer as well. The web-based e-mail software we use on our server (CMail Server) also identifies the IP address of the sender's computer in the header. It appears that Gmail is the only one who doesn't.

[PROGAME]

i am obviously to referring to most people and i am not talking about "all over the place", only where it is needed like in instant messaging programs. email is a common way to get someone's IP address either by planting a webbug in it (which Gmail blocks) or making the other side reply

since i am often targeted by stupid kids trying to take over my attractive ICQ account by scams and trojans i believe a hidden IP address is a blessing

too bad the spammers think so too

[Miss Betsy]

There are clueless ISPs who shut down customers, without investigating the situation, based on one report. However, it is not a good business practice and those who are innocent will find another ISP quickly.

If the ISP wants to provide a service where the IP address of the email sender is hidden, then, in order to prevent being blocked by those who do not want spam, that ISP will have to respond quickly to reports of spam or its servers will be blocked, not just by spamcop, but by others who think that the sender should be responsible for controlling spam and for selecting a reliable ISP who knows how to handle spam reports.

AIUI, in this case Gmail did not respond or act on spam reports in a responsible way.

Also, isn't it much more effective to use firewalls against hackers than to hide one's IP address?

Miss Betsy

[WB8TYW]

my IP address can also be used to spam me using the messenger service (if it's not shutdown) or using a direct connection instant messenger protocol, not to mention scan for holes and exploits (if i wasn't using a router and a software firewall...) and gather more personal information about me....use my IP address to report me using a fake abuse report (i did that once for a spammer, he wasn't using his IP address to send the spam, but i managed to find it and send a fake abuse report to make it look like he was - the ISP fell for that)

a hidden IP address is just as good to the spammers as to the rest of us

27064[/snapback]

A lot of ifs.

If you have a Microsoft based operating system that can be spammed with the messenger service, it usually means that the spammer and unknown others have easy access to your system through many known exploits.

Shutting off the messenger service does not stop the serious exploits that receiving a messenger spam indicates are available. All that is done by shutting off the messenger service is to disable the most visible and harmless exploit of the set. This is documented in the Microsoft bulletin on the issue.

Only the use of a firewall will block the more serious exploits which include full access to your harddrive under the right conditions, and as a side effect it totally blocks the minor messenger spam exploit.

Since you are implying that you have a firewall, if it is properly configured, the onlything that shutting off the messenger service is doing is likley preventing you from being notified of remote printing jobs, assuming that you have a separate computer for spooling print jobs.

For anyone to make the claim that shutting off the messenger service is a solution to messenger spam is an indicator that they do not have enough of a background in computer security to even understand what is given away by activities over a network.

It is quite possible and even likely that gmail is encoding the originating IP in the headers and in a form that with only a little work a human could decipher. That seems to be a standard procedure for webmailers so that they do not have to depend on historical records to track a complaint.

It just apparently is not a format that spamcop.net knows how to decipher.

Gmail is aparrently going through a learning curve, and if they want their service to succeed, they will need to make it impossible for spammers to use it.

A search of news.admin.net-abuse.sightings will show what spam has been seen coming from google servers.

-John

Personal Opinion Only

[PROGAME]

[at]Miss Betsy

yes you may be right, maybe google really should change the header or respond faster to spam reports

[at]WB8TYW

funny how 4 short words i gave no thought to allowed you to write 5 irrelevant paragraphs but hey... what ever does it for you...

[Wazoo]

Headers and data from both an HTTP and an SMTP connection were provided somewhere prior in this discussion ... http://forum.spamcop.net/forums/index.php?...indpost&p=26734

[PROGAME]

No data found

[Wazoo]

OK, apparently part of the data lost in the crash ... here we go again ... (thanks)

E-mail sent using an iBook ... OS-X 10.2.xxx Safari web browser / Apple Mail to send, OE in a Win-98SE machine to APOP the receiving HotMail account for both e-mails

HTTP results - GMail server identified

http://www.spamcop.net/sc?id=z757097821zc9...bd9c860b9a8caez

SMTP results - I get pegged (OK, IP was changed a bit <g>)

http://www.spamcop.net/sc?id=z757099670z9e...9adae5974094e6z

[WisTex]

I contacted Gmail and suggested they identify the IP address of the sender's computer in the header like most other web-based e-mail software / service providers. I even included examples based on their existing headers, and also an example from a web-based e-mail software that includes the IP address of the sender's computer. I also told them without that information, spamcop.net and other blacklists will blacklist their servers instead of the spammers because their IP address is listed at the originator of the spam.

I got a response back thanking me for my suggestion and saying they were forwarding it to the appropriate people. So it looks like they are seriously looking into the issue.

[WisTex]

No data found 

27136[/snapback]

If you are referring to the error message you sometimes get when viewing Gmail, then there is a simple explaination for it.

When viewing your Gmail inbox, it periodically queries the Gmail servers to see if you have new e-mail. It does this without you having to refresh your browser. If, for some reason, it cannot reach the Gmail servers, you get the error message "No data found." Refreshing your browser window will usually solve it, assuming your internet connection is still up.

[Wazoo]

He was referring to my post which pointed to a previous post in this Topic ... the Tracking URLs provided in the first post were part of the data lost in the crash ... that first post was edited, and the last post with new Tracking URLs started with this explanation ....

[Jeff G.]

So, in summary, GMail's "Received: by 10.54.62.18 with HTTP; Wed, 26 Apr 2005 19:04:30 -0700 (PDT)" Header Line contains no "from reverse-fqdn [iP Address]" clause, which is causing GMail's servers to be blamed for spam that they are allowing their customers to send. Hopefully, their admins will learn their lesson.

[WisTex]

So, in summary, GMail's "Received: by 10.54.62.18 with HTTP; Wed, 26 Apr 2005 19:04:30 -0700 (PDT)" Header Line contains no "from reverse-fqdn [iP Address]" clause, which is causing GMail's servers to be blamed for spam that they are allowing their customers to send.  Hopefully, their admins will learn their lesson.

27197[/snapback]

Yep.

Some web-based e-mail programs format their as "from email[at]address.com [iP Address]" instead of "from reverse-fqdn [iP Address]" like SMTP would. Would this be acceptable to SpamCop.net or would the IP of the web host get pinned for it still?

Example:

Received: from user[at]webmailservice.com(0.0.0.0) 
by mail.webmailservice.net with CMailServer 5.2 SMTP; Sun, 24 Apr 2005 21:51:56 -0500 

where user[at]webmailservice.com is the users e-mail address on the webmailservice, and 0.0.0.0 is the IP address of the sender's computer.

Would that be acceptable or should it be in another format?

[StevenUnderwood]

Yahoo uses:

Received: from [24.177.39.162] by web30407.mail.mud.yahoo.com via HTTP; Wed, 27 Apr 2005 18:16:06 PDT

However, Yahoo webmail sending servers also appear to be in that database of trusted sites: http://www.spamcop.net/sc?id=z757395202z8b...b077b2e75d70b5z