dbiel Posted March 7, 2009 Share Posted March 7, 2009 I was wondering if someone could help me understand the headers in the following message. The problem seems to come down to my lack of understanding about DomainKeys. The Wikipedia article DomainKeys Identified Mail was somewhat helpful. The from line reads: From: "ShareBuilder" <sharebuilder[at]mailer.sharebuilder.com> The DomainKey-Signature indicates: d=mailer.sharebuilder.com; But the received from headers do not show any direct relationship with the only headers related to the sender being: Received: from sharebuilder.outbound.ed10.com ([64.14.81.245]) Received: from [127.0.0.1] ([127.0.0.1:53516]) by bm1-10.bo3.e-dialog.com I am unable to make sense of the handoff from bm1-10.bo3.e-dialog.com to sharebuilder.outbound.ed10.com which has the DomainKey information sitting in the middle of the hand off. ed10.com is a know bulk emailer and the message does have a proper return path so I do feel confident that the message is legit and does represent sharebuilder.com via the third party mailer ed10.com, but I do not see were e-dialog.com fits into the picture. The other spammy chareristic is the following body copy: You are receiving this e-mail because you have a ShareBuilder Account. You may unsubscribe, update or change your e-mail preferences by logging in to your account and clicking the Account Profile tab under the Accounts tab. Or you may Opt Out here. Well I do not have and never had such an accountReceived: from sharebuilder.outbound.ed10.com ([64.14.81.245]) by vipmx-mesquite.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1lFY3q5XG3Nl36k0 for <xxxxxxxx[at]earthlink.net>; Sat, 7 Mar 2009 10:03:08 -0500 (EST) DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws; s=ED2008-09; d=mailer.sharebuilder.com; h=Received:Date:Content-Type:Content-Transfer-Encoding:MIME-Version:From:Reply-To:To:Subject:Message-Id:X-Mail-From:X-RCPT-To:X-Mailer:X-Mailing-Name:X-Archive-Key:X-Mailed-Date; b=Zl/Oy8FnE+3hqj4RsUlwAqrRfO5Nv67bU3S7NeNNgDT2On4E/fnneZhquEtD9tnP 4dQYoAdzTeBXnfhI6m+s3DoTP8TLJil4y6D7qzbiV8Iz1GSs9Ls49tvu+DKkbOdw Received: from [127.0.0.1] ([127.0.0.1:53516]) by bm1-10.bo3.e-dialog.com (envelope-from <974U49-6M0RMH-HIX6KZ-977RCZ-IS56UR-H-M2-20090306-8f2b5a60c740cc9b83[at]sharebuilder.bounce.ed10.net>) (ecelerity 2.2.2.37 r(28805/28809)) with ECSTREAM id 72/86-17798-CAC82B94; Sat, 07 Mar 2009 10:03:08 -0500 Date: Sat, 07 Mar 2009 10:03:08 -0500 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 From: "ShareBuilder" <sharebuilder[at]mailer.sharebuilder.com> Reply-To: "ShareBuilder" <sharebuilder.5VVQ8C.11736821[at]mailer.sharebuilder.com> To: xxxxxxxxxxxxxx Subject: Get 7 free investments when you open an IRA Message-Id: <29823-22165-974U49-6M0RMH-HIX6KZ-977RCZ-IS56UR-H-M2-20090306-8f2b5a60c740cc9b83[at]e-dialog.com> X-Mail-From: 974U49-6M0RMH-HIX6KZ-977RCZ-IS56UR-H-M2-20090306-8f2b5a60c740cc9b83[at]sharebuilder.bounce.ed10.net X-RCPT-To: xxxxxxxxxxxxxx X-Mailer: EDMAIL R6.00.02 X-Mailing-Name: 0903-IRA-NoAcct-Ofr X-Archive-Key: 0002165806 X-Mailed-Date: Fri, 06 Mar 2009 17:50:17 -0500 X-ELNK-Received-Info: spv=0; X-ELNK-AV: 0 X-ELNK-Info: sbv=0; sbrc=.0; sbf=0b; sbw=010; X-SpamCop-Checked: 207.69.195.99 207.69.195.26 207.69.195.100 207.69.195.156 64.14.81.245 2.2.2.37 Note: To info has been munged I should state that I have reported this message and added the comment regarding why being the bogus statement mentioned above claiming that I have an account. Link to comment Share on other sites More sharing options...
rconner Posted March 7, 2009 Share Posted March 7, 2009 I should state that I have reported this message and added the comment regarding why being the bogus statement mentioned above claiming that I have an account. Assuming you reported it through SpamCop, can you post a tracking URL to this report? There are enough strange things in this header that I for one would like to rule out the possibility of copy-paste problems, HTML/IPB problems, or selective editing in your post. At a glance, I'd conjecture that every line starting with "DomainKey Signature" is a forgery, and that it would be pointless to examine any of these data. The tracking URL would tell us whether the SpamCop parser had the same opinion (i.e., that 64.14.81.245 is the spam source). -- rick Link to comment Share on other sites More sharing options...
dbiel Posted March 7, 2009 Author Share Posted March 7, 2009 Posting tracking url: http://www.spamcop.net/sc?id=z2676372542z8...108feeab3d695bz I did not decide to report it until after I had finished writing the previous post which was the reason for not posting the URL at that time. The mountian of additional forwarding headers kind of adds to the confusion. Link to comment Share on other sites More sharing options...
rconner Posted March 7, 2009 Share Posted March 7, 2009 Looks like the spam source was indeed 64.14.81.245, followed in the header by a bunch of header-like science fiction writing. This kind of forgery certainly does not give me a good feeling about E-Dialog's good faith. Seems like this address is on SpamCop's s..t list since they set up a separate devnull account for E-Dialog. THe website is in another block of E-Dialog's but SpamCop sent a report to the upstream provider (Savvis). I'm guessing it would not be productive to wait up for a response from Savvis. -- rick Link to comment Share on other sites More sharing options...
Farelf Posted March 8, 2009 Share Posted March 8, 2009 ...The other spammy chareristic is the following body copy:You are receiving this e-mail because you have a ShareBuilder Account. You may unsubscribe, update or change your e-mail preferences by logging in to your account and clicking the Account Profile tab under the Accounts tab. Or you may Opt Out here.Well I do not have and never had such an account...That's enough for me. I don't know enough to try to untangle the headers - surely enough to know they lie in one part, no reason not to lie (forge headers) elsewhere if it might improve their chances of penetration - it is, after all, a 'seduction' attempt. I think Rick has the right view.I should state that I have reported this message and added the comment regarding why being the bogus statement mentioned above claiming that I have an account.Quite right, maybe savvis.net needs the ammunition/clue, maybe a waste of time but, if you don't know for sure, it's never a bad idea to play it 'with a straight bat' as we say hereabouts (and in most parts of the Commonwealth with the possible exception of Pakistan where they are now trying to imagine life without cricket, but I digress). Link to comment Share on other sites More sharing options...
Farelf Posted March 8, 2009 Share Posted March 8, 2009 Since ING Direct/Sharebuilder is reputable, the possibility of a rogue affiliate would have to be considered. Looking at http://content.sharebuilder.com/MgdCon/Cor.../affiliates.htm How will you know what people came from my site? All links from your site to our site contain a unique identifier so that every time a user comes to us via your site, we know to credit you when an account is created and funded. This is only possible, though, when you create all of your links with the tag generator on your Linkshare account. So a possibility exists of a rogue 'gaming' the system by placing 'pre-loaded' referral links in spam. Of course that would be fraud against Sharebuilder and their own defenses might well detect it, anyway ANY form of spam is prohibited - http://content.sharebuilder.com/MgdCon/Cor...about/terms.htm (see "Marketing"). According to http://www.sharebuilder.com/sharebuilder/S...onSecurity.aspx suspected spoofs should be sent to spoof[at]sharebuilder.com - which might be the correct handling in this case, IMO. Link to comment Share on other sites More sharing options...
dbiel Posted March 8, 2009 Author Share Posted March 8, 2009 Since ING Direct/Sharebuilder is reputable, the possibility of a rogue affiliate would have to be considered.<snip> According to http://www.sharebuilder.com/sharebuilder/S...onSecurity.aspx suspected spoofs should be sent to spoof[at]sharebuilder.com - which might be the correct handling in this case, IMO. Thanks for the suggestion. A copy of my email message is pasted below I am not sure if the attached email spam was endorsed by your company or not, but I find it totally unacceptable and I have reported it as spam using the SpamCop reporting service. My main complaint relates to the false claims made in the message and I quote: You are receiving this e-mail because you have a ShareBuilder Account. You may unsubscribe, update or change your e-mail preferences by logging in to your account and clicking the Account Profile tab under the Accounts tab. Or you may Opt Out here. I have never had a ShareBuilder Account. There is a discussion regarding this email which I started at http://forum.spamcop.net/forums/index.php?showtopic=10152 Your reply to that topic would be greatly appreciated. Since the site does require you to register to post, you may reply to this email and I will post your reply to the topic on your behalf. Looking forward to your response. Now to wait and see if they respond or simply ignore the message. Link to comment Share on other sites More sharing options...
Lking Posted March 8, 2009 Share Posted March 8, 2009 Now to wait and see if they respond or simply ignore the message. Or take internal action to evaluate/correct the opinions/methods of their marketing department (assuming they were involved at all with the spam) and then, on advise of their legal department, not get involved in the quagmire of a public discourse in these economic time when financial institution are already under stress. Or not. Link to comment Share on other sites More sharing options...
jmacdonald Posted March 12, 2009 Share Posted March 12, 2009 Thanks for the suggestion. A copy of my email message is pasted below Now to wait and see if they respond or simply ignore the message. Hi, I work for the company that sends Sharebuilder emails. I like to comment on the DomainKeys stuff. If the DomainKey signature validates, then the signer is willing to take responsibility for the content below the signature line. As for the connection between ed10.net and e-dialog.com, a simple whois will show who is responsible for those domains (e-dialog). If you haven't been given a satisfactory answer to why you were emailed, please feel free to contact me. My role at e-Dialog is working with MTAs, so I won't be able to answer you directly why you were emailed but I should be able to contact the proper group if Sharebuilder hasn't answered you. Link to comment Share on other sites More sharing options...
dbiel Posted March 12, 2009 Author Share Posted March 12, 2009 I must admit that I am very suprised by the previous reply post. It does appear that e-dialog is a very responsible third party emailer and is working with the source of the message to address the issues raised. There was enough information provide in previous post that I was able to contact him by phone and had a fairly lengthy discussion on the subject. He is still waiting to receive some feedback from his client (the source of the message data) I will update this topic when more information is available. Link to comment Share on other sites More sharing options...
Lking Posted March 12, 2009 Share Posted March 12, 2009 I must admit that I am very suprised by the previous reply post. I must admit that I to am surprised, as reflected in my earlier, less than optimistic, post. This thread should be marked as an example of the fact that some times good things happen. Link to comment Share on other sites More sharing options...
dbiel Posted March 12, 2009 Author Share Posted March 12, 2009 Followup email received from jmacdonald only hours after talking to him on the phone I have an initial word from Sharebuilder. I'm not totally satisfied with it and have asked for some further details. I hope to have more for you tomorrow You sure can not ask for more than that. Link to comment Share on other sites More sharing options...
rconner Posted March 13, 2009 Share Posted March 13, 2009 You sure can not ask for more than that.Indeed. Now I feel sheepish about the "science fiction" comment (although it was an odd header). -- rick Link to comment Share on other sites More sharing options...
dbiel Posted March 13, 2009 Author Share Posted March 13, 2009 And an additional unexpected, but very welcomed, email update Still no word from the client today. Sorry about that. Hopefully something on Monday. Have a good weekend. Link to comment Share on other sites More sharing options...
dbiel Posted March 17, 2009 Author Share Posted March 17, 2009 Additional email reply Ok, Sharebuilder is claiming you have an account with them. I believe they may end up reaching out to you. I was expecting a confirmation about that but haven't recieved one yet.my reply to him is a rather embarising Thank you for the reply. If they contact me I will forward a copy to you. PS Well before sending this I have done a bit more research and discovered a web link to sharebuilder.com on an old file that let me recover account information using only very generic personal information. Which returned a user name and allowed me to change the password. After logging in I was able to obtain an account number with a zero balance and located a contact phone number which I called and discussed the account will a rep. So it does appear that I do have an account that was set up partially but never completed It is a trading account that is not linked to any cash account, has never been funded or used This would mean that the email would not be spam and should not have been reported. I am sorry about that. Yet in one sense it is still true that I never had a real account, but it was sent up far enough to make calling email from them spam wrong. At this point, I would like to thank you for all the time and effort you put into resolving this matter and we should consider this issue closed, unless you need something else from me to close it on your end. I am sorry for wasting your time. I am also forwarding the tracking link back to the deputies It would appear that e-dialog.com is the most responsible third party bulk emailer that I have ever seen. Link to comment Share on other sites More sharing options...
jmacdonald Posted March 17, 2009 Share Posted March 17, 2009 Additional email reply my reply to him is a rather embarising I am also forwarding the tracking link back to the deputies It would appear that e-dialog.com is the most responsible third party bulk emailer that I have ever seen. We try very hard to be responsible and to make sure our clients are too. If there are issues with one of our clients and you don't receive a proper resolution or explanation, please feel free to ping me. I try to stay on top of complaints using Google, but there will be times when Google fails me. I've enabled email contact on this forum. Additionally I can be reached outside this forum via email at jmacdonald[at]e-dialog.com. Link to comment Share on other sites More sharing options...
jmacdonald Posted March 17, 2009 Share Posted March 17, 2009 Indeed. Now I feel sheepish about the "science fiction" comment (although it was an odd header). What exactly did you find odd? I only ask because of my personal pride. I had some simple goals. 1) an average consumer should not be aware that e-dialog is sending the message (consumers are easily confused) 2) an average techie should be able to determine that e-dialog sent the message Link to comment Share on other sites More sharing options...
rconner Posted March 18, 2009 Share Posted March 18, 2009 What exactly did you find odd? I only ask because of my personal pride. I had some simple goals. 1) an average consumer should not be aware that e-dialog is sending the message (consumers are easily confused) 2) an average techie should be able to determine that e-dialog sent the message Well, you have me over a barrel, let me reconstruct my thinking (or at least what passed for thought at the time). What puzzled me in dbiel's excerpt was the single Received line followed by a bunch of DKIM stuff followed by another Received line containing the loopback address and a hostname (bm1-10.bo3.e-dialog.com) that returned NXDOMAIN. As you are no doubt aware, spammers sometimes forge in extra headers before they send their mail (tho I think not so much now as in the past), and these often contain bogus host names and addresses. So, I leapt to a conclusion based on the fact that I saw an unresolveable host name and an unrouteable IP on the same line. The DKIM stuff struck me as being misplaced, and containing some odd-looking stuff, although I freely admit that I am not a DKIM expert (this might be a good motivation to bone up). The fact that it appeared just before the odd-looking Received line didn't give me a warm feeling. On reflection, I imagine that the DKIM info is inserted by the host that preps the mail to leave the domain, in which case this location makes sense. Regardless of what I think, the acid test of the header would be whether it pointed to the correct source IP under a strict parse. dbiel's tracking link shows that SpamCop ended its parse at the top line in the excerpt (from sharebuilder.outbound.ed10.com by vipmx-mesquite.atl.sa.earthlink.net), and therefore got the correct source IP address (sharebuilder.outbound.ed10.com at 64.14.81.245). As for your goal #1, this is probably met by the From and Reply-To addresses you used. The average recipient is not going to go poking in the headers, so won't see the things that confused me. As for goal #2, that too appears to be met, since SpamCop accurately traced the message back to your server, which seems well and properly identified and configured (with a proper PTR record as well). I apologize for jumping to conclusions, but after the first 75,000 or so spams, things sometimes start to run together. So, when tracing an e-mail message, you probably ought to check with SpamCop first, and ask me later on. -- rick Link to comment Share on other sites More sharing options...
dbiel Posted March 18, 2009 Author Share Posted March 18, 2009 What exactly did you find odd? I only ask because of my personal pride. I had some simple goals. 1) an average consumer should not be aware that e-dialog is sending the message (consumers are easily confused) 2) an average techie should be able to determine that e-dialog sent the message To start with I want to thank you for your excellent followup and concern regarding what I had originally consider to be a objectionable spam message. Not being an expert regarding headers and having known nothing about DomainKey-Signature I will try to answer you question as a cross between 1) an average consumer and 2) an average techie. What bothered me was the lack of a clear handoff from e-dialog.com to ed10.com. I will paste and highlight portions of the headers below: Received: from sharebuilder.outbound.ed10.com ([64.14.81.245]) by vipmx-mesquite.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1lFY3q5XG3Nl36k0 for <xxxxxxxx[at]earthlink.net>; Sat, 7 Mar 2009 10:03:08 -0500 (EST) DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws; s=ED2008-09; d=mailer.sharebuilder.com; h=Received:Date:Content-Type:Content-Transfer-Encoding:MIME-Version:From:Reply-To:To:Subject:Message-Id:X-Mail-From:X-RCPT-To:X-Mailer:X-Mailing-Name:X-Archive-Key:X-Mailed-Date; b=Zl/Oy8FnE+3hqj4RsUlwAqrRfO5Nv67bU3S7NeNNgDT2On4E/fnneZhquEtD9tnP 4dQYoAdzTeBXnfhI6m+s3DoTP8TLJil4y6D7qzbiV8Iz1GSs9Ls49tvu+DKkbOdw Received: from [127.0.0.1] ([127.0.0.1:53516]) by bm1-10.bo3.e-dialog.com (envelope-from <974U49-6M0RMH-HIX6KZ-977RCZ-IS56UR-H-M2-20090306-8f2b5a60c740cc9b83[at]sharebuilder.bounce.ed10.net>) (ecelerity 2.2.2.37 r(28805/28809)) with ECSTREAM id 72/86-17798-CAC82B94; Sat, 07 Mar 2009 10:03:08 -0500 Date: Sat, 07 Mar 2009 10:03:08 -0500 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 From: "ShareBuilder" <sharebuilder[at]mailer.sharebuilder.com> Reply-To: "ShareBuilder" <sharebuilder.5VVQ8C.11736821[at]mailer.sharebuilder.com> What I would have like to have seen was one additonal set of headers that would have looked something like the following: Received: from bm1-10.bo3.e-dialog.com ([iP address]) by sharebuilder.inbound.ed10.com ([iP address]) What I saw as the source of the message was: sharebuilder.outbound.ed10.com ([64.14.81.245]) The following was what the SpamCop parser saw: 6: Received: from sharebuilder.outbound.ed10.com ([64.14.81.245]) by vipmx-mesquite.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1lFY3q5XG3Nl36k0 for <x>; Sat, 7 Mar 2009 10:03:08 -0500 (EST) Hostname verified: sharebuilder.outbound.ed10.com Earthlink received mail from sending system 64.14.81.245 7: Received: from [127.0.0.1] ([127.0.0.1:53516]) by bm1-10.bo3.e-dialog.com (envelope-from <974U49-6M0RMH-HIX6KZ-977RCZ-IS56UR-H-M2-20090306-8f2b5a60c740cc9b83[at]sharebuilder.bounce.ed10.net>) (ecelerity 2.2.2.37 r(28805/28809)) with ECSTREAM id 72/86-17798-CAC82B94; Sat, 07 Mar 2009 10:03:08 -0500 Internal handoff or trivial forgery Tracking message source: 64.14.81.245: Routing details for 64.14.81.245 [refresh/show] Cached whois for 64.14.81.245 : abuse[at]savvis.net Using abuse net on abuse[at]savvis.net abuse net savvis.net = abuse[at]savvis.net Using best contacts abuse[at]savvis.net I am not saying that there is anything wrong with the headers but a traceable handoff using registered hosts would have made a big difference to me and even to SpamCop which considered the source of the message to be: sharebuilder.outbound.ed10.com ([64.14.81.245]) which was and is a valid source, but I could not see or trust any relationship between ed10.com and e-dialog.com So that is my simple point of view. But now back to the actual facts related to this specific message which boiled down to the fact that I had forgotten that I had started to set up an account with sharebuilder over a year ago, but never finalized it and the fact that sharebuilder continued to list it as an active trading account for email purposes despite the fact that it had never been funded or used by me. I did not like the fact that they (sharebuilder) claimed I had an account, displayed a partial account number, suggested that I could log into that account to update data and/or unsubscribe from the mailing list without providing any means for doing so, due to the fact that I was unaware that the account actually existed, with the thrust of the message being that I should open up an additional new IRA account. They were addressing me as an established customer when in fact I had never had a single financial transaction with them other than the creation of a never used account. Not what I would consider an established business relationship, but it is enough that the message should not have been reported as spam my me. But that degresses from the point of your post here as the third party mailer of the message. So I will end this lengthy, and hopefully understandable post, by adding my thanks one more time for the way you have personally handled the entire situation. You have gone far above and beyond anything that could have been reasonablely expected from a third party mailer. PS the following is the copy of your most recent email to me received long before that last few post have been made to this topic <snip> >At this point, I would like to thank you for all the time and effort >you put into resolving this matter and we should consider this issue >closed, unless you need something else from me to close it on your >end. > >I am sorry for wasting your time. I would only consider that to be true if neither of us was unable come to a satisfactory resolution. Thank you for being patient and reasonable. If you have any other issues with our clients, feel free to pick up the phone or send an email. Even though in this case the client wasn't in error, your situation does illustrate that the client should of reached out to you with an email saying "Hey, where have you been?" before sending you an IRA offer. We try very hard to get our clients to understand "relevance" and this an excellent case study in that. So, hardly a waste of time IMHO. Link to comment Share on other sites More sharing options...
jmacdonald Posted March 18, 2009 Share Posted March 18, 2009 What puzzled me in dbiel's excerpt was the single Received line followed by a bunch of DKIM stuff followed by another Received line containing the loopback address and a hostname (bm1-10.bo3.e-dialog.com) that returned NXDOMAIN. ... So, I leapt to a conclusion based on the fact that I saw an unresolveable host name and an unrouteable IP on the same line. I'm not a DNS setup expert, but I don't think it is unreasonable that internal hosts aren't externally resolvable. Some may say we are 'leaking' private information. But having the internal host name in the headers helps with debugging. I apologize for jumping to conclusions, but after the first 75,000 or so spams... accepted and understandable. Moderator Edit: excessive blank vertical whitespace removed. Link to comment Share on other sites More sharing options...
jmacdonald Posted March 18, 2009 Share Posted March 18, 2009 Ah, I see the disconnect now, thanks for the details. Our MTA has a feature that allows each client to have their own IP, yet the clients share the same box. In this case the box is bm1-10.bo3.e-dialog.com, but none of our clients email should end up using that IP as the source IP. To clarify, email is injected into bm1-10.bo3.e-dialog.com but leaves that box via an *.outbound.ed10.com IP. The 'hand-off' you are looking for happens internally in the MTA process. There may be an option to add a trace header to show that internal hand-off. Link to comment Share on other sites More sharing options...
rconner Posted March 18, 2009 Share Posted March 18, 2009 I'm not a DNS setup expert, but I don't think it is unreasonable that internal hosts aren't externally resolvable. You are of course correct. But, when we are shown a message and asked "hey, is this spam?" and we are already somewhat predisposed to concur, this sort of thing can be invoked as further evidence. Actually, my ISP used to put 172/8 addresses at the TOP of the header, showing internal handoffs. This was very confusing until I figured out that it was best simply to stop tracing the spam after that point in time. -- rick Link to comment Share on other sites More sharing options...
dbiel Posted March 18, 2009 Author Share Posted March 18, 2009 Ah, I see the disconnect now, thanks for the details. Our MTA has a feature that allows each client to have their own IP, yet the clients share the same box. In this case the box is bm1-10.bo3.e-dialog.com, but none of our clients email should end up using that IP as the source IP. To clarify, email is injected into bm1-10.bo3.e-dialog.com but leaves that box via an *.outbound.ed10.com IP. The 'hand-off' you are looking for happens internally in the MTA process. There may be an option to add a trace header to show that internal hand-off.As an internal handoff, I see no problems; but It was difficult to see it as being an internal handoff due to the domain name change from bm1-10.bo3.e-dialog.com - to *.outbound.ed10.com which made it look to me as a bunch of forged junk; when in reality is was valid internal routing information. One additional set of received from/by headers showing the internal hand off from e-dialog to ed10.com would have made things much clearer, or some reference in the message that it was sent from ed10.com as the third party mailer (just my point of view as an average consumer) Thanks again for your feedback Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.