Jump to content

[Resolved] Spam???


provobis

Recommended Posts

Sometimes the receiving mail system is setup to do an nslookup on the mx record for the domain (everything after the [at] in the email address) and if it does not resolve then you are likely to receive the error meesage you encountered.

Ah, so, let me see if I have this right:
  1. I send mail through my provider's outgoing service via outgoing.chicken.foo, to the recipient's domain at mx.duck.foo.
  2. While the SMTP transfer is pending, mx.duck.foo gets the domain chicken.foo from the return-path, looks up the MX records for chicken.foo, then does a lookup on some or all of these MX names.
  3. It might happen that mx.duck.foo can't resolve any of the MX names, so it rejects my message as having a "bad e-mail address" (tho it isn't the e-mail address per se that is bad, it is the domain part that is troublesome.

If that's the case, then if chicken.foo happens to have a DNS hiccup of some sort, or if they are sloppy in their DNS zone updates, then they stand to have some outgoing mail blocked.

Don't see how this stops much spam, on the other hand, if the spammer simply contrives to use forged return-paths that point to well-behaved domains.

-- rick

Link to comment
Share on other sites

Wazoo, looking in system information, XP pro, the system name is RADIOSOU-266A0b

Thanks. However, so much stuff I said not replied to ....

Editing your posts to remove the "quoted in its entirety" previous post is getting old. As stated within the Forum FAQ and elsewhere, as seen in so many other posts, please edit and remove un-needed material before hitting "Submit" ....

OK, so running with the provided data (that is still somewhat suspect) .... someone needs to ask windstream.net to try to analyze, perhaps explain the differences between the handling of these different e-mails.

Received: from ispmxaamta08-gx.windstream.net ([98.16.103.217])

by ispmxmta06-srv.windstream.net with ESMTP

id <20070914120355.TKHL29331.ispmxmta06-srv.windstream.net[at]ispmxaamta08-gx.windstream.net>

for <Poland's email address>; Fri, 14 Sep 2007 07:03:55 -0500

Received: from radiosou266a0b ([98.16.103.217])

by ispmxaamta08-gx.windstream.net with SMTP

id <20070914120355.MAJX7089.ispmxaamta08-gx.windstream.net[at]radiosou266a0b>

for <Poland's email address>; Fri, 14 Sep 2007 07:03:55 -0500

In this case, ispmxaamta08-gx srver accepted your e-mail input ... then passed it on to the ispmxmta06-srv server .... what we don't see is just what windstream server was actually involved in the attempted delivery to the .pl e-mail server.

Problems just with that data (apparently a router in the path ...??)

09/17/07 19:49:32 Slow traceroute 98.16.103.217

12.119.243.146 RTT: 40ms TTL:170 (No rDNS)

* * * failed

* * * failed

* * * failed

09/17/07 19:50:05 Slow traceroute ispmxaamta08-gx.windstream.net

Trace ispmxaamta08-gx.windstream.net (166.102.165.248) ...

12.125.75.54 RTT: 52ms TTL:170 (No rDNS)

151.213.33.90 RTT: 44ms TTL:170 (h90.33.213.151.ip.alltel.net ok)

* * * failed

* * * failed

* * * failed

Note: Trace ispmxaamta08-gx.windstream.net (166.102.165.248) doesn't begin to come close to the e-mail header line containing Received: from ispmxaamta08-gx.windstream.net ([98.16.103.217]) .. and if one runs with the "assumption" (see below) that the ispmxaamta08-gx actually tried to make the attempted delivery, the rDNS issue that Petzel mentions is very obvious. But again, this is all done with incomplete data .... and again, no explanation from this side of the screen as to why the IP Address in question is actually seen in two different header lines within that e-mail header.

In your last sample,

Received: from ispmxfep01-srv.windstream.net (166.102.165.157 [166.102.165.157])by dm15.mta.everyone.net (EON-INBOUND) with ESMTP id dm15.46eb178d.b4686afor <my web mail hotsheet.com email address>; Mon, 17 Sep 2007 09:59:13 -0700

from radiosou266a0b ([98.16.109.213]) by ispmxfep01-srv.windstream.net with ESMTP id <20070917165908.QEHB24899.ispmxfep01-srv.windstream.net[at]radiosou266a0b> for <my web mail hotsheet.com email address>; Mon, 17 Sep 2007 11:59:08 -0500

the ispmxfep01-srv server accepted your e-mail input .. then actually delivered that e-mail itself to the everyone (hotsheet) server ....

Vastly different 'internal windstream' paths involved there.

You keep saying OE was involved .... didn't answer "how you are connecting" ... and curious now whether this alltell/windstream account also offers a web-mail access point for you to compose out-going e-mails ... and was this used at all?

Link to comment
Share on other sites

You keep saying OE was involved .... didn't answer "how you are connecting" ... and curious now whether this alltell/windstream account also offers a web-mail access point for you to compose out-going e-mails ... and was this used at all?

OK Wazoo, edited above to remove uneeded material as you indicate.

I don't understand why you ask "how you are connecting". When I refer to OE it's just to indicate I have replied to an inquiry sent to one of five Alltel/Windstream accounts that I am entitled to configure in Outlook Express. In this case it's the account with the user name "Radiosound".

And yes, Alltel/Windstream does have web mail access which I (rarely) use only at times when there's some problem with OE, because it's obviously tedious and time consuming to have to navigate continuously to web mail several times daily rather than to simply "reply" in OE. So web mail was not used at all with regard to the Poland issue.

OK, so running with the provided data (that is still somewhat suspect) .... someone needs to ask windstream.net to try to analyze, perhaps explain the differences between the handling of these different e-mails.

I'm not sure how to ask Windstream about the samples you quote with regard to "vastly different" Windstream paths...at this point in my education here that seems a bit over my head, but would Windstream be inclined to explain or analyze those paths anyway just because I request it?

Link to comment
Share on other sites

I don't understand why you ask "how you are connecting".
I think the point in question here (if I may butt in) is that your computer (RADIOSOU-266A0b) shows up with a different IP address in each of the samples you posted. As far as I know, this is normal behavior of an ISP that employs dynamic IP address allocation (i.e., today you have address X, tomorrow you will have address Y). This is not something that you would have any particular control over, and it has (or should have) no effect on mail you send or receive.

The opposite case would be "static IP," where you have the same IP address now and forever, so we would see the same address for your computer in every outgoing message you send. Static IP is not the most efficient use of limited resources (i.e., IP address blocks), so I think many (or most) retail ISPs use dynamic allocation on demand.

My own ISP uses dynamic IP, so I can have a new address every time my DSL drops carrier (and, given my provider’s current level of reliability, this could be ten or twelve times per day--or even per hour on a bad day).

I'm not sure how to ask Windstream about the samples you quote with regard to "vastly different" Windstream paths...at this point in my education here that seems a bit over my head, but would Windstream be inclined to explain or analyze those paths anyway just because I request it?
Agree that this may not be the best question for you yourself to ask, not least because you may find that the people at the answering end might not know much more about things than you do. For sure, this is a case for second-tier (or higher) support people, not the usual 'phone drones' who man the front lines at the tech support department. Still it might be interesting to send them the two headers, and indicate that one passed and the other was blocked—let them figure out what happened if they will (or can). Don't wait up for an answer.

In the mean time, have you tried re-sending the original message to Poland see whether you still get blocked?

-- rick

Link to comment
Share on other sites

OK Wazoo, edited above to remove uneeded material as you indicate.

A thousand thanks for that effort. Very mich appreciated.

I don't understand why you ask "how you are connecting".

.....

So web mail was not used at all with regard to the Poland issue.

The IP Address of your system is part of the data I see as part of your post. That IP Address has been changing all along. The question about your connection and web-mail were both due to me trying to conjecture on a possibility of the different e-mail servers being used and the different way they tagged data to the e-mail header lines. I asked these questions in such a way that I wasn't trying to pin you down to trying to provide a technical answer, more me trying to tie bits and pieces together, trying to get the whole pucture.

I'm not sure how to ask Windstream about the samples you quote with regard to "vastly different" Windstream paths...at this point in my education here that seems a bit over my head, but would Windstream be inclined to explain or analyze those paths anyway just because I request it?

Not having dealt with them myself, I have no idea. That they are defined as "previously Verizon" .. I have my suspicions (rconner already covered the probable generic situation)

Let me state .. there is nothing here that seems to relate to SpamCop.net at all, other than your non-qualified statement that "spamcop has been seen before" ....

I can tell you that the idiot I was just trying to talk to hung up on me. Over 15 minutes of trying to get him to take a look at this discussion, as he simply didn't want to get into the conversation about windstream e-mail server cofigurations. The basic thrust of his part of the conversation .. you need to call them and ask for help. None of this is any of "my" concern.

Link to comment
Share on other sites

I can tell you that the idiot I was just trying to talk to hung up on me. Over 15 minutes of trying to get him to take a look at this discussion, as he simply didn't want to get into the conversation about windstream e-mail server cofigurations. The basic thrust of his part of the conversation .. you need to call them and ask for help. None of this is any of "my" concern.

You actually called Verizon, SpamCop, or Windstream? Wazoo, I'm embarrased you did that in my behalf and I feel like the idiot Anyway rick, when I get my act together based on your answer Still it might be interesting to send them the two headers, and indicate that one passed and the other was blocked—let them figure out what happened if they will (or can) I will insist on talking to (higher tier) tech support instead of trying to pry answers from the phone drone I get when first dialing their support number. I should say that Windstream tech support has been very cooperative in my inquiries so far, even though their answers have not seemed to be entirely accurate and/or conclusive.

To qualify my reference to SpamCop I should say that their name (as well as a few others) has been recommended in my searches and queries concerning what I have always assumed was a spam issue, both because of the spam in my subject test emails coming back to me and spam indicative in the header of the Poland refused returns. Now in hindsight it would seem that the two incidents may not be related at all.

In the mean time, have you tried re-sending the original message to Poland see whether you still get blocked?

rick I tried again (replying to the original Poland inquiry email still in my OE inbox) just before I posted this and the same refusal message bounced back along with the same header data. And as I mentioned before, I don't think Poland has a clue about spam or spam software. He's a self described technical "hobbyist" in electronics, never mind computers. But I should talk!

I guess the consensus so far is there's not much I can do about Poland besides technical edification, and the subject line spam word might or might not have been due to my previous virus software picking up a blacklisting somewhere, bit it's gone now as I'm still using the newly installed full AVG security suite. I might mention that I'm really disappointed in Trend PCcillin 2007 which I had nothing but complications and trouble with from the start. If you don't mind all, I'd like to know what security and systems you use and/or what you'd recommend.

Link to comment
Share on other sites

I guess the consensus so far is there's not much I can do about Poland besides technical edification, and the subject line spam word might or might not have been due to my previous virus software picking up a blacklisting somewhere, bit it's gone now as I'm still using the newly installed full AVG security suite.

Sounds like my assessment.

I might mention that I'm really disappointed in Trend PCcillin 2007 which I had nothing but complications and trouble with from the start. If you don't mind all, I'd like to know what security and systems you use and/or what you'd recommend.

Mac OS X :P

-- rick

Link to comment
Share on other sites

You actually called Verizon, SpamCop, or Windstream? Wazoo, I'm embarrased you did that in my behalf and I feel like the idiot

I called the DSLHelp support line listed for/on Windstream.net's web-site, via the Customer Service link .. waded through the voice-menu options ... started going downhill of course when I couldn't come up with 'your' phone number ... had never heard of SpamCop, but if SpamCop wasn't involved, then why was I calling .... if I didn't run the server in .pl, then why was I calling .... I wanted to talk about e-mail server configurations, he wanted to look at 'your' (e-mail) account .. on and on ... until he decided to solve his problem by hanging up on me ...

Link to comment
Share on other sites

Wazoo, rick, betsy, all who replied to my posts. I called the highest tier Windstream tech support I could find and laid it out again for the third or fourth time. This time I insisted the headers be checked. But in fact that did not seem to be interesting to this tech. Instead he thought it was more important that the Alltel/Windstream names in the account (and headers) were more important (which the other techs I spoke with did not ). So we started tests with newly composed messages using the Windstream account in OS AND Windstream web mail, from my email address in accounts changed from alltel.net to windstream.net. So in the General account field the new email address was now (---------) [at] windstream.net and all properties in the accounts server fields were also [at]windstream.net.

The message was sent to Poland again, but at that moment the server went down and I got nothing but error messages back saying the server did not accept etc, etc. so the rep said he would call back later, and he did. I subsequently retried to send to Poland and this time the mail did not bounce and evidently there was no refusal, although I have not yet received anything back from Poland.

So I feel like an idiot for wasting your time...the trouble was simple...apparently the two names Alltel and Windstream which evidently to a server anywhere could represent a email domain contradiction and therefore possible spam. At least it looks that way so far. And not only did some server, probably in Poland, bounce the mail address as spam, but so did my PCcillin software because the two names in the headers were inconsistent and therefore suspicious.

Thanks again for your efforts. :D

Link to comment
Share on other sites

So I feel like an idiot for wasting your time...the trouble was simple...apparently the two names Alltel and Windstream which evidently to a server anywhere could represent a email domain contradiction and therefore possible spam.
Happy to help. Don't feel like an idiot; most of us have learned what we know by a similar process of stumbling around and asking questions (whose answers usually send us off on yet more quests for understanding). It's good that you were persistent with the tech support people, and good for them that they listened to you and took some action.

I may say that blocking a mail because the domain in the e-mail address does not match the domain of the offering host seems like a bit of a blunt intstrument; those Polish guys must be blocking an awful lot of mail. They'd probably block my mail as well, since my e-mail address domains don't match those of the hosts who send my mail (particularly when I'm away from home sending through a hotel WiFi setup). This may be an oversimplification of the full story, but then again people do some patently stupid things in trying to filter spam, and it takes a lot of this sort of detective work to fix things.

-- rick

Link to comment
Share on other sites

If one ISP is rejecting on that basis, there will be others and other people who will be beating their heads against the wall the way you were!

Miss Betsy

Agreed, that's my thinking also, probably a trend toward higher security especially in our time. It just adds to the "patently stupid things (people do) in trying to filter spam" that rick mentioned.

One thing for sure, I will be saving this board URL to visit often, you're some of the most helpful and knowledgeable people around, not enough of you. :)

Later

Roger

Link to comment
Share on other sites

<snip>

I subsequently retried to send to Poland and this time the mail did not bounce and evidently there was no refusal, although I have not yet received anything back from Poland.

So I feel like an idiot for wasting your time...the trouble was simple...apparently the two names Alltel and Windstream which evidently to a server anywhere could represent a email domain contradiction and therefore possible spam. At least it looks that way so far. And not only did some server, probably in Poland, bounce the mail address as spam, but so did my PCcillin software because the two names in the headers were inconsistent and therefore suspicious.

Thanks again for your efforts. :D

...Thank you and congratulations! I shall mark this Forum thread as "resolved."
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...