If you have Verizon as your ISP (even if your address is not "@verizon.net") you are not receiving any e-mail that is sent from outside the USA.
I discovered this after some clients did not respond to my e-mail, but in fact they had e-mailed me and Verizon just tossed it. No bounce, just gone out into the ether. This is allegedly an anti-spam measure!
There was no notice of this, it was unilateral and done at the beginning of the holiday period (i.e. I thought some clients had gone on vacation already!)
I had to call them to discover it myself. I was told by one rep that he couldn't fathom why anyone would need e-mail from outside the country!
Verizon tells me that I will need to submit a list of addresses which I receive e-mail, and that in "two to four weeks" they will have "approved" them for incoming mail.
Needless to say I am steamed and the Comcast guy is coming on Monday. And I suspect I may have a lawsuit against Verizon for potential lost income?
DataPlumber
Dec 24, 04, 11:02 am
..... And I suspect I may have a lawsuit against Verizon for potential lost income?
:rolleyes:
Actually, you do not have a lawsuit. The Internet is a "best effort" network. There are no gaurantees reguarding data delivery. There are some large ISPs that offer SLAs for data delivery on their portion of the public Internet, however those SLA become null when traffic crosses a transit or peering circuit with another ISP (i.e Global ISP to VZ.) Asssuming you did have some SLA, which are generally offered by ISPs on B.F.Ps to corporations not end users, The remedies are always less than one months recurring charges. If you do more research you find large ISPs always do some sort of filtering to circumvent spam or worms. Policies change rather dynamically to deal with all the script kiddies so filters come and go from time to time. Email is one thing, you should try troubleshooting links when they start prepending route advertsiments due to DOS.
In the end it is caveat emptor. Read and understand your end user agreement with your ISP. Althoughm ou may be on to something for filling lawsuits for potential lost income. I am pondering a suit against my local lottery for potential lost income. I mean, potentially I could have won millions had they just picked my numbers...... ;)
Internaut
Dec 24, 04, 11:08 am
There is a huge difference between a chance failure to deliver an email and deliberately blocking all inbound international email. I suspect in this case it would not be difficult to establish in court that Verizon have been unreasonable.
GoingAway
Dec 24, 04, 11:25 am
I agree with Internaut, but it usually would come down to a question of whether Verizon sent out some sort of notice of their change or not. Even if it's buried in small print, which this type of information usually is, if they notified their customer they are off the hook.
smoothtakeoffbumpylanding
Dec 24, 04, 12:10 pm
hmmMMm, i was going to switch from Comcast HSI to Verizon DSL, mainly due to cost and since my $20/month for 6 months offer is almost over
any idea if this happens ONLY with mail coming into a verizon email account?
What if foreign email is sent to a third party email account like gmail or hotmail or a business email but checked via Thunderbird or web mail .. will it still get through? I'm thinking yes ..
FewMiles
Dec 24, 04, 12:28 pm
What's the point of blocking all mail from outside the US? I thought the majority of spam is sent from the US in the first place.
FewMiles..
ScottC
Dec 24, 04, 12:37 pm
What's the point of blocking all mail from outside the US? I thought the majority of spam is sent from the US in the first place.
FewMiles..
Actually, it's sent by US Internet users from servers OUTSIDE the USA.
Internaut
Dec 24, 04, 12:54 pm
hmmMMm, i was going to switch from Comcast HSI to Verizon DSL, mainly due to cost and since my $20/month for 6 months offer is almost over
any idea if this happens ONLY with mail coming into a verizon email account?
What if foreign email is sent to a third party email account like gmail or hotmail or a business email but checked via Thunderbird or web mail .. will it still get through? I'm thinking yes ..
I'm thinking you're right. This will have been done on Verizon's mail servers. The people it affects particularly badly will be those who've had the same email address for a long time and who deal with a lot of people outside of the US. I've had my Hotmail address for almost as long as Hotmail has been around. If Microsoft were to decide tomorrow to greatly restrict inbound mail, this would be bad for me!
DeafFlyer
Dec 24, 04, 1:25 pm
even if your address is not "@verizon.net"
Their spam filter can't block my Yahoo or Hotmail addresses. Can it?
HeHateY
Dec 24, 04, 3:00 pm
Their spam filter can't block my Yahoo or Hotmail addresses. Can it?
If you use Verizon to go to the Yahoo or Hotmail webpage to get your mail that's OK. But if you have a "@verizon.net" e-mail address or your company organization uses Verizon to handle e-mail, you are blocked.
This is a serious pain in the a** to me and any Verizon user!
HeHateY
Dec 24, 04, 3:13 pm
:rolleyes:
Actually, you do not have a lawsuit. The Internet is a "best effort" network. There are no gaurantees reguarding data delivery.
In the end it is caveat emptor. Read and understand your end user agreement with your ISP.
Read my first post. No notice. Just the unilateral decision to block all e-mail from anywhere not in the USA. That includes ".tv" (Tavalu?) which is popular in the Southern California area.
From http://text.broadbandreports.com/shownews/58230
I spent 2 hours on the phone with Verizon in the last 24 hours.
I was told that for "security reasons", Verizon IS blocking ALL out of the US emails. They, also, admit that "verification", "bounce back", and "automated response" emails are not getting through.
I can NOT update my MS "passport". I can NOT get support from KAV. I can NOT get "reply notifications" from any forum, including this one.
Their support tech got on my PC any verified all my setting are correct and admits it's a Verizon problem.
Their solution:
Every time I DON'T receive an email, I should call Verizon and they will manually add these URLs to only MY emails allow list. It will take approximately 2 weeks for the changes to take place.
Is this for real?
:mad:
smoothtakeoffbumpylanding
Dec 24, 04, 5:43 pm
If you use Verizon to go to the Yahoo or Hotmail webpage to get your mail that's OK.
Cool ^
ewrfox
Dec 24, 04, 8:57 pm
Even thought I have Verizon as my ISP, I never bothered with it’s Email client... I already had an established Yahoo MSN and now a Gmail account... And second I don't even use the Verizon Control Pad to connect... That’s why I never bothered with it...
Now after learning this, I’m glad I didn’t bother to use Verizon email....
xyzzy
Dec 25, 04, 1:34 am
Ahh, Verizon -- the same ISP that for a long time didn't let you send mail through its servers if it didn't have an @verizon.net From: address. (I'm not sure whether they still do this.) This doesn't surprise me and makes me happy in my choice to avoid them.
stimpy
Dec 25, 04, 2:02 am
I just sent a message from my wanadoo.fr account to my verizon.net account and it went through immediately. I get messages from people all over the world. I have had a verizon.net email address for over 4 years. I have never had any of the problems mentioned here.
I read the links above and it seems that perhaps Verizon is blocking email from what it thinks are less-than-legitimate foreign ISP's. But my French ISP is fine as are the plenty of foreign corporate emails I get.
PorkRind
Dec 25, 04, 6:02 am
Ahh, Verizon -- the same ISP that for a long time didn't let you send mail through its servers if it didn't have an @verizon.net From: address. (I'm not sure whether they still do this.) This doesn't surprise me and makes me happy in my choice to avoid them.
Verizon disallowed relaying from foreign (non-Verizon) domains? But that's simply good sense; most ISPs do this nowadays. And the ones that don't are often involuntarily responsible for huge amounts of SPAM and wind up on email blacklists such as ORBS.
If you're saying that they disallow a foreign From: address for mail sent from within their network, that's probably a good idea, too; most spamming trojans attempt to disguise themselves by spoofing that.
Use the Reply-to: address field if you want replies sent to an alternate domain.
scruffy
Dec 25, 04, 7:54 am
(oops-deleted)
Teacher49
Dec 25, 04, 2:57 pm
I get huge amounts of spam daily ... just like most of you. However, I want to filter that myself and by hand. None of the well intentioned spam filters I have seen are good enough to trust.
Like some others who use FT, I do business in many different places. It is vital that I get email from people I don't know who learn of my services through my web site or by word of mouth. I would find it intolerable for an ISP to act like my mother to filter out email fromwhole regions of the world.
The funniest, most frustrating thing is the attitude expressed by the CS person who wanted to know why anyone would be interested in communicating with someone outside of the USA, and that anyone who does should know the addresses of all such folks in advance!
Best wishes,
Teacher49
stimpy
Dec 25, 04, 3:13 pm
I am quite sure that Verizon doesn't block any country since I receive emails from all over the world, including Korea which sends more spam than any country I know of. However I stopped receiving Korean spam a while back. I assume that Verizon or some other ISP has been successful in blocking them.
winkydink
Dec 25, 04, 4:06 pm
:rolleyes:
Actually, you do not have a lawsuit. The Internet is a "best effort" network. There are no gaurantees reguarding data delivery. There are some large ISPs that offer SLAs for data delivery on their portion of the public Internet, however those SLA become null when traffic crosses a transit or peering circuit with another ISP (i.e Global ISP to VZ.) Asssuming you did have some SLA, which are generally offered by ISPs on B.F.Ps to corporations not end users, The remedies are always less than one months recurring charges. If you do more research you find large ISPs always do some sort of filtering to circumvent spam or worms. Policies change rather dynamically to deal with all the script kiddies so filters come and go from time to time. Email is one thing, you should try troubleshooting links when they start prepending route advertsiments due to DOS.
In the end it is caveat emptor. Read and understand your end user agreement with your ISP. Althoughm ou may be on to something for filling lawsuits for potential lost income. I am pondering a suit against my local lottery for potential lost income. I mean, potentially I could have won millions had they just picked my numbers...... ;)
It's very dicey to claim one is a Common Carrier when one is selectively deciding which traffic to allow/forbid.
stimpy
Dec 25, 04, 5:31 pm
It's very dicey to claim one is a Common Carrier when one is selectively deciding which traffic to allow/forbid.
Why is that? Verizon the phone company also will not accept incoming calls from illegitimate phone companies. And they are certainly a Common Carrier. There is no obligation to accept junk.
That said, there is no easy answer for ISP's dealing with spam. I bet less than 1% of Verizons million plus email users know how to set a spam filter. So they are trying to help their customers. I don't know if what they have done is right or not, but I do know that I am happy with my Verizon email service. Having an email account for over 4 years should mean that I get loaded with spam. However only a few per day make it into my account. And I have never heard from anyone saying they couldn't send me mail.
KosraeTV
Dec 25, 04, 5:42 pm
I get huge amounts of spam daily ... just like most of you. However, I want to filter that myself and by hand. None of the well intentioned spam filters I have seen are good enough to trust.
Hey Teacher49 !
Take a look at mailwasher Pro 4.0 by firetrust, I like to review mail by hand but don't like it downloaded. You can have blacklists and create your own blacklists over time, it can auto delete or delete after you've reviewed all the headers. You can reply without having the emails come into your email program also. Due to poor connections I have yahoo / aol / and foreign email addresses and mailwash can review them all. I also use Firefox on some machines but am comfortable with mailwasher on my laptop.
Whenever there appears to be an attack of spam from an ISP then companies will disallow email from that ISP from coming over again. It will take the ISP contacting the other one to say Hey, let our emails through. From my area my local ISP gets blacklisted all the time from all over the world. But it does sound like this from verizon is kind of wrong. What's the use of having email if they won't allow emails to come in from overseas automatically.
winkydink
Dec 25, 04, 6:57 pm
Why is that? Verizon the phone company also will not accept incoming calls from illegitimate phone companies. And they are certainly a Common Carrier. There is no obligation to accept junk.
Surely you're not making the analogy that all email sent from outside the US is illegitimate, are you? There's an implicit acceptance of traffic one deems OK, whch clouds one's defense as a Common Carrier if said acceptable traffic contains questionable data.
stimpy
Dec 26, 04, 1:32 am
Surely you're not making the analogy that all email sent from outside the US is illegitimate, are you?
Of course not. Read my posts where I said I (as a verizon.net customer) get plenty of email from overseas and I tested verizon.net from my own overseas ISP account. Verizon is NOT blocking overseas emails. If anything, they are blocking email from ISP's that Verizon believes does not practice good spam control or ISP's that they do not believe are legitimate players. That is my judgement based on experience anyways. Verizon the phone company along with just about every other phone company out there practice the same general control on their network interconnections.
Teacher49
Dec 26, 04, 11:00 am
Hey Teacher49 !
Take a look at mailwasher Pro 4.0 by firetrust, I like to review mail by hand but don't like it downloaded. You can have blacklists and create your own blacklists over time, it can auto delete or delete after you've reviewed all the headers. You can reply without having the emails come into your email program also. Due to poor connections I have yahoo / aol / and foreign email addresses and mailwash can review them all. I also use Firefox on some machines but am comfortable with mailwasher on my laptop.
Whenever there appears to be an attack of spam from an ISP then companies will disallow email from that ISP from coming over again. It will take the ISP contacting the other one to say Hey, let our emails through. From my area my local ISP gets blacklisted all the time from all over the world. But it does sound like this from verizon is kind of wrong. What's the use of having email if they won't allow emails to come in from overseas automatically.
Thanks for the tip. I have downloaded Mailwasher, and will give it a try over time to see if it lowers my spam count. My wife is the one who really needs it. Poor dear somehow got on the "bad list" and is getting 3-4 hundred spam a day. Her email address is known to our students and advertised throughout the US and Europe, so we will try to fix it before giving it up.
Best wishes,
Teacher49
xyzzy
Dec 26, 04, 12:12 pm
If you're saying that they disallow a foreign From: address for mail sent from within their network, that's probably a good idea, too; most spamming trojans attempt to disguise themselves by spoofing that.
Use the Reply-to: address field if you want replies sent to an alternate domain.This was a couple of years ago, before SPAM got completely out of hand. It essentially made working from home impossible. You had to either tunnel your SMTP traffic to the office (easy for me but not for everyone) or use an obviously non-work email address as the From: address. Of course you could also buy higher-priced business services from Verizon that would allow you to do what you wanted. The policy had everything to do with revenue enhancement and nothing to do with network protection.
agrater
Dec 26, 04, 12:40 pm
What usually happens is that when you sign up you agree to the TOS. The TOS will include some legal mumbo-jumbo that says you also agree to any future change in the TOS. In other words, you unilaterally agree to anything except maybe your first-born child (second-born is usually OK, though).
cordelli
Dec 26, 04, 1:04 pm
One of the PC magazines recommended the anti spam system at Couldmark.com, the cloudmark safety bar last month. I'm in day 28 of a thirty day free trial, its' the first system that I've tried that I'll actually pay to use once the free trial is up. Doesn't catch all of it, but it does something no other system I've tried has done, every thing it catches (and it's catching like 85 to 90% of it now) is spam, it hasn't caught a single legitimate e-mail after it's first two or three days of training.
SBC, my ISP, one day decided that anything coming from Namesecure, a domain registrar, including any mail forwarded by them, was spam. I fought with them for weeks, Namesecure fought with them for weeks, and they refused to allow any of the mail through. The issue, for me, was that's where cordelli.com is located, so any mails sent to cordelli.com were sent to my sbc box from namesecure. They wouldn't back down, because some people were using namesecure to send spam.
My alternative was to get another mailbox from there. Any ISP will make a decision as they see fit, without warning, blocking something because somebody feels it's for the "good" of everybody. SCB could just as easily have blocked only the offending people, but they were way too lazy to do that, they just shut it all down.
Everybody needs to have a backup plan in place, because sooner or later, it will happen to you too, your ISP will just feel someplace that sends you mail all the time is not somebody they want to let through anymore.
KosraeTV
Dec 26, 04, 4:02 pm
I have downloaded Mailwasher, and will give it a try over time to see if it lowers my spam count.
Well, play with it, Mailwasher you teach, you mark the emails as blacklist or friend, it can learn itself but I was kind of like you and like to review email headers as I just am not sure due to my work. So you can review the headers and some of the email but it won't download off the server, then mark the email as blacklist so it will always be blacklisted or friend (so it is always allowed through). You can then process the mail so all blacklisted emails are deleted automatically or upon command (I use by command usually but they can do it automatically). The blacklisted emails can be bounced back to the sender so your sending the email back to them as invalid email address and hopefully they'll take you off their email hit list after some attempts. Generally it works for me. I think I've built up a list of over 10,000 blacklisted email addresses.
I hope it works for you or if it doesn't I hope you find something that does.
xyzzy
Dec 26, 04, 6:03 pm
I think I've built up a list of over 10,000 blacklisted email addresses.I'm not sure how this works in the package you are using, but lots of spam and virus laden mail I've seen lately has the return email address of innocent people. Thus, blacklisting all addresses that show up in the From: line might not be such a good idea...
KosraeTV
Dec 26, 04, 9:51 pm
but lots of spam and virus laden mail I've seen lately has the return email address of innocent people
Yup, exactly why I like to review the headers before I manually process (delete and bounce back) the emails off my ISP server and one reason why I don't trust automatic spam deletion software. ;)
LIH Prem
Dec 27, 04, 4:55 am
fyi ..
http://www.theinquirer.net/?article=20396
(yes, it was me.)
-David
lili
Dec 27, 04, 9:37 pm
fyi ..
http://www.theinquirer.net/?article=20396
(yes, it was me.)
-David
If that's your day job, try learning the sax. :)
LIH Prem
Dec 28, 04, 5:05 am
Not even close :)
-David
WatcomGuru
Dec 29, 04, 1:57 pm
[QUOTE=HeHateY]If you have Verizon as your ISP (even if your address is not "@verizon.net") you are not receiving any e-mail that is sent from outside the USA.
No I confirm this. Verizon, TTBOMK, have been blocking email (perhaps just residential??) since 8th December. I have a friend who is a Verizon subscriber and since that time, all email to her "time out" on trying to access relay.verizon.net. This is emailing from UK to the USA.
See threads
Dec 28th : "relay.verizon.net: Anyone know if they filter specific IP addresses?"
http://groups-beta.google.com/group/news.admin.net-abuse.email/browse_frm/thread/2a587736bd2902df/b53526c8fe0fdbb8
Dec 21st "OT: Is verizon blocking european netblocks?"
http://groups-beta.google.com/group/mailing.postfix.users/browse_frm/thread/8b6e5be835d93485/68e23947ad0c74c8
Dec 15th "relay.verizon.net"
http://groups-beta.google.com/group/uk.net.providers.aaisp/browse_frm/thread/9b854422cb5ac9b8/828e429cd94849de
Dec 14th "Can not forward to verizon.net- DCOM error"
http://groups-beta.google.com/group/microsoft.public.exchange.misc/browse_frm/thread/b743138cdfac4308/b2f7460edef494fe
Dec 14th "Mail problems sending to Verizon"
http://groups-beta.google.com/group/demon.service/browse_frm/thread/10720c8c9f778606/
8f57bf982d1933ba
Dec 14th "relay.verizon.net was Re: Email Problem"
http://groups-beta.google.com/group/uk.net.providers.aaisp/browse_frm/thread/68bf4c2f2e1514fd/5adac1fbb7795fe9
Dec 11th "No Verizon email, not bouncing back"
http://groups-beta.google.com/group/comp.dcom.xdsl/browse_frm/thread/988fa1e47fa36fe8/af44090bf3a0ffda
Dec 8th "Verizon.net and 421 errors"
http://groups-beta.google.com/group/mailing.postfix.users/browse_frm/thread/d2eda392050bf69a/fb452ba3f20acde3
Watcom Guru
stimpy
Dec 30, 04, 5:49 am
Sorry Watcom, but that is just a long list of urban legend. My residential Verizon email account still receives foreign email just fine. If you have a Verizon account, email it to me and I will reply from my French ISP account so you can see for yourself.
xyzzy
Dec 30, 04, 1:52 pm
Sorry Watcom, but that is just a long list of urban legend. My residential Verizon email account still receives foreign email just fine. If you have a Verizon account, email it to me and I will reply from my French ISP account so you can see for yourself.Perhaps your French ISP has been unblocked by Verizon. Do you think the plethora of compaints about this are all urban legends?
stimpy
Dec 30, 04, 3:58 pm
Perhaps your French ISP has been unblocked by Verizon. Do you think the plethora of compaints about this are all urban legends?
Yes I do for two reasons. One, as I said a few times earlier on this thread I get email from all over the world from international corporations and institutions. Not just my French ISP. And two, some people just freak out when their email doesn't go through and they think the world is coming to an end. If you debug the problem you will likely see a very good reason for why your email didn't go through.
And my French ISP wasn't unblocked by Verizon. It was never blocked in the first place since they are a well run ISP that takes reasonable steps to prevent spammers on their network. Perhaps some of the ISP's that may be getting blocked by Verizon probably haven't chosen to take these steps to prevent spammers?
xyzzy
Dec 30, 04, 7:08 pm
Points taken!
I know from firsthand experience how most people have NO CLUE how/why mail bounces, etc.
HeHateY
Jan 2, 05, 12:28 am
Sorry Watcom, but that is just a long list of urban legend. My residential Verizon email account still receives foreign email just fine. If you have a Verizon account, email it to me and I will reply from my French ISP account so you can see for yourself.
Great, so they are letting e-mail from France come in, ergo I am making this up.
Then how come I am not getting e-mails from the UK and Scandinavia??
And how are we able to find all these references to the problem??
stimpy
Jan 2, 05, 1:25 am
Like I said above, send me your Verizon email account and I will send you foreign email so you can see that it works fine. There are plenty of Flyertalkers from outside the US who can do the same. As long as the mail comes from a reputable source that doesn't forward a ton of spam to Verizon, it will work fine.
What is the name of the source domains in the UK and Scandinavia that have problems sending to you? Tell us and maybe we can help you debug the problem.
KosraeTV
Jan 2, 05, 1:42 am
There are plenty of Flyertalkers from outside the US who can do the same.
I'll volunteer, PM me and I'll email you. Personally I think Verizon is blocking a good number of ISP's out there but not all. Just like other services, Verizon will block foreign ISP's if they see a high level of potential spam traffic or problems. Even AOL has blocked my foreign ISP before, as has Verizon, as has many others. It's not uncommon.
stimpy
Jan 2, 05, 2:09 am
KosraeTV, I got your Pac Rim email just fine at my Verizon account. Thanks.
KosraeTV
Jan 2, 05, 2:17 am
KosraeTV, I got your Pac Rim email just fine at my Verizon account. Thanks.
So, Verizon is not blocking all foreign ISP addresses. French and Pacific Rim work. And I'm using one of the most problematic Pacific Rim ISP's out there.
HeHateY
Jan 3, 05, 12:56 am
What is the name of the source domains in the UK and Scandinavia that have problems sending to you? Tell us and maybe we can help you debug the problem.
mail.tele.dk (the ISP of TDC, TeleDanmark, i.e the old Danish Telephone Molopoly) is one that people were sending e-mail to me from, but was not getting through Verizon's brilliant "filter".
But never mind. I am switched over to Comcast now.
scruffy
Jan 3, 05, 4:17 am
The answer to Verizon's mail blocking?
http://www.theinquirer.net/?article=20474
Like I said above, send me your Verizon email account and I will send you foreign email so you can see that it works fine. There are plenty of Flyertalkers from outside the US who can do the same. As long as the mail comes from a reputable source that doesn't forward a ton of spam to Verizon, it will work fine.
What is the name of the source domains in the UK and Scandinavia that have problems sending to you? Tell us and maybe we can help you debug the problem.
Sorry Stimpy - this is complete rubbish. I run my own mailservers. I run some of the strongest spam filtering available on my servers. I have worked professionally in internet security for about ten years. In the past I was the product manager for the UK's third largest ISP and subsequently their senior technical consultant for special projects. I've set up mail servers for major international manufacturers, banks, software houses and stockbrokers.
None of the servers I run are open relays. None of the servers I run have ever sent a single spam email. None of the servers I run nor the domains they run are blacklisted anywhere nor have they ever been.
I am still unable to send email to Verizon subscribers. Take a look at my headers in this bounce message from last night.
The problem;
Received: from localhost (localhost)
by espresso.coffee.co.uk (8.12.11/8.12.11) id j0KL90RZ002948;
Thu, 20 Jan 2005 21:09:12 GMT
Date: Thu, 20 Jan 2005 21:09:12 GMT
From: Mail Delivery Subsystem <MAILER-DAEMON>
Message-Id: <200501202109.j0KL90RZ002948@espresso.coffee.co.uk>
To: <sarah@coffee.co.uk>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="j0KL90RZ002948.1106255352/espresso.coffee.co.uk"
Subject: Warning: could not send message for past 4 hours
Auto-Submitted: auto-generated (warning-timeout)
Content-Length: 2412
This is a MIME-encapsulated message
--j0KL90RZ002948.1106255352/espresso.coffee.co.uk
**********************************************
** THIS IS A WARNING MESSAGE ONLY **
** YOU DO NOT NEED TO RESEND YOUR MESSAGE **
**********************************************
The original message was received at Thu, 20 Jan 2005 17:08:30 GMT
from espresso [192.168.0.10]
----- Transcript of session follows -----
... while talking to relay.verizon.net.:
<<< 421 SMTP service not available, closing transmission channel
<XXXXX@verizon.net>... Deferred: 421 SMTP service not available, closing
transmission channel
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old
Reporting-MTA: dns; espresso.coffee.co.uk
Arrival-Date: Thu, 20 Jan 2005 17:08:30 GMT
Final-Recipient: RFC822; XXXXX@verizon.net
Action: delayed
Status: 4.5.0
Diagnostic-Code: SMTP;
Last-Attempt-Date: Thu, 20 Jan 2005 21:09:12 GMT
Will-Retry-Until: Tue, 25 Jan 2005 17:08:30 GMT
My network setup;
espresso.coffee.co.uk is a Sun SPARC running Sendmail using nine DNSBLs and one RHSBL. It will only relay from localhost.
filter.coffee.co.uk (81.168.81.70) is a standalone enterprise grade firewall (but for security reasons I'm not going to tell you what it is) that provides both outbound and inbound SMTP proxying and NAT for the two mail servers I run on site.
The mail servers are visible externally as espresso.coffee.co.uk (81.168.81.66) and santos.coffee.co.uk (81.168.81.67)
espresso.coffee.co.uk runs on a reserved IP address of 192.168.0.10 and santos.coffee.co.uk runs on a reserved IP address of 192.168.0.20
I can send email from a number of domains including .com, .org and .co.uk but they are all rejected by relay.verizon.net
So Stimpy, it's time to put your money where your mouth is. Can you tell me why I am not a reputable source and can you debug my problem?
Note to mods; I am perfectly happy for my email address to appear in this posting - I don't have a spam problem and it might help Stimpy to debug my problem.
stimpy
Jan 21, 05, 10:12 am
Sarah,
I privately asked you to send me a test message to my Verizon account to see if you get the same result.
Tell me what you see for the Verizon MX record? What is the IP address? Have you tried telnetting to it to see what you get?
SarahWest
Jan 21, 05, 10:40 am
Stimpy, here goes;
espresso:~$ dig verizon.net mx
; <<>> DiG 8.4 <<>> verizon.net mx
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
;; QUERY SECTION:
;; verizon.net, type = MX, class = IN
;; ANSWER SECTION:
verizon.net. 39m37s IN MX 0 relay.verizon.net.
;; AUTHORITY SECTION:
verizon.net. 39m36s IN NS ns4.verizon.net.
verizon.net. 39m36s IN NS ns1.bellatlantic.net.
verizon.net. 39m36s IN NS ns2.verizon.net.
verizon.net. 39m36s IN NS ns2.bellatlantic.net.
;; ADDITIONAL SECTION:
relay.verizon.net. 14m33s IN A 206.46.170.12
ns4.verizon.net. 8h58m22s IN A 151.203.0.87
ns1.bellatlantic.net. 8h58m22s IN A 199.45.32.40
ns2.verizon.net. 8h58m22s IN A 151.203.0.86
ns2.bellatlantic.net. 8h58m22s IN A 199.45.32.41
;; Total query time: 31 msec
;; FROM: espresso to SERVER: 192.168.0.10
;; WHEN: Fri Jan 21 16:28:54 2005
;; MSG SIZE sent: 29 rcvd: 216
I get exactly the same result when I run the query from a shell account in the USA.
From the UK;
espresso:~$ telnet relay.verizon.net 25
Trying 206.46.170.12...
Connected to relay.verizon.net.
Escape character is '^]'.
421 SMTP service not available, closing transmission channel
Connection closed by foreign host.
From the USA;
bash$ telnet relay.verizon.net 25
Trying 206.46.170.12...
Connected to relay.verizon.net.
Escape character is '^]'.
220 sc014pub.verizon.net MailPass SMTP server v1.1.1 - 121803235448JY ready Fri,
21 Jan 2005 10:32:03 -0600
421 sc014pub.verizon.net terminating connection
Connection closed by foreign host.
Pretty conclusive blocking I'd say.
I'd love to say "you've got mail" in that annoying voice but so far it doesn't look promising. This is what syslog threw out;
For the record I'm sending email from sarah@coffee.co.uk from a valid MX host for coffee.co.uk.
stimpy
Jan 21, 05, 3:01 pm
Yep that looks fairly conclusive for your IP address at that particular time. Here is a sample from my French ISP to my Verizon account...
Return-Path: <xxxx@wanadoo.fr>
Received: from smtp1.wanadoo.fr ([206.46.170.121]) by mta016.verizon.net
(InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
id <20050121204639.XHGX21331.mta016.verizon.net@smtp1. wanadoo.fr>
for <xxxx@verizon.net>; Fri, 21 Jan 2005 14:46:39 -0600
Received: from smtp1.wanadoo.fr (193.252.22.30) by sc003pub.verizon.net (MailPass SMTP server v1.1.1 - 121803235448JY) with ESMTP id <2-25697-23-25697-4516-1-1106340397> for mta016.verizon.net; Fri, 21 Jan 2005 14:46:39 -0600
Received: from me-wanadoo.net (localhost [127.0.0.1])
by mwinf0109.wanadoo.fr (SMTP Server) with ESMTP id 5702B1C00209
for <xxx@verizon.net>; Fri, 21 Jan 2005 21:46:37 +0100 (CET)
Received: from wwinf0102 (wwinf0102 [172.22.132.29])
by mwinf0109.wanadoo.fr (SMTP Server) with ESMTP id 548C41C001FD
for <xxxx@verizon.net>; Fri, 21 Jan 2005 21:46:37 +0100 (CET)
X-ME-UUID: 20050121204637346.548C41C001FD@mwinf0109.wanadoo.f r
Message-ID: <32598820.1106340397330.JavaMail.www@wwinf0102>
From: xxxx <xxxx@wanadoo.fr>
Reply-To: xxxx@wanadoo.fr
To: xxxx@verizon.net
Subject: test
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Originating-IP: [208.179.69.254]
X-WUM-FROM: |~|
X-WUM-TO: |~|
X-WUM-REPLYTO: |~|
Date: Fri, 21 Jan 2005 21:46:37 +0100 (CET)
I'm not sure what the X-WUM's are, but this is pretty conclusive evidence that Verizon is accepting email from this French ISP. I wonder if it is a British thing since so many of the reports came from Britian? I tested France and Micronesia successfully so far. Sarah was the first to have a problem sending to me. If anyone has any other non US accounts that want to test, let me know via PM.
stimpy
Jan 21, 05, 3:14 pm
I just looked in my trash file and found a some emails from the UK. So some UK mail is making it through to Verizon. I guess you need to try to contact Verizon to see why they are blocking you. I'm am sure that is easier said than done!
Here is some spam from the UK
Return-Path: <mgtc@runshaw-stud.co.uk>
Received: from runshaw-stud.co.uk ([206.46.170.121]) by mta005.verizon.net
(InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
id <20050121125607.WMOE23113.mta005.verizon.net@runsha w-stud.co.uk>
for <xxxx@verizon.net>; Fri, 21 Jan 2005 06:56:07 -0600
Received: from runshaw-stud.co.uk (200.30.245.221) by sc008pub.verizon.net (MailPass SMTP server v1.1.1 - 121803235448JY) with SMTP id <4-31402-159-31402-143206-1-1106312164> for mta005.verizon.net; Fri, 21 Jan 2005 06:56:07 -0600
Message-ID: <f2f201c4ffb8$6c3f5345$f9d533ab@mIyuQxWD>
From: "Someone You Want"
Date: Fri, 21 Jan 2005 06:56:08 -0600
And here is some legit mail from the UK, from someone who is an NTL subscriber...
Return-Path: <xxxx@visiongaingroup.com>
Received: from visiongaingroup.com ([192.168.1.2]) by mta020.verizon.net
(InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
id <20041118153731.GOXX26571.mta020.verizon.net@vision gaingroup.com>
for <xxxx@verizon.net>; Thu, 18 Nov 2004 09:37:31 -0600
Received: from visiongaingroup.com (202.70.193.69) by sc015pub.verizon.net (MailPass SMTP server v1.1.1 - 121803235448JY) with ESMTP id <3-997-204-997-135276-1-1100792244> for mta020.verizon.net; Thu, 18 Nov 2004 09:37:32 -0600
Received: from IBMCA8D325E423 [80.168.243.66] by visiongaingroup.com with ESMTP
(SMTPD32-8.05) id A97622401A6; Thu, 18 Nov 2004 19:23:58 +0530
Reply-To: <xxxx@visiongaingroup.com>
From: "xxxx" <xxxx@visiongaingroup.com>
To: <xxxx@visiongaingroup.com>
Subject: Wireless Services in Iraq
Date: Thu, 18 Nov 2004 13:47:21 -0000
Message-ID: <001201c4cd75$24fa55f0$7b10a8c0@visiongain.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
I also get email from Concorde-Hotels.com which is a Colt customer in France.
stimpy
Jan 21, 05, 3:17 pm
Poking around more in my trash bin I see lots of other spam that originated in the UK, but were forwarded via other US servers. In fact, pretty much all the non-US spam I am getting now is coming from the UK. Maybe that is why Verizon is blocking some of the UK sites. But if they leave NTL open....???
SarahWest
Jan 24, 05, 5:55 am
<long boring geeky post>
Nice try Stimpy but you've fallen at the first hurdle with both emails you've posted. Let's start by looking at the one you claim came to you from NTL.
The email originated from a PC (possibly an IBM) with an IP address of 80.168.243.66. We can tell this from the line in the headers;
Received: from IBMCA8D325E423 [80.168.243.66] by visiongaingroup.com with SMTP
(SMTPD32-8.05) id A97622401A6; Thu, 18 Nov 2004 19:23:58 +0530
We can perform a WHOIS query on the IP address to find out where it belongs;
espresso:~$ whois -h whois.ripe.net 80.168.243.66
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
This tells us that the ISP is not NTL but Claranet and the IP address belongs to a subnet that is allocated to Visiongain for a routed connection which means it's probably a leased line rather than ADSL (although that's not always the case)
So where did the email go from here? Well, looking further up the headers we see it was received by visiongaingroup.com (202.70.193.69) which is the Visiongain corporate email server. This is confirmed by doing an MX query (this asks which mailsever handles email for a particular domain) against the nameservers which gives;
espresso:~$ dig visiongaingroup.com mx
; <<>> DiG 8.4 <<>> visiongaingroup.com mx
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2180
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; QUERY SECTION:
;; visiongaingroup.com, type = MX, class = IN
;; ANSWER SECTION:
visiongaingroup.com. 1H IN MX 10 mail.visiongaingroup.com.
visiongaingroup.com. 1H IN MX 10 202.70.193.69.
OK, this mail server then passes the email onto the first of two Verizon mail servers. The question you now have to ask is whether the mailserver for Visiongain.com is in the UK.
We check this by doing a WHOIS query of the IP address and even before I do this just by looking at the number I can tell it's an Asia Pacific address. It actually turns out to be in India (belonging to India Online in fact);
person: Dhananjay Singh Thakur
nic-hdl: DT136-AP
e-mail: dhananjay@iolnetwork.com
address: IOL Broadband Limited,
address: AB-01, Neelam Centre,
address: Hind Cycle Road, WORLI,
address: MUMBAI--400025, INDIA
phone: +91-22-56319400
fax-no: +91-22-56319401
country: IN
changed: sanjay@iolnetwork.com 20031212
mnt-by: MAINT-IN-IOL
source: APNIC
So, we now know that although the email originated in the UK, it wasn't from an NTL subscriber and it wasn't received by Verizon.net from a UK mailserver but one based in India. If Verizon.net was blocking UK emails this one would get round the block by using a mailserver in India which appears not to be locked.
Now we've cleared that up let's look at the spam you think you received from the UK.
Again we need to look at headers carefully and understand how folks can try to make them mislead us.
The first IP address we see in the headers is 200.30.245.221. This IP address claims to be runshaw-stud.co.uk but that's a bit strange as the IP address originates in South America. We can do two things to confirm that something is amiss here. The first is simply do a WHOIS lookup of the IP address which gives;
% Copyright LACNIC lacnic.net
% The data below is provided for information purposes
% and to assist persons in obtaining information about or
% related to AS and IP numbers registrations
% By submitting a whois query, you agree to use this data
% only for lawful purposes.
% 2005-01-24 09:24:31 (BRST -02:00)
So the IP address is actually in Santiago, Chile. So where does the runshaw-stud.co.uk bit come from? It is conceivable that it could be a British company operating in Chile but let's find out what the WHOIS records for runshaw-stud.co.uk show;
Relevant Dates:
Registered on: 09-Aug-2000
Renewal Date: 09-Aug-2006
Last updated: 10-Aug-2004
Registration Status:
Registered until renewal date.
Name servers listed in order:
ns0.phase8.net 212.84.175.69
ns1.phase8.net 212.84.175.68
ns2.phase8.net 80.253.126.16
WHOIS database last updated at 11:25:01 24-Jan-2005
--
(c) Nominet UK 1996 - 2005
For further information and terms of use please see http://www.nic.uk/whois
Nominet reserves the right to withhold access to this service at any time.
Now that doesn't look very Chilean to me so let's see if there is a slight chance that the email server for runshaw-stud.co.uk is based in Chile. Again, it's back to our old friend Dig to query the nameservers;
espresso:richard/etc/mail$ dig runshaw-stud.co.uk mx
; <<>> DiG 8.4 <<>> runshaw-stud.co.uk mx
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28023
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3
;; QUERY SECTION:
;; runshaw-stud.co.uk, type = MX, class = IN
;; ANSWER SECTION:
runshaw-stud.co.uk. 1D IN MX 30 fwd2.hosts.co.uk.
runshaw-stud.co.uk. 1D IN MX 30 fwd1.hosts.co.uk.
;; AUTHORITY SECTION:
runshaw-stud.co.uk. 1D IN NS ns0.phase8.net.
runshaw-stud.co.uk. 1D IN NS ns1.phase8.net.
runshaw-stud.co.uk. 1D IN NS ns2.phase8.net.
;; ADDITIONAL SECTION:
ns0.phase8.net. 1d23h59m55s IN A 212.84.175.69
ns1.phase8.net. 1d23h59m55s IN A 212.84.175.68
ns2.phase8.net. 1d23h59m55s IN A 80.253.126.16
;; Total query time: 5086 msec
;; FROM: espresso to SERVER: 192.168.0.10
;; WHEN: Mon Jan 24 11:31:05 2005
;; MSG SIZE sent: 36 rcvd: 214
We need to do a bit more work here to work out the IP addresses of the two mailservers which handle email for runshaw-stud.co.uk. Their hostnames are listed as fwd1.hosts.co.uk and fwd2.hosts.co.uk
Using Dig to look up the IP addresses for these two hostnames we find that fwd1.hosts.co.uk is 212.84.175.148 and fwd2.hosts.co.uk is 212.84.175.146. Now there are reasons that this worries me but it has nothing to do with the legitimacy of the servers. We can immediately see that 212.84.175.148 and 212.84.175.146 are nowhere near the address in the email header of 200.30.245.221 so what is that IP address?
Back to the DNS tools and we do a host lookup which shows that the IP address has a hostname of pc-30-245-221.la-reina.pc.metropolis-inter.com. La Reina is a town in Chile and the fact that the hostname includes the word "PC" suggests strongly that it's a dial-up connection.
So the email came from a dial-up pc in La Reina, Chile. Not exactly from the UK. We still have to work out how the runshaw-stud.co.uk bit got there.
To do that you have to understand how email servers work. It's often a wise precaution to set your email server to reject incoming email that claims to be from a non-existent domain. Spammers therefore use legitimate domains belonging to other people to trick email servers into accepting their spams. The domain works its way into the headers because of another thing that mail exchange systems do. If your PC is networked (and it needs to be to send email) it will have a network name. This network name may only be relevant locally as far as you are concerned but when you send an email from your PC that network name is sent in the headers of the email. If you tweak your network name to be runshaw-stud.co.uk then you can appear to send email from runshaw-stud.co.uk. Often this trick is foiled because the receiving mail server tries to look for the public regustered hostname for the IP address of the remote machine and if it finds it, it includes that in the headers. Had Verizon's mail server done this the header you would have seen would have said;
Received: from runshaw-stud.co.uk (pc-30-245-221.la-reina.pc.metropolis-inter.com [206.46.170.121]) by sc008pub.verizon.net
That might have given you some warning that the address was faked. Basically ignore any hostname or domain outside the () brackets.
So you can get email from France but us Brits are still out in the cold (and not responsible for your spam either!)
If you want to go poking around to find out where an email really came from you can check IP addresses at http://www.samspade.org
</long boring geeky post>
stimpy
Jan 24, 05, 12:35 pm
Sarah,
I don't have time to go through your message right now (day job and all), but I recall I did a quick traceroute to the IP address source of the visiongain email and it was NTL. It looks like you did a lot of work. I will try to poke through it when I get a chance.
But don't get hung up on DNS as it is inheirently unsecure and abused. Stick to the IP addresses.
SarahWest
Jan 24, 05, 5:51 pm
Sarah,
I don't have time to go through your message right now (day job and all), but I recall I did a quick traceroute to the IP address source of the visiongain email and it was NTL. It looks like you did a lot of work. I will try to poke through it when I get a chance.
But don't get hung up on DNS as it is inheirently unsecure and abused. Stick to the IP addresses.
Stimpy, I think you've just shot yourself in the foot and I don't think you're doing yourself any favours. If you used traceroute you were relying entirely on DNS information to give you a host lookup for every host on the route to the destination. However, DNS is not inherently insecure as you state and without it the internet wouldn't work. I'm not at all sure that you understand the way the internet works quite as well as you think you do.
When you read my post you'll see that I take the IP addresses and do a WHOIS query. This isn't DNS but a separate system. It is a much more powerful (and accurate) tool than simply using traceroute (which I have to say is the amateur sleuth method). The netblock that contains the Visiongain originating IP address has belonged to Claranet at least since April 2003 and probably longer so there's no way you should have come up with NTL. I've just done a traceroute to that IP address from a host in the USA and the route goes nowhere near NTL. I know for a fact that Claranet doesn't rely on NTL connectivity either.
SarahWest
Jan 24, 05, 5:59 pm
OK Stimpy, if you wish to redeem yourself, take a look at the headers below in a spam I received moments ago;
Received: from c-67-184-203-205.client.comcast.net
(c-67-184-203-205.client.comcast.net [67.184.203.205])
by espresso.coffee.co.uk (8.12.11/8.12.11) with SMTP id j0ONmGJq012853
for <hostmaster@coffee.co.uk>; Mon, 24 Jan 2005 23:48:26 GMT
X-Message-Info: GH910upcNI826SIJo675rixPfY8dakOU05gfEroqZ297
Received: from dns7westvalley.edu ([242.96.222.160]) by
49wi-fh49.PAZOTMTAHKKLSK@stegmuehlhof.com with Microsoft
SMTPSVC(5.0.2064.8904);
Mon, 24 Jan 2005 17:44:53 -0600
Message-ID: <556930338404.79348@PAZOTMTAHKKLSK@stegmuehlhof.com>
Reply-To: "Milo Barnett" <PAZOTMTAHKKLSK@stegmuehlhof.com>
From: "Milo Barnett" <PAZOTMTAHKKLSK@stegmuehlhof.com>
To: "Hostmaster" <hostmaster@coffee.co.uk>
Subject: lowest prices on your medications Avery
Date: Mon, 24 Jan 2005 17:44:53 -0600
MIME-Version: 1.0 (produced by arizona 56.23)
Content-Type: multipart/alternative;
boundary="--12728757886035385"
Content-Length: 1346
The question for you to answer is to whom did I submit an abuse report and why?
stimpy
Jan 24, 05, 6:00 pm
Um Sarah, you have completely shot yourself in the foot. Maybe read Internet for Dummies? Traceroute does NOT, I repeat NOT have the slightest thing to do with DNS. It uses ICMP. Please go read some of the relevant IETF RFC's. You may even find my name as the author of them.
Then go read the DNS Security RFC's. Then go learn a thing or two about WHOIS. Then come back and criticize. Honestly, why would you use DIG to find out who sent you an email? There is no direct relation!
stimpy
Jan 24, 05, 6:12 pm
After taking a chill pill, I'll add I don't quite understand the hostility here. I'm trying to help in my very limited spare time. Obviously Verizon is NOT blocking all foreign email. I hope we have put that to bed. Maybe we can help figure out why some British sites are having problems. But tone down the attitude, eh?
If you have all the free time in the world, then come up with an answer to your problem.
KVS
Jan 24, 05, 6:47 pm
And here is some legit mail from the UK, from someone who is an NTL subscriber...
[..]
Received: from visiongaingroup.com (202.70.193.69) by sc015pub.verizon.net (MailPass SMTP server v1.1.1 - 121803235448JY) with ESMTP id <3-997-204-997-135276-1-1100792244> for mta020.verizon.net; Thu, 18 Nov 2004 09:37:32 -0600All that Verizon's incoming SMTP server (mta020.verizon.net) cares about is the identity of the relay server that connects to it. In your example of a "mail from the UK", the IP address of the server that connects to Verizon's SMTP server is [202.70.193.69] and that address is a part of a block (202.70.192.0 - 202.70.207.255) that belongs to an ISP in Mumbai (India) called "India Online Network Ltd."
KVS
Jan 24, 05, 6:56 pm
Here is some spam from the UK
[..]
Received: from runshaw-stud.co.uk (200.30.245.221]) by sc008pub.verizon.net (MailPass SMTP server v1.1.1 - 121803235448JY) with SMTP id <4-31402-159-31402-143206-1-1106312164> for mta005.verizon.net; Fri, 21 Jan 2005 06:56:07 -0600
As for "some spam from the UK", it is actually some spam from an SMTP server [200.30.245.221] in Chile...
SarahWest
Jan 24, 05, 7:05 pm
As for "some spam from the UK", it is actually some spam from an SMTP server [200.30.245.221] in Uruguay...
Chile, dear, Chile. Not Uruguay.
KVS
Jan 24, 05, 7:12 pm
Chile, dear, Chile. Not Uruguay.Oops, used the wrong WHOIS server :), Chile it is...
SarahWest
Jan 24, 05, 7:12 pm
Um Sarah, you have completely shot yourself in the foot. Maybe read Internet for Dummies? Traceroute does NOT, I repeat NOT have the slightest thing to do with DNS. It uses ICMP. Please go read some of the relevant IETF RFC's. You may even find my name as the author of them.
Then go read the DNS Security RFC's. Then go learn a thing or two about WHOIS. Then come back and criticize. Honestly, why would you use DIG to find out who sent you an email? There is no direct relation!
Actually Stimpy, although traceroute uses ICMP as a protocol, your host PC doing the traceroute does a reverse DNS lookup to determine the hostname for each IP address returned in the route. On a Windoze box you can disable host DNS lookups by doing "tracert -d".
When you see a list of hostnames in a traceroute these hostnames come entirely from DNS queries (sent using TCP or UDP and not ICMP)
Stimpy, you've already proved in public that you can't work out where an email is coming from. Neither of the two emails you gave as an example came from a UK mail server and one never went anywhere near the UK. When trying to work out where an email actually came from you need to use a whole host of tools including WHOIS and a DNS query tool. The DNS query tool I choose to use is Dig. It allows me to check which the correct MX server for a domain is. You really don't need traceroute.
If you can find a single hole in my analysis of your two emails please post it here. Please could you give me references to the RFCs you have written? Being an author of an IETF RFC doesn't necessarily mean that you are an expert on Internet Protocols. Just look at my favourites, RFCs 2324 and 2325 for example - http://www.ietf.org/rfc/rfc2324.txt?number=2324 http://www.ietf.org/rfc/rfc2325.txt?number=2325
So far you've stated that Verizon is not blocking email from servers overseas. That is incorrect. Many servers in the UK at least are blocked from sending email to Verizon.net.
You've stated that only servers which send a lot of spam to Verizon are blocked. That too is incorrect.
You've stated you have received spam from the UK. That is incorrect - at least in the example you have given us.
You have shown us an email which you say came from NTL. That is incorrect.
You've stated that traceroute clients don't use DNS. That is incorrect.
Are you surprised that folks may be a bit sceptical about your expertise? Perhaps you need to consider the possibility that some of the folks who have posted on this thread might actually know what they're talking about.
stimpy
Jan 24, 05, 10:01 pm
Actually Stimpy, although traceroute uses ICMP as a protocol, your host PC doing the traceroute does a reverse DNS lookup to determine the hostname for each IP address returned in the route. On a Windoze box you can disable host DNS lookups by doing "tracert -d".
That is a tool which combines traceroute with a DNS lookup. Don't worry, lots of newbies combine the two without realizing they are separate functions. Have you looked up DNSSEC yet? Do you understand the concept of DNS security and why it is needed and why you are completely wrong about relying on DNS?
Your basic problem is you are relying too much on human data (DNS, Whois, etc) that can be faked. And not enough on true IP addresses which if you look at the route tables cannot be faked. This again is a newbie error. You'll get there someday if you put in a few more years on the net.
And actually, the spam I was referring to does come from the UK. It is coming to Verizon out of a server elsewhere, but the true source of a lot of these is the UK. That is yet another newbie error. Not conceiving of the whole architectural capabilities of the Internet.
I took a few minutes to try and post some real data. I guess I should have put more time in if I knew how awful you would be about this. So do you get it now? Do you still think that Verizon is blocking all foreign email? Exactly how many times are you going to ignore my example of a successful email from France and the other posters successful email from Micronesia? Not to mention the UK email I got which entered Verizon from India?
KVS
Jan 24, 05, 10:21 pm
It is coming to Verizon out of a server elsewhere, but the true source of a lot of these is the UK.What difference does the "true source" of the e-mail make?! This thread is about Verizon blocking incoming e-mail. Verizon is blocking incoming e-mail based on the identity of the the mail server, not the location of the system that originated that message.
relying too much on human data (DNS, Whois, etc) that can be faked.How exactly is this relevant to the topic of this thread? For the purposes of tracing the source/path of the e-mails in question, these tools are more than adequate -- if you really beleive that any of the DNS/WHOIS records referred to here were incorrect, please post your evidence.
stimpy
Jan 25, 05, 12:21 am
What difference does the "true source" of the e-mail make?! This thread is about Verizon blocking incoming e-mail. Verizon is blocking incoming e-mail based on the identity of the the mail server, not the location of the system that originated that message.
How exactly is this relevant to the topic of this thread? For the purposes of tracing the source/path of the e-mails in question, these tools are more than adequate -- if you really beleive that any of the DNS/WHOIS records referred to here were incorrect, please post your evidence.
I was referring to your and others posts saying the spam did not originate in the UK. I beleive it did. But yes that is a side-track. However your post has little to do with the thread. I set out to prove that Verizon is not blocking all international email. I think I have done that many times over now. I believe that VZ is blocking only from sites that have sent spam to them in the past. If you don't understand that DNS can be faked, then you don't really understand how DNS works. I gave an authoritative reference to the subject if you care to read it. If you don't understand DNS and you are running a mail server, then VZ is probably correct to block your server from accessing their customers.
SarahWest
Jan 25, 05, 6:00 am
Stimpy,
I feel like I've just been savaged by a dead sheep (did you write the RFC for that by any chance?). The standard traceroute included with Solaris, Linux, FreeBSD, Mac OS and almost every other operating system does a host lookup by default.
You stated you used traceroute to establish that the email came from NTL but how are you going to determine that from the IP address returned by the ICMP echo without resorting to doing a DNS or WHOIS lookup of the IP address? Do you gaze into a crystal ball and magically determine the exact location of an IP address? Do you hold a crystal on a piece of string over a map of the world until it (or you) gets very excited? Do you disembowel a chicken and read the entrails or do you levitate cross-legged reciting some obscure incantation until it becomes obvious to you where the IP address is from?
You have to be careful about dismissing human generated data because all IP address allocations are done by humans - even dynamic IP addresses because a human determines which IP addresses within a netblock are available to which clients.
There is not one shred of evidence anywhere to support your claim that the spam you sent came from the UK. There is plenty of evidence which supports the assertion that you are unable to decode email headers correctly.
You have made numerous grand pontifications almost all of which have been shown to be incorrect. I find the assertion that my servers have sent spam to Verizon in the past not only to be offensive but actually libellous.
Want to prove how insecure DNS is? Then feel free to hack my DNS servers and spoof the zones for the domain what-ho.co.uk. You may be able to set up another DNS server for the domain but you're not going to be able to convince anyone to use it. In my honest opinion I'd say it's more likely that the Pope will appear in a high-wire act wearing a fluorescent pink tutu at the next Superbowl advertising condoms than you will be capable of hacking my DNS.
KVS
Jan 25, 05, 10:26 am
I was referring to your and others posts saying the spam did not originate in the UK.For the purposes of this discussion it did not. You were trying to prove that you were able to receive mail from the UK at your Verizon address, yet none of your sample e-mails were sent using an SMTP sever in the UK.
To use an FT-related analogy, suppose the US gov't [Verizon] implements entry restrictions for UK citizens and people from the UK start complaining that they cannot get into the US. You would then argue that someone was able to get in without a problem after arriving on a BA flight from London. When you are asked how so and asked to send a copy of that person's passport [e-mail headers], it turns-out that the person in question actually has an Indian passport. You then continue to argue that "someone from Britain was able to enter the US without a problem".
I set out to prove that Verizon is not blocking all international email.Then you shouldn't have argued that "some UK mail is making it through to Verizon".
I believe that VZ is blocking only from sites that have sent spam to them in the past.What exactly do you mean by "sites"? If you are referring to SMTP relay servers, then that would be a rediculous criteria.
If you don't understand that DNS can be faked, then you don't really understand how DNS works. I gave an authoritative reference to the subject if you care to read it. If you don't understand DNS and you are running a mail server, then VZ is probably correct to block your server from accessing their customers.There is really no need for a personal attack here. You might have given an authorative reference, but is it to a subject that is irrelevant to the issue at hand.
stimpy
Jan 25, 05, 1:40 pm
Stimpy,
I feel like I've just been savaged by a dead sheep
Welcome to the club. I get a child who has a few years of playing with an email server tell me I don't know anything about my profession of the last 20 years. Now if you had simply pointed out the error I made during my quick 5 minute test, we would be fine. But you chose the personal attack route instead.
The standard traceroute included with Solaris, Linux, FreeBSD, Mac OS and almost every other operating system does a host lookup by default.
It never used to and internet veterans don't generally rely on such information, especially when tracing spam.
You stated you used traceroute to establish that the email came from NTL but how are you going to determine that from the IP address returned by the ICMP echo without resorting to doing a DNS or WHOIS lookup of the IP address? Do you gaze into a crystal ball and magically determine the exact location of an IP address?
First learn how internet routing works (at the BGP level), then you will understand how traceroute tells you where to go. Again, it's about trusting machine information rather than human-supplied information that can be subverted by other sources. If an ISP starts advertising incorrect blocks from other AS's, then he will get slammed by his peers who do a pretty good job of policing. But there is no such "police" for DNS.
I honestly don't recall what I did that popped up NTL. That was a quick late night test I did to see if that message came from England or not. Obviously I can see now that the sending address was not in the UK. I will stay tuned to see if I get any other mail from the UK at my Verizon address.
You have to be careful about dismissing human generated data because all IP address allocations are done by humans - even dynamic IP addresses because a human determines which IP addresses within a netblock are available to which clients.
But that information cannot easily be subverted by outside sources whereas DNS can be and often is especially by spammers. Understand?
Want to prove how insecure DNS is? Then feel free to hack my DNS servers and spoof the zones for the domain what-ho.co.uk. You may be able to set up another DNS server for the domain but you're not going to be able to convince anyone to use it. In my honest opinion I'd say it's more likely that the Pope will appear in a high-wire act wearing a fluorescent pink tutu at the next Superbowl advertising condoms than you will be capable of hacking my DNS.
I'm not a hacker, but you've clearly demonstrated a lack of understanding of the risks involved which is perhaps why Verizon is blocking your server. I've shown you other non-US servers which do have access to Verizon, but you keep ignoring those facts and slamming me with personal attacks. Very nice.
ScottC
Jan 25, 05, 1:45 pm
My goodness folks... Surely we can discuss this without things getting so heated?
SarahWest
Jan 25, 05, 2:25 pm
Welcome to the club. I get a child who has a few years of playing with an email server tell me I don't know anything about my profession of the last 20 years. Now if you had simply pointed out the error I made during my quick 5 minute test, we would be fine.
Now which five minute test would that be? The entrails or the swinging crystal? I have pointed out numerous errors you have made and you have chosen to ignore the facts. You now graciously admit that you might have made one slight error.
The standard traceroute included with Solaris, Linux, FreeBSD, Mac OS and almost every other operating system does a host lookup by default.
It never used to and internet veterans don't generally rely on such information, especially when tracing spam.
First learn how internet routing works (at the BGP level), then you will understand how traceroute tells you where to go.
I have no problem whatsoever understanding how internet routing works. What I do have problems understanding is how you deduce where an IP address comes from so answer the question please. Exactly how do you determine where an IP address comes from without resorting to using either a DNS or a WHOIS query? You even use WHOIS to query AS numbers that your traceroute may show. How did your traceroute throw up any hostnames let alone an NTL one?
Again, it's about trusting machine information rather than human-supplied information that can be subverted by other sources. If an ISP starts advertising incorrect blocks from other AS's, then he will get slammed by his peers who do a pretty good job of policing. But there is no such "police" for DNS.
No, maybe there isn't but how often is DNS compromised in the real world? How often does a DNS system running multiple Unix servers in three different geographical locations with three different flavours of Unix behind three different firewalls shuffle from this mortal coil and die allowing someone to hijack the domain. Not too often I suspect.
I honestly don't recall what I did that popped up NTL. That was a quick late night test I did to see if that message came from England or not. Obviously I can see now that the sending address was not in the UK. I will stay tuned to see if I get any other mail from the UK at my Verizon address.
Maybe the chicken that you studied the entrails came from a bird with situs inversus - that's a real bummer for the professional entrail reader, believe me.
But that information cannot easily be subverted by outside sources whereas DNS can be and often is especially by spammers. Understand?
No, I admit I am having considerable problems understanding how spammers can spoof DNS in an email - perhaps you could provide me with some nursery grade examples that I might be able to understand.
I'm not a hacker, but you've clearly demonstrated a lack of understanding of the risks involved which is perhaps why Verizon is blocking your server. I've shown you other non-US servers which do have access to Verizon, but you keep ignoring those facts and slamming me with personal attacks. Very nice.
No, I have accepted that you are able to receive email from both India and France. There are major problems however not just with my UK based servers. Want some facts about it? A class action lawsuit was launched against Verizon in the past few days precisely because of their blocking - see Verizon faces lawsuit over email blocking (http://www.theregister.co.uk/2005/01/14/verizon_email_block/). You can also read further details about their blocking Verizon persists with European email blockade (http://www.theregister.co.uk/2005/01/14/verizon_email_block/)
If I'm not much mistaken only a few postings ago you stated authoritatively that Verizon wasn't blocking email from overseas servers. That is not really correct is it?
stimpy
Jan 25, 05, 5:29 pm
If I'm not much mistaken only a few postings ago you stated authoritatively that Verizon wasn't blocking email from overseas servers. That is not really correct is it?
No, I never said that. I said that Verizon doesn't block email from respectable sites. Yours doesn't fall into that category for reasons you have made clear in this thread. Let us how that lawsuit goes.
SarahWest
Jan 25, 05, 7:42 pm
No, you never really said it apart from here, honest;
I am quite sure that Verizon doesn't block any country since I receive emails from all over the world, including Korea which sends more spam than any country I know of. However I stopped receiving Korean spam a while back. I assume that Verizon or some other ISP has been successful in blocking them.
I've got some Chinese friends who run a restaurant. I'm sure I can get some great entrail recipes for you if you like.
stimpy
Jan 25, 05, 8:49 pm
Read the latter post #38 dear, and others.
Why does the phrase "stop feeding the trolls" keep coming to mind?
CJR
Jan 25, 05, 11:19 pm
Your time spent detailing email headers is very much appreciated. This thread is retained for future reference.
Thanks to all in the discussion for their contributions. ^
-Craiger
SarahWest
Jan 27, 05, 6:22 pm
No, I never said that. I said that Verizon doesn't block email from respectable sites. Yours doesn't fall into that category for reasons you have made clear in this thread.
Stimpy,
The basis for your entire argument that my nameservers are insecure (and therefore not respectable) is that they don't run DNSSEC and as such are open to spoofing. Well, your arguments about DNS being insecure do have some merit and I decided to do something about it.
I have been playing with DNSSEC today for the first time (it's pretty neat) as I've been able to get BIND 9.3.0 to compile. It's been a very interesting experience, thank you very much for making me get round to it at last.
To check that my installation was working (I'm not running signed zones yet btw so am still insecure by your standards) I was able to query the SOA for a zone I know to be secured with DNSSEC, nlnetlabs.nl
I get the following results;
espresso:~$ dig @open.nlnetlabs.nl +dnssec +multiline nlnetlabs.nl soa
; <<>> DiG 9.3.0 <<>> @open.nlnetlabs.nl +dnssec +multiline nlnetlabs.nl soa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1911
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 12
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;nlnetlabs.nl. IN SOA
;; AUTHORITY SECTION:
nlnetlabs.nl. 86400 IN NS open.nlnetlabs.nl.
nlnetlabs.nl. 86400 IN NS omval.tednet.nl.
nlnetlabs.nl. 86400 IN NS bureau.sidn.nl.
nlnetlabs.nl. 86400 IN RRSIG NS 5 2 86400 20050225122215 (
20050126122215 43791 nlnetlabs.nl.
D7Xa/CGAhecaqJA032bydh0fjIk//4esQIA10RtVSZQC
wGdm0xw48qXyk9obOc+y05stDgHWC6WjawqH7J64clh5
/jzFyOSS1u6k1fftiaEHgW/tPmKclkqKofoH0FjWYxCQ
zWgoYqePcOdqBZjDJQN04t8V6CKUwRxOT4Ajn8Q= )
;; ADDITIONAL SECTION:
open.nlnetlabs.nl. 86400 IN A 213.154.224.1
open.nlnetlabs.nl. 86400 IN AAAA 2001:7b8:206:1:211:2fff:fed7:7378
open.nlnetlabs.nl. 86400 IN AAAA 2001:7b8:206:1::53
omval.tednet.nl. 28800 IN A 213.154.224.17
bureau.sidn.nl. 86400 IN A 193.176.144.162
bureau.sidn.nl. 86400 IN AAAA 2001:610:ff:1::2
bureau.sidn.nl. 86400 IN AAAA 2001:610:118:0:290:27ff:fe9c:2386
nlnetlabs.nl. 86400 IN DNSKEY 257 3 5 (
AQPzzTWMz8qSWIQlfRnPckx2BiVmkVN6LPupO3mbz7Fh
LSnm26n6iG9NLby97Ji453aWZY3M5/xJBSOS2vWtco2t
8C0+xeO1bc/d6ZTy32DHchpW6rDH1vp86Ll+ha0tmwyy
9QP7y2bVw5zSbFCrefk8qCUBgfHm9bHzMG1UBYtEIQ==
) ; key id = 43791
nlnetlabs.nl. 86400 IN RRSIG DNSKEY 5 2 86400 20050225122215 (
20050126122215 43791 nlnetlabs.nl.
Kf5yARNNgqEpAd4y8X79J+hTankG3bvhT+IRUxqUuzbL
kREVEeg6c24hHFRLPxVHDlP+MNWOL1r+aUuHWEvG94Bb
0pu3D0eOKh/zN3V4eLzUlHyuBiHR5IDLg3sfh0Y17+0E
+eD+LFtE4+UZJ1yrS2JpmKTgIF5yasVxd9hKAbA= )
open.nlnetlabs.nl. 86400 IN RRSIG A 5 3 86400 20050225122215 (
20050126122215 43791 nlnetlabs.nl.
jxCGi6r1jsDqbE1MhMpmec8E8CsUA+P1NN94UqPUZBIT
TT+w8MTP+4Z88aEVjPi5Zig127uRi0owKqDYJGcTKUbo
U/jboYWM3qwI7JuOxgy+uxK8JhnQxBRFDjWk388rUKNd
1IYNvncwoovfuH5fVSDoT0fYRFxN3fiBGCx9xzs= )
open.nlnetlabs.nl. 86400 IN RRSIG AAAA 5 3 86400 20050225122215 (
20050126122215 43791 nlnetlabs.nl.
qqH3KwOyPY7iPv7621NaoiK4gkYjzgeOOwzKMzN0t6TY
kYdF8hixkQXSxqPXrDP/akIXVw4/5l2TAlSU5rLK1rsP
J0iyZMP2cE3VsVmJbobAE/eAx5lDID7Q41eUyw9lNzoY
W+D26vspwj2n5FSo+zUxHn/8XNVbLcutXB1ZwVQ= )
;; Query time: 332 msec
;; SERVER: 213.154.224.1#53(open.nlnetlabs.nl)
;; WHEN: Thu Jan 27 23:56:06 2005
;; MSG SIZE rcvd: 1326
This correctly returns the digital signatures which reassures me that my ability to check whether a server is running DNSSEC might be OK.
I then went on a rambling and meandering tour of the internet looking at some other nameservers which run primary DNS for the following zones. Here are the abridged results (please feel free to verify these results for accuracy)
microsoft.com - does not run DNSSEC - INSECURE
decus.org - does not run DNSSEC - INSECURE
isc.org - does not run DNSSEC - INSECURE
ascend.com - does not run DNSSEC - INSECURE
checkpoint.com - does not run DNSSEC - INSECURE
ipverse.com - does not run DNSSEC - INSECURE
cisco.com - does not run DNSSEC - INSECURE
navy.mil - does not run DNSSEC - INSECURE
gte.net - does not run DNSSEC - INSECURE
whitehouse.gov - does not run DNSSEC - INSECURE
sun.com - does not run DNSSEC - INSECURE
tsa.gov - does not run DNSSEC - INSECURE
ual.com - does not run DNSSEC - INSECURE
dhs.gov - does not run DNSSEC - INSECURE
strixsystems.com - does not run DNSSEC - INSECURE
verizon.net - does not run DNSSEC - INSECURE
It's possible that Verizon.net may still be letting through some email from these rogue DNS operators so perhaps as one of their customers you could contact them and ask them to block all email from these domains as it's almost certainly spam. Until such time as all these sources are blocked it might be a good idea to set your email client to delete all email from these domains automatically and certainly don't believe anything you might happen to read in email from these sources.
I'd love to contact them myself but as you know I'm already considered to be subhuman and therefore blocked. Things were so much easier when I only had an ARPAnet email address to worry about!
Sarah
ScottC
Jan 27, 05, 6:29 pm
Sarah, I am astounded by your knowlegde! This thread has been an awesome read for me so far!
stimpy
Jan 27, 05, 7:51 pm
Yes, Sarah's ability to look things up on the Internet are only exceeded by Sarah's ability to write posts containing communications that are knowingly false and/or defamatory, inaccurate, obscene, profane, threatening, harassing, offensive, vulgar, abusive, hateful or bashing. Gee I wonder where those words came from?
I admitted earlier that I posted rashly and I'm sorry for it. Flyertalk doesn't need that and I shouldn't have reacted to Sarah's awful post in the first place. But it just keeps getting worse from Sarah.
ScottC
Jan 27, 05, 8:04 pm
OK, I have no idea what is going on here, I thought I was learning something, but obviousy there is something I am missing.
I think I'll leave this thread where it is, and I will get the last words;
Thanks to all that participated, but it doesn't look like we are heading anywhere good with this...