KVS

As for "some spam from the UK", it is actually some spam from an SMTP server [200.30.245.221] in Chile...

SarahWest

Chile, dear, Chile. Not Uruguay.

KVS

Oops, used the wrong WHOIS server , Chile it is...

SarahWest

Actually Stimpy, although traceroute uses ICMP as a protocol, your host PC doing the traceroute does a reverse DNS lookup to determine the hostname for each IP address returned in the route. On a Windoze box you can disable host DNS lookups by doing "tracert -d".

When you see a list of hostnames in a traceroute these hostnames come entirely from DNS queries (sent using TCP or UDP and not ICMP)

Stimpy, you've already proved in public that you can't work out where an email is coming from. Neither of the two emails you gave as an example came from a UK mail server and one never went anywhere near the UK. When trying to work out where an email actually came from you need to use a whole host of tools including WHOIS and a DNS query tool. The DNS query tool I choose to use is Dig. It allows me to check which the correct MX server for a domain is. You really don't need traceroute.

If you can find a single hole in my analysis of your two emails please post it here. Please could you give me references to the RFCs you have written? Being an author of an IETF RFC doesn't necessarily mean that you are an expert on Internet Protocols. Just look at my favourites, RFCs 2324 and 2325 for example - http://www.ietf.org/rfc/rfc2324.txt?number=2324 http://www.ietf.org/rfc/rfc2325.txt?number=2325

So far you've stated that Verizon is not blocking email from servers overseas. That is incorrect. Many servers in the UK at least are blocked from sending email to Verizon.net.

You've stated that only servers which send a lot of spam to Verizon are blocked. That too is incorrect.

You've stated you have received spam from the UK. That is incorrect - at least in the example you have given us.

You have shown us an email which you say came from NTL. That is incorrect.

You've stated that traceroute clients don't use DNS. That is incorrect.

Are you surprised that folks may be a bit sceptical about your expertise? Perhaps you need to consider the possibility that some of the folks who have posted on this thread might actually know what they're talking about.

stimpy

That is a tool which combines traceroute with a DNS lookup. Don't worry, lots of newbies combine the two without realizing they are separate functions. Have you looked up DNSSEC yet? Do you understand the concept of DNS security and why it is needed and why you are completely wrong about relying on DNS?

Your basic problem is you are relying too much on human data (DNS, Whois, etc) that can be faked. And not enough on true IP addresses which if you look at the route tables cannot be faked. This again is a newbie error. You'll get there someday if you put in a few more years on the net.

And actually, the spam I was referring to does come from the UK. It is coming to Verizon out of a server elsewhere, but the true source of a lot of these is the UK. That is yet another newbie error. Not conceiving of the whole architectural capabilities of the Internet.

I took a few minutes to try and post some real data. I guess I should have put more time in if I knew how awful you would be about this. So do you get it now? Do you still think that Verizon is blocking all foreign email? Exactly how many times are you going to ignore my example of a successful email from France and the other posters successful email from Micronesia? Not to mention the UK email I got which entered Verizon from India?

KVS

What difference does the "true source" of the e-mail make?! This thread is about Verizon blocking incoming e-mail. Verizon is blocking incoming e-mail based on the identity of the the mail server, not the location of the system that originated that message.


How exactly is this relevant to the topic of this thread? For the purposes of tracing the source/path of the e-mails in question, these tools are more than adequate -- if you really beleive that any of the DNS/WHOIS records referred to here were incorrect, please post your evidence.

stimpy

I was referring to your and others posts saying the spam did not originate in the UK. I beleive it did. But yes that is a side-track. However your post has little to do with the thread. I set out to prove that Verizon is not blocking all international email. I think I have done that many times over now. I believe that VZ is blocking only from sites that have sent spam to them in the past. If you don't understand that DNS can be faked, then you don't really understand how DNS works. I gave an authoritative reference to the subject if you care to read it. If you don't understand DNS and you are running a mail server, then VZ is probably correct to block your server from accessing their customers.

SarahWest

Stimpy,

I feel like I've just been savaged by a dead sheep (did you write the RFC for that by any chance?). The standard traceroute included with Solaris, Linux, FreeBSD, Mac OS and almost every other operating system does a host lookup by default.

You stated you used traceroute to establish that the email came from NTL but how are you going to determine that from the IP address returned by the ICMP echo without resorting to doing a DNS or WHOIS lookup of the IP address? Do you gaze into a crystal ball and magically determine the exact location of an IP address? Do you hold a crystal on a piece of string over a map of the world until it (or you) gets very excited? Do you disembowel a chicken and read the entrails or do you levitate cross-legged reciting some obscure incantation until it becomes obvious to you where the IP address is from?

You have to be careful about dismissing human generated data because all IP address allocations are done by humans - even dynamic IP addresses because a human determines which IP addresses within a netblock are available to which clients.

There is not one shred of evidence anywhere to support your claim that the spam you sent came from the UK. There is plenty of evidence which supports the assertion that you are unable to decode email headers correctly.

You have made numerous grand pontifications almost all of which have been shown to be incorrect. I find the assertion that my servers have sent spam to Verizon in the past not only to be offensive but actually libellous.

Want to prove how insecure DNS is? Then feel free to hack my DNS servers and spoof the zones for the domain what-ho.co.uk. You may be able to set up another DNS server for the domain but you're not going to be able to convince anyone to use it. In my honest opinion I'd say it's more likely that the Pope will appear in a high-wire act wearing a fluorescent pink tutu at the next Superbowl advertising condoms than you will be capable of hacking my DNS.

KVS

For the purposes of this discussion it did not. You were trying to prove that you were able to receive mail from the UK at your Verizon address, yet none of your sample e-mails were sent using an SMTP sever in the UK.

To use an FT-related analogy, suppose the US gov't [Verizon] implements entry restrictions for UK citizens and people from the UK start complaining that they cannot get into the US. You would then argue that someone was able to get in without a problem after arriving on a BA flight from London. When you are asked how so and asked to send a copy of that person's passport [e-mail headers], it turns-out that the person in question actually has an Indian passport. You then continue to argue that "someone from Britain was able to enter the US without a problem".


Then you shouldn't have argued that "some UK mail is making it through to Verizon".


What exactly do you mean by "sites"? If you are referring to SMTP relay servers, then that would be a rediculous criteria.


There is really no need for a personal attack here. You might have given an authorative reference, but is it to a subject that is irrelevant to the issue at hand.

stimpy

Welcome to the club. I get a child who has a few years of playing with an email server tell me I don't know anything about my profession of the last 20 years. Now if you had simply pointed out the error I made during my quick 5 minute test, we would be fine. But you chose the personal attack route instead.

It never used to and internet veterans don't generally rely on such information, especially when tracing spam.

First learn how internet routing works (at the BGP level), then you will understand how traceroute tells you where to go. Again, it's about trusting machine information rather than human-supplied information that can be subverted by other sources. If an ISP starts advertising incorrect blocks from other AS's, then he will get slammed by his peers who do a pretty good job of policing. But there is no such "police" for DNS.

I honestly don't recall what I did that popped up NTL. That was a quick late night test I did to see if that message came from England or not. Obviously I can see now that the sending address was not in the UK. I will stay tuned to see if I get any other mail from the UK at my Verizon address.

But that information cannot easily be subverted by outside sources whereas DNS can be and often is especially by spammers. Understand?

I'm not a hacker, but you've clearly demonstrated a lack of understanding of the risks involved which is perhaps why Verizon is blocking your server. I've shown you other non-US servers which do have access to Verizon, but you keep ignoring those facts and slamming me with personal attacks. Very nice.

ScottC

My goodness folks... Surely we can discuss this without things getting so heated?

SarahWest

Now which five minute test would that be? The entrails or the swinging crystal? I have pointed out numerous errors you have made and you have chosen to ignore the facts. You now graciously admit that you might have made one slight error.

I have no problem whatsoever understanding how internet routing works. What I do have problems understanding is how you deduce where an IP address comes from so answer the question please. Exactly how do you determine where an IP address comes from without resorting to using either a DNS or a WHOIS query? You even use WHOIS to query AS numbers that your traceroute may show. How did your traceroute throw up any hostnames let alone an NTL one?

No, maybe there isn't but how often is DNS compromised in the real world? How often does a DNS system running multiple Unix servers in three different geographical locations with three different flavours of Unix behind three different firewalls shuffle from this mortal coil and die allowing someone to hijack the domain. Not too often I suspect.

Maybe the chicken that you studied the entrails came from a bird with situs inversus - that's a real bummer for the professional entrail reader, believe me.

No, I admit I am having considerable problems understanding how spammers can spoof DNS in an email - perhaps you could provide me with some nursery grade examples that I might be able to understand.

No, I have accepted that you are able to receive email from both India and France. There are major problems however not just with my UK based servers. Want some facts about it? A class action lawsuit was launched against Verizon in the past few days precisely because of their blocking - see Verizon faces lawsuit over email blocking. You can also read further details about their blocking Verizon persists with European email blockade

If I'm not much mistaken only a few postings ago you stated authoritatively that Verizon wasn't blocking email from overseas servers. That is not really correct is it?

stimpy

No, I never said that. I said that Verizon doesn't block email from respectable sites. Yours doesn't fall into that category for reasons you have made clear in this thread. Let us how that lawsuit goes.

SarahWest

No, you never really said it apart from here, honest;

I've got some Chinese friends who run a restaurant. I'm sure I can get some great entrail recipes for you if you like.

stimpy

Read the latter post #38 dear, and others.

Why does the phrase "stop feeding the trolls" keep coming to mind?