Verizon is blocking all incoming e-mail from outside the USA!!!
#61
FlyerTalk Evangelist
Join Date: Jan 2004
Location: Worldwide
Posts: 12,949
Originally Posted by stimpy
Here is some spam from the UK
[..]
Received: from runshaw-stud.co.uk (200.30.245.221]) by sc008pub.verizon.net (MailPass SMTP server v1.1.1 - 121803235448JY) with SMTP id <4-31402-159-31402-143206-1-1106312164> for mta005.verizon.net; Fri, 21 Jan 2005 06:56:07 -0600
[..]
Received: from runshaw-stud.co.uk (200.30.245.221]) by sc008pub.verizon.net (MailPass SMTP server v1.1.1 - 121803235448JY) with SMTP id <4-31402-159-31402-143206-1-1106312164> for mta005.verizon.net; Fri, 21 Jan 2005 06:56:07 -0600
Last edited by KVS; Jan 24, 2005 at 6:14 pm
#62
Join Date: Dec 2001
Posts: 1,034
Originally Posted by KVS
As for "some spam from the UK", it is actually some spam from an SMTP server [200.30.245.221] in Uruguay...
#63
FlyerTalk Evangelist
Join Date: Jan 2004
Location: Worldwide
Posts: 12,949
Originally Posted by SarahWest
Chile, dear, Chile. Not Uruguay.
#64
Join Date: Dec 2001
Posts: 1,034
Originally Posted by stimpy
Um Sarah, you have completely shot yourself in the foot. Maybe read Internet for Dummies? Traceroute does NOT, I repeat NOT have the slightest thing to do with DNS. It uses ICMP. Please go read some of the relevant IETF RFC's. You may even find my name as the author of them.
Then go read the DNS Security RFC's. Then go learn a thing or two about WHOIS. Then come back and criticize. Honestly, why would you use DIG to find out who sent you an email? There is no direct relation!
Then go read the DNS Security RFC's. Then go learn a thing or two about WHOIS. Then come back and criticize. Honestly, why would you use DIG to find out who sent you an email? There is no direct relation!
When you see a list of hostnames in a traceroute these hostnames come entirely from DNS queries (sent using TCP or UDP and not ICMP)
Stimpy, you've already proved in public that you can't work out where an email is coming from. Neither of the two emails you gave as an example came from a UK mail server and one never went anywhere near the UK. When trying to work out where an email actually came from you need to use a whole host of tools including WHOIS and a DNS query tool. The DNS query tool I choose to use is Dig. It allows me to check which the correct MX server for a domain is. You really don't need traceroute.
If you can find a single hole in my analysis of your two emails please post it here. Please could you give me references to the RFCs you have written? Being an author of an IETF RFC doesn't necessarily mean that you are an expert on Internet Protocols. Just look at my favourites, RFCs 2324 and 2325 for example - http://www.ietf.org/rfc/rfc2324.txt?number=2324 http://www.ietf.org/rfc/rfc2325.txt?number=2325
So far you've stated that Verizon is not blocking email from servers overseas. That is incorrect. Many servers in the UK at least are blocked from sending email to Verizon.net.
You've stated that only servers which send a lot of spam to Verizon are blocked. That too is incorrect.
You've stated you have received spam from the UK. That is incorrect - at least in the example you have given us.
You have shown us an email which you say came from NTL. That is incorrect.
You've stated that traceroute clients don't use DNS. That is incorrect.
Are you surprised that folks may be a bit sceptical about your expertise? Perhaps you need to consider the possibility that some of the folks who have posted on this thread might actually know what they're talking about.
Last edited by SarahWest; Jan 24, 2005 at 6:45 pm
#65
FlyerTalk Evangelist
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
Originally Posted by SarahWest
Actually Stimpy, although traceroute uses ICMP as a protocol, your host PC doing the traceroute does a reverse DNS lookup to determine the hostname for each IP address returned in the route. On a Windoze box you can disable host DNS lookups by doing "tracert -d".
Your basic problem is you are relying too much on human data (DNS, Whois, etc) that can be faked. And not enough on true IP addresses which if you look at the route tables cannot be faked. This again is a newbie error. You'll get there someday if you put in a few more years on the net.
And actually, the spam I was referring to does come from the UK. It is coming to Verizon out of a server elsewhere, but the true source of a lot of these is the UK. That is yet another newbie error. Not conceiving of the whole architectural capabilities of the Internet.
I took a few minutes to try and post some real data. I guess I should have put more time in if I knew how awful you would be about this. So do you get it now? Do you still think that Verizon is blocking all foreign email? Exactly how many times are you going to ignore my example of a successful email from France and the other posters successful email from Micronesia? Not to mention the UK email I got which entered Verizon from India?
#66
FlyerTalk Evangelist
Join Date: Jan 2004
Location: Worldwide
Posts: 12,949
Originally Posted by stimpy
It is coming to Verizon out of a server elsewhere, but the true source of a lot of these is the UK.
Originally Posted by stimpy
relying too much on human data (DNS, Whois, etc) that can be faked.
#67
FlyerTalk Evangelist
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
Originally Posted by KVS
What difference does the "true source" of the e-mail make?! This thread is about Verizon blocking incoming e-mail. Verizon is blocking incoming e-mail based on the identity of the the mail server, not the location of the system that originated that message.
How exactly is this relevant to the topic of this thread? For the purposes of tracing the source/path of the e-mails in question, these tools are more than adequate -- if you really beleive that any of the DNS/WHOIS records referred to here were incorrect, please post your evidence.
How exactly is this relevant to the topic of this thread? For the purposes of tracing the source/path of the e-mails in question, these tools are more than adequate -- if you really beleive that any of the DNS/WHOIS records referred to here were incorrect, please post your evidence.
#68
Join Date: Dec 2001
Posts: 1,034
Stimpy,
I feel like I've just been savaged by a dead sheep (did you write the RFC for that by any chance?). The standard traceroute included with Solaris, Linux, FreeBSD, Mac OS and almost every other operating system does a host lookup by default.
You stated you used traceroute to establish that the email came from NTL but how are you going to determine that from the IP address returned by the ICMP echo without resorting to doing a DNS or WHOIS lookup of the IP address? Do you gaze into a crystal ball and magically determine the exact location of an IP address? Do you hold a crystal on a piece of string over a map of the world until it (or you) gets very excited? Do you disembowel a chicken and read the entrails or do you levitate cross-legged reciting some obscure incantation until it becomes obvious to you where the IP address is from?
You have to be careful about dismissing human generated data because all IP address allocations are done by humans - even dynamic IP addresses because a human determines which IP addresses within a netblock are available to which clients.
There is not one shred of evidence anywhere to support your claim that the spam you sent came from the UK. There is plenty of evidence which supports the assertion that you are unable to decode email headers correctly.
You have made numerous grand pontifications almost all of which have been shown to be incorrect. I find the assertion that my servers have sent spam to Verizon in the past not only to be offensive but actually libellous.
Want to prove how insecure DNS is? Then feel free to hack my DNS servers and spoof the zones for the domain what-ho.co.uk. You may be able to set up another DNS server for the domain but you're not going to be able to convince anyone to use it. In my honest opinion I'd say it's more likely that the Pope will appear in a high-wire act wearing a fluorescent pink tutu at the next Superbowl advertising condoms than you will be capable of hacking my DNS.
I feel like I've just been savaged by a dead sheep (did you write the RFC for that by any chance?). The standard traceroute included with Solaris, Linux, FreeBSD, Mac OS and almost every other operating system does a host lookup by default.
You stated you used traceroute to establish that the email came from NTL but how are you going to determine that from the IP address returned by the ICMP echo without resorting to doing a DNS or WHOIS lookup of the IP address? Do you gaze into a crystal ball and magically determine the exact location of an IP address? Do you hold a crystal on a piece of string over a map of the world until it (or you) gets very excited? Do you disembowel a chicken and read the entrails or do you levitate cross-legged reciting some obscure incantation until it becomes obvious to you where the IP address is from?
You have to be careful about dismissing human generated data because all IP address allocations are done by humans - even dynamic IP addresses because a human determines which IP addresses within a netblock are available to which clients.
There is not one shred of evidence anywhere to support your claim that the spam you sent came from the UK. There is plenty of evidence which supports the assertion that you are unable to decode email headers correctly.
You have made numerous grand pontifications almost all of which have been shown to be incorrect. I find the assertion that my servers have sent spam to Verizon in the past not only to be offensive but actually libellous.
Want to prove how insecure DNS is? Then feel free to hack my DNS servers and spoof the zones for the domain what-ho.co.uk. You may be able to set up another DNS server for the domain but you're not going to be able to convince anyone to use it. In my honest opinion I'd say it's more likely that the Pope will appear in a high-wire act wearing a fluorescent pink tutu at the next Superbowl advertising condoms than you will be capable of hacking my DNS.
Last edited by SarahWest; Jan 25, 2005 at 5:26 am
#69
FlyerTalk Evangelist
Join Date: Jan 2004
Location: Worldwide
Posts: 12,949
Originally Posted by stimpy
I was referring to your and others posts saying the spam did not originate in the UK.
To use an FT-related analogy, suppose the US gov't [Verizon] implements entry restrictions for UK citizens and people from the UK start complaining that they cannot get into the US. You would then argue that someone was able to get in without a problem after arriving on a BA flight from London. When you are asked how so and asked to send a copy of that person's passport [e-mail headers], it turns-out that the person in question actually has an Indian passport. You then continue to argue that "someone from Britain was able to enter the US without a problem".
Originally Posted by stimpy
I set out to prove that Verizon is not blocking all international email.
Originally Posted by stimpy
I believe that VZ is blocking only from sites that have sent spam to them in the past.
Originally Posted by stimpy
If you don't understand that DNS can be faked, then you don't really understand how DNS works. I gave an authoritative reference to the subject if you care to read it. If you don't understand DNS and you are running a mail server, then VZ is probably correct to block your server from accessing their customers.
#70
FlyerTalk Evangelist
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
Originally Posted by SarahWest
Stimpy,
I feel like I've just been savaged by a dead sheep
I feel like I've just been savaged by a dead sheep
The standard traceroute included with Solaris, Linux, FreeBSD, Mac OS and almost every other operating system does a host lookup by default.
You stated you used traceroute to establish that the email came from NTL but how are you going to determine that from the IP address returned by the ICMP echo without resorting to doing a DNS or WHOIS lookup of the IP address? Do you gaze into a crystal ball and magically determine the exact location of an IP address?
I honestly don't recall what I did that popped up NTL. That was a quick late night test I did to see if that message came from England or not. Obviously I can see now that the sending address was not in the UK. I will stay tuned to see if I get any other mail from the UK at my Verizon address.
You have to be careful about dismissing human generated data because all IP address allocations are done by humans - even dynamic IP addresses because a human determines which IP addresses within a netblock are available to which clients.
Want to prove how insecure DNS is? Then feel free to hack my DNS servers and spoof the zones for the domain what-ho.co.uk. You may be able to set up another DNS server for the domain but you're not going to be able to convince anyone to use it. In my honest opinion I'd say it's more likely that the Pope will appear in a high-wire act wearing a fluorescent pink tutu at the next Superbowl advertising condoms than you will be capable of hacking my DNS.
#71
FlyerTalk Evangelist
Join Date: Sep 2000
Posts: 37,486
My goodness folks... Surely we can discuss this without things getting so heated?
#72
Join Date: Dec 2001
Posts: 1,034
Originally Posted by stimpy
Welcome to the club. I get a child who has a few years of playing with an email server tell me I don't know anything about my profession of the last 20 years. Now if you had simply pointed out the error I made during my quick 5 minute test, we would be fine.
Originally Posted by SarahWest
The standard traceroute included with Solaris, Linux, FreeBSD, Mac OS and almost every other operating system does a host lookup by default.
Originally Posted by stimpy
It never used to and internet veterans don't generally rely on such information, especially when tracing spam.
First learn how internet routing works (at the BGP level), then you will understand how traceroute tells you where to go.
First learn how internet routing works (at the BGP level), then you will understand how traceroute tells you where to go.
Again, it's about trusting machine information rather than human-supplied information that can be subverted by other sources. If an ISP starts advertising incorrect blocks from other AS's, then he will get slammed by his peers who do a pretty good job of policing. But there is no such "police" for DNS.
I honestly don't recall what I did that popped up NTL. That was a quick late night test I did to see if that message came from England or not. Obviously I can see now that the sending address was not in the UK. I will stay tuned to see if I get any other mail from the UK at my Verizon address.
But that information cannot easily be subverted by outside sources whereas DNS can be and often is especially by spammers. Understand?
I'm not a hacker, but you've clearly demonstrated a lack of understanding of the risks involved which is perhaps why Verizon is blocking your server. I've shown you other non-US servers which do have access to Verizon, but you keep ignoring those facts and slamming me with personal attacks. Very nice.
If I'm not much mistaken only a few postings ago you stated authoritatively that Verizon wasn't blocking email from overseas servers. That is not really correct is it?
#73
FlyerTalk Evangelist
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
Originally Posted by SarahWest
If I'm not much mistaken only a few postings ago you stated authoritatively that Verizon wasn't blocking email from overseas servers. That is not really correct is it?
#74
Join Date: Dec 2001
Posts: 1,034
No, you never really said it apart from here, honest;
I've got some Chinese friends who run a restaurant. I'm sure I can get some great entrail recipes for you if you like.
Originally Posted by stimpy
I am quite sure that Verizon doesn't block any country since I receive emails from all over the world, including Korea which sends more spam than any country I know of. However I stopped receiving Korean spam a while back. I assume that Verizon or some other ISP has been successful in blocking them.
Last edited by SarahWest; Jan 25, 2005 at 6:45 pm
#75
FlyerTalk Evangelist
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
Read the latter post #38 dear, and others.
Why does the phrase "stop feeding the trolls" keep coming to mind?
Why does the phrase "stop feeding the trolls" keep coming to mind?