Go Back  FlyerTalk Forums > Travel&Dining > Travel Technology
Reload this Page >

Verizon is blocking all incoming e-mail from outside the USA!!!

Verizon is blocking all incoming e-mail from outside the USA!!!

Old Jan 25, 05, 11:19 pm
  #76  
CJR
 
Join Date: Jan 2005
Location: Gstaad,CH / COU
Programs: Star Alliance, Oneworld
Posts: 34
Thank you, Sarah

Your time spent detailing email headers is very much appreciated. This thread is retained for future reference.

Thanks to all in the discussion for their contributions. ^

-Craiger
CJR is offline  
Old Jan 27, 05, 6:22 pm
  #77  
 
Join Date: Dec 2001
Posts: 872
Originally Posted by stimpy
No, I never said that. I said that Verizon doesn't block email from respectable sites. Yours doesn't fall into that category for reasons you have made clear in this thread.
Stimpy,

The basis for your entire argument that my nameservers are insecure (and therefore not respectable) is that they don't run DNSSEC and as such are open to spoofing. Well, your arguments about DNS being insecure do have some merit and I decided to do something about it.

I have been playing with DNSSEC today for the first time (it's pretty neat) as I've been able to get BIND 9.3.0 to compile. It's been a very interesting experience, thank you very much for making me get round to it at last.

To check that my installation was working (I'm not running signed zones yet btw so am still insecure by your standards) I was able to query the SOA for a zone I know to be secured with DNSSEC, nlnetlabs.nl

I get the following results;
Code:
espresso:~$ dig @open.nlnetlabs.nl +dnssec +multiline nlnetlabs.nl soa

; <<>> DiG 9.3.0 <<>> @open.nlnetlabs.nl +dnssec +multiline nlnetlabs.nl soa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1911
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 12

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;nlnetlabs.nl.          IN SOA

;; ANSWER SECTION:
nlnetlabs.nl.           86400 IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl.
 (
                                2005012601 ; serial
                                28800      ; refresh (8 hours)
                                7200       ; retry (2 hours)
                                604800     ; expire (1 week)
                                18000      ; minimum (5 hours)
                                )
nlnetlabs.nl.           86400 IN RRSIG SOA 5 2 86400 20050225122215 (
                                20050126122215 43791 nlnetlabs.nl.
                                efYLLxlIX7vQXb8RpTv1MG4flMbQpJ0K8u+rrm2mwp8V
                                H00EbrCEundqZQs8KgZO6+fYNyU7OdX7ta+D9pW4ObZ+
                                Mgh4ofsixCFFX0RhH7TG+/UqOxWnh8s8t2VHqdgJdfmB
                                mZCBj1SHFtAafARpKjALmymD1W3XX5u80f8UdX8= )

;; AUTHORITY SECTION:
nlnetlabs.nl.           86400 IN NS open.nlnetlabs.nl.
nlnetlabs.nl.           86400 IN NS omval.tednet.nl.
nlnetlabs.nl.           86400 IN NS bureau.sidn.nl.
nlnetlabs.nl.           86400 IN RRSIG NS 5 2 86400 20050225122215 (
                                20050126122215 43791 nlnetlabs.nl.
                                D7Xa/CGAhecaqJA032bydh0fjIk//4esQIA10RtVSZQC
                                wGdm0xw48qXyk9obOc+y05stDgHWC6WjawqH7J64clh5
                                /jzFyOSS1u6k1fftiaEHgW/tPmKclkqKofoH0FjWYxCQ
                                zWgoYqePcOdqBZjDJQN04t8V6CKUwRxOT4Ajn8Q= )

;; ADDITIONAL SECTION:
open.nlnetlabs.nl.      86400 IN A 213.154.224.1
open.nlnetlabs.nl.      86400 IN AAAA 2001:7b8:206:1:211:2fff:fed7:7378
open.nlnetlabs.nl.      86400 IN AAAA 2001:7b8:206:1::53
omval.tednet.nl.        28800 IN A 213.154.224.17
bureau.sidn.nl.         86400 IN A 193.176.144.162
bureau.sidn.nl.         86400 IN AAAA 2001:610:ff:1::2
bureau.sidn.nl.         86400 IN AAAA 2001:610:118:0:290:27ff:fe9c:2386
nlnetlabs.nl.           86400 IN DNSKEY 257 3 5 (
                                AQPzzTWMz8qSWIQlfRnPckx2BiVmkVN6LPupO3mbz7Fh
                                LSnm26n6iG9NLby97Ji453aWZY3M5/xJBSOS2vWtco2t
                                8C0+xeO1bc/d6ZTy32DHchpW6rDH1vp86Ll+ha0tmwyy
                                9QP7y2bVw5zSbFCrefk8qCUBgfHm9bHzMG1UBYtEIQ==
                                ) ; key id = 43791
nlnetlabs.nl.           86400 IN RRSIG DNSKEY 5 2 86400 20050225122215 (
                                20050126122215 43791 nlnetlabs.nl.
                                Kf5yARNNgqEpAd4y8X79J+hTankG3bvhT+IRUxqUuzbL
                                kREVEeg6c24hHFRLPxVHDlP+MNWOL1r+aUuHWEvG94Bb
                                0pu3D0eOKh/zN3V4eLzUlHyuBiHR5IDLg3sfh0Y17+0E
                                +eD+LFtE4+UZJ1yrS2JpmKTgIF5yasVxd9hKAbA= )
open.nlnetlabs.nl.      86400 IN RRSIG A 5 3 86400 20050225122215 (
                                20050126122215 43791 nlnetlabs.nl.
                                jxCGi6r1jsDqbE1MhMpmec8E8CsUA+P1NN94UqPUZBIT
                                TT+w8MTP+4Z88aEVjPi5Zig127uRi0owKqDYJGcTKUbo
                                U/jboYWM3qwI7JuOxgy+uxK8JhnQxBRFDjWk388rUKNd
                                1IYNvncwoovfuH5fVSDoT0fYRFxN3fiBGCx9xzs= )
open.nlnetlabs.nl.      86400 IN RRSIG AAAA 5 3 86400 20050225122215 (
                                20050126122215 43791 nlnetlabs.nl.
                                qqH3KwOyPY7iPv7621NaoiK4gkYjzgeOOwzKMzN0t6TY
                                kYdF8hixkQXSxqPXrDP/akIXVw4/5l2TAlSU5rLK1rsP
                                J0iyZMP2cE3VsVmJbobAE/eAx5lDID7Q41eUyw9lNzoY
                                W+D26vspwj2n5FSo+zUxHn/8XNVbLcutXB1ZwVQ= )

;; Query time: 332 msec
;; SERVER: 213.154.224.1#53(open.nlnetlabs.nl)
;; WHEN: Thu Jan 27 23:56:06 2005
;; MSG SIZE  rcvd: 1326
This correctly returns the digital signatures which reassures me that my ability to check whether a server is running DNSSEC might be OK.

I then went on a rambling and meandering tour of the internet looking at some other nameservers which run primary DNS for the following zones. Here are the abridged results (please feel free to verify these results for accuracy)
  • microsoft.com - does not run DNSSEC - INSECURE
  • decus.org - does not run DNSSEC - INSECURE
  • isc.org - does not run DNSSEC - INSECURE
  • ascend.com - does not run DNSSEC - INSECURE
  • checkpoint.com - does not run DNSSEC - INSECURE
  • ipverse.com - does not run DNSSEC - INSECURE
  • cisco.com - does not run DNSSEC - INSECURE
  • navy.mil - does not run DNSSEC - INSECURE
  • gte.net - does not run DNSSEC - INSECURE
  • whitehouse.gov - does not run DNSSEC - INSECURE
  • sun.com - does not run DNSSEC - INSECURE
  • tsa.gov - does not run DNSSEC - INSECURE
  • ual.com - does not run DNSSEC - INSECURE
  • dhs.gov - does not run DNSSEC - INSECURE
  • strixsystems.com - does not run DNSSEC - INSECURE
  • verizon.net - does not run DNSSEC - INSECURE

It's possible that Verizon.net may still be letting through some email from these rogue DNS operators so perhaps as one of their customers you could contact them and ask them to block all email from these domains as it's almost certainly spam. Until such time as all these sources are blocked it might be a good idea to set your email client to delete all email from these domains automatically and certainly don't believe anything you might happen to read in email from these sources.

I'd love to contact them myself but as you know I'm already considered to be subhuman and therefore blocked. Things were so much easier when I only had an ARPAnet email address to worry about!

Sarah

Last edited by SarahWest; Jan 27, 05 at 6:33 pm
SarahWest is offline  
Old Jan 27, 05, 6:29 pm
  #78  
FlyerTalk Evangelist
 
Join Date: Sep 2000
Posts: 37,486
Sarah, I am astounded by your knowlegde! This thread has been an awesome read for me so far!
ScottC is offline  
Old Jan 27, 05, 7:51 pm
  #79  
FlyerTalk Evangelist
Four Seasons Contributor BadgeMandarin Oriental Contributor Badge
 
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 31,570
Yes, Sarah's ability to look things up on the Internet are only exceeded by Sarah's ability to write posts containing communications that are knowingly false and/or defamatory, inaccurate, obscene, profane, threatening, harassing, offensive, vulgar, abusive, hateful or bashing. Gee I wonder where those words came from?

I admitted earlier that I posted rashly and I'm sorry for it. Flyertalk doesn't need that and I shouldn't have reacted to Sarah's awful post in the first place. But it just keeps getting worse from Sarah.
stimpy is online now  
Old Jan 27, 05, 8:04 pm
  #80  
FlyerTalk Evangelist
 
Join Date: Sep 2000
Posts: 37,486
OK, I have no idea what is going on here, I thought I was learning something, but obviousy there is something I am missing.

I think I'll leave this thread where it is, and I will get the last words;

Thanks to all that participated, but it doesn't look like we are heading anywhere good with this...

--Scott
ScottC is offline  

Thread Tools
Search this Thread
Search Engine: