Strange Email Bounce

77 views
Skip to first unread message

Michael Milliman

unread,
Jun 20, 2016, 3:40:04 AM6/20/16
to
I just replied to an email here on the debian-user list. I have checked
the debian-user list archive on debian.org, and the email was indeed
received and posted to the list. Nevertheless, I also received a bounce
notice which was somewhat disturbing. It reported the email bounced
from bac...@ninjalabs.com. This bounce notice was in HTML format and
was mostly an advert. I am not an expert, or even very knowledgeable,
about reading email headers, however it appears that the bounce was in
response to the forward of my original message after having been
received by the lists.debian.org server.

I am concerned about having received a "bounce notice" that was
essentially spam as a result of a post to this list. I am including
(hopefully) a copy of the headers from the bounce notice as an
attachment. Any thoughts on this?? Should I (or perhaps someone else)
be concerned about this, or is this a result of normal processes and an
email provider with some questionable practices which is beyond the my
control or that of the administrators of this list?

I'm probably showing my profound ignorance with those questions, and if
so, please enlighten me.

Thanks.

--
73's
Mike, WB5VQX

bounceheaders.txt

Charlie S

unread,
Jun 20, 2016, 3:50:04 AM6/20/16
to
On Mon, 20 Jun 2016 02:38:41 -0500 Michael Milliman sent:

> I just replied to an email here on the debian-user list. I have
> checked the debian-user list archive on debian.org, and the email was
> indeed received and posted to the list. Nevertheless, I also
> received a bounce notice which was somewhat disturbing. It reported
> the email bounced from bac...@ninjalabs.com.

It was the same here.

Charlie

Thomas Schmitt

unread,
Jun 20, 2016, 4:10:04 AM6/20/16
to
Hi,

Michael Milliman wrote:
> I also received a bounce notice which was somewhat disturbing.

Possibly a relative of the dreaded I-am-on-holiday reply mails.
Somebody subscribed to this list and some automat is now reporting
that the mail will not be looked at.
I guess i now get such a mail, too.

The classical solution by the list admin is to remove the subscription
which causes this mail reflection. Do we have list admins here ?


Have a nice day :)

Thomas

Joe

unread,
Jun 20, 2016, 4:20:03 AM6/20/16
to
On Mon, 20 Jun 2016 10:04:17 +0200
"Thomas Schmitt" <scdb...@gmx.net> wrote:


> I guess i now get such a mail, too.
>
> The classical solution by the list admin is to remove the subscription
> which causes this mail reflection. Do we have list admins here ?
>

There are algorithms, which are particularly keen on bounces, even
when the reason is the slow/nonexistent response of the list's own DNS
servers. If your mail server is down for a day, you will be
unsubscribed.

--
Joe

Michael Milliman

unread,
Jun 20, 2016, 5:40:03 AM6/20/16
to


On 06/20/2016 04:32 AM, Thomas Schmitt wrote:
> Hi,
>
> Joe wrote:
>> There are algorithms, which are particularly keen on bounces,
> Interestingly the bounce messages did not appear on the list but only
> in the mailboxes of the original senders. So either the Debian list server
> filtered them out or it did not get them at all.
>
> Well, at least during the first 2 hours after sending mail to debian-user
> i did not get a message from postm...@ninjalabs-com.bounceio.net
> or any other bounce indications.
Situation not resolved....just got a bounce from the first response to
this message.
>
> Have a nice day :)
>
> Thomas
>

Thomas Schmitt

unread,
Jun 20, 2016, 5:40:05 AM6/20/16
to
Hi,

Joe wrote:
> There are algorithms, which are particularly keen on bounces,

Interestingly the bounce messages did not appear on the list but only
in the mailboxes of the original senders. So either the Debian list server
filtered them out or it did not get them at all.

Well, at least during the first 2 hours after sending mail to debian-user
i did not get a message from postm...@ninjalabs-com.bounceio.net
or any other bounce indications.


Michael Milliman

unread,
Jun 20, 2016, 5:40:05 AM6/20/16
to


On 06/20/2016 04:32 AM, Thomas Schmitt wrote:
Hopefully, then, the situation has been resolved or has resolved itself.
> Have a nice day :)
>
> Thomas
>

Thomas Schmitt

unread,
Jun 20, 2016, 6:30:04 AM6/20/16
to
Hi,

Michael Milliman wrote:
> Situation not resolved

Hm. If not the reply by Charlie S would report the same effect,
i'd say somebody is picking on you personally. (Subscribe to list,
wait for mail from you, make up some pseudo bounce message.)


I tried to learn about the strange headers like
Taap-Sender: ninjalabs+caf_=backup=ninjal...@gmail.com
The only occurence found by Google is your initial post here
https://lists.debian.org/debian-user/2016/06/msg00858.html

The domain ninjalabs.com is at sale.

I could not yet verify that bounceio.net belongs to the spam
facilitator bounce.io:
http://www.atelier.net/en/trends/articles/bounceio-looking-turn-non-delivered-emails-advertising-goldmine_431691
but the described spam scheme matches Micheal's description.
The pattern
postm...@some-domain.bounceio.net
is not overly popular in Google.
The whole thing looks like a very unsuccessful and inapt attempt
to make money from annoying mail users.

It might well be that my mail provider knows bounceio.net
and drops their messages even before they reach the spam filter.
Or maybe they already threatened bounce.io with lawsuits.
(The profession of my mail provider is invited spammer. Of course
they hate any freebie spammers.)

Don Armstrong

unread,
Jun 20, 2016, 2:10:05 PM6/20/16
to
On Mon, 20 Jun 2016, Michael Milliman wrote:
> I just replied to an email here on the debian-user list. I have checked the
> debian-user list archive on debian.org, and the email was indeed received
> and posted to the list. Nevertheless, I also received a bounce notice which
> was somewhat disturbing. It reported the email bounced from
> bac...@ninjalabs.com. This bounce notice was in HTML format and was mostly
> an advert. I am not an expert, or even very knowledgeable, about reading
> email headers, however it appears that the bounce was in response to the
> forward of my original message after having been received by the
> lists.debian.org server.

This happens when people have their mail system misconfigured to send
bounces to the header From: instead of the envelope FROM. If you receive
them in the future, please forward them to listm...@lists.debian.org
with a brief explanation of which list you sent the mail to and when,
and we'll unsubscribe (or try to unsubscribe) the offending address.

[Debian mailing lists have bounce handlers which automatically deal with
bounces which correctly go to the envelope FROM, but unfortunately there
are an infinite number of ways to misconfigure e-mail servers.]

--
Don Armstrong https://www.donarmstrong.com

I'm So Meta, Even This Acronym
-- xkcd http://xkcd.com/917/

Charlie S

unread,
Jun 21, 2016, 2:40:05 AM6/21/16
to
On Mon, 20 Jun 2016 13:03:10 -0500 Don Armstrong sent:

> On Mon, 20 Jun 2016, Michael Milliman wrote:
> > I just replied to an email here on the debian-user list. I have
> > checked the debian-user list archive on debian.org, and the email
> > was indeed received and posted to the list. Nevertheless, I also
> > received a bounce notice which was somewhat disturbing. It
> > reported the email bounced from bac...@ninjalabs.com. This bounce
> > notice was in HTML format and was mostly an advert. I am not an
> > expert, or even very knowledgeable, about reading email headers,
> > however it appears that the bounce was in response to the forward
> > of my original message after having been received by the
> > lists.debian.org server.
>
> This happens when people have their mail system misconfigured to send
> bounces to the header From: instead of the envelope FROM.

Which people? We who are getting these bounces or some other people?

I'll see if I get another like it. If so, then unsubscribe, then
subscribe with something other than Gmail.

Charlie

Lisi Reisz

unread,
Jun 21, 2016, 3:40:05 AM6/21/16
to
It's nothing to do with Gmail in this particular case. I am not getting them.
It is the sender that has the misconfiguration in this case.

Lisi

Thomas Schmitt

unread,
Jun 21, 2016, 4:40:03 AM6/21/16
to
Hi

Lisi Reisz wrote:
> It is the sender that has the misconfiguration in this case.

But what is misconfigured in particular ?

The mail clients used are all different:
Lisi: User-Agent: KMail/1.9.10 [gets no spam]
Michael: User-Agent: Mozilla/5.0 [gets spam]
Charlie S: X-Mailer: Claws Mail 3.13.2 [gets spam]
me: Custom SMTP client [gets no spam]

But the mail servers only get to see the mail headers, not the local
configuration of the mail client. So the difference would have to
show up in those headers.


All mails i get from the list have as first header

Return-Path: <bounce-debian-user=scdbackup=gmx...@lists.debian.org>

which is not by my mail client but obviously from the list server.
I assume that you see your own address as first header in the mails you
get from the list.

Different from mine, your, Michael's, and Charlie's mail clients seem
to have sent own Return-path headers which the list server converted to
Old-Return-Path: <lisi....@gmail.com>
Old-Return-Path: <michael.e...@gmail.com>
Old-Return-Path: <taoqu...@gmail.com>
So this cannot be the difference between your and their experience.


My best theory for now is that the spam sender has a list of spam-worthy
Gmail users and that lisi....@gmail.com is not on it.
(What products are advertised in the spam part ? Typical male ?)

Charlie

unread,
Jun 21, 2016, 4:40:03 AM6/21/16
to
On Tue, 21 Jun 2016 08:33:22 +0100 Lisi Reisz sent:
Just to be clear.

If someone sends to the list through Gmail and receives these bounces
back through Gmail, it's not Gmail at fault? Then what sender? The
Debian list maybe? If so why to some responding to a post?

Sorry for being so thick.

But it doesn't matter anyway I think.

Charlie

--
Registered Linux User:- 329524
***********************************************

I have found it to be the most serious objection to coarse
labors long continued, that they compelled me to eat and drink
coarsely also....Henry David Thoreau

***********************************************

Debian GNU/Linux - Magic indeed.

-----------------------------------------------------

Charlie

unread,
Jun 21, 2016, 5:40:04 AM6/21/16
to
On Tue, 21 Jun 2016 08:33:22 +0100 Lisi Reisz sent:

Just to be clear.

If someone sends to the list through Gmail and receives these bounces
back through Gmail, it's not Gmail at fault? Then what sender? The
Debian list maybe? If so why to some responding to a post?

Sorry for being so thick.

But it doesn't matter anyway I think.

Charlie

--
Registered Linux User:- 329524
***********************************************

Under a government which imprisons any unjustly, the true place
for a just man is also a prison. -Henry David Thoreau

John Hasler

unread,
Jun 21, 2016, 8:40:04 AM6/21/16
to
Charlie writes:
> Which people? We who are getting these bounces or some other people?

Someone subscribed to the list. Then, for one of many reasons (perhaps
they got fired and the address is no longer valid), the email server
they utilized started bouncing messages from the list. However, said
server is misconfigured: it bounces to the address on the "From:" line
rather than back to the Debian server the message came to it from.
Thus the Debian server never sees the bounce: it comes direct to you.

> I'll see if I get another like it. If so, then unsubscribe, then
> subscribe with something other than Gmail.

Won't make any difference. Forward such buggy bounces to the
listmasters so they can unsubscribe the originating address.
--
John Hasler
jha...@newsguy.com
Elmwood, WI USA

Cindy-Sue Causey

unread,
Jun 21, 2016, 8:50:04 AM6/21/16
to
As I read through everyone's response, I thought.. Hm, I just sent a
response earlier and didn't receive it either. Then I remembered that
that domain was familiar from a recent email so I searched my inbox.
Didn't find it but DID find that I had, yes, received a similar bounce
notice since last night:

+++ BEGIN FORWARDED BOUNCE EMAIL +++

There was a problem delivering your email to:
bac...@ninjalabs.com

WHAT HAPPENED? The domain name of the email address is not valid.

WHAT CAN YOU DO? Check the "ninjalabs.com" part of the email address
for misspellings or missing letters. (If you find an error, you might
need to correct it in your contacts list or address book too.)

If necessary, contact your recipient another way (e.g., phone or text
message) to confirm their email address.

Find out more information about this bounce message.

Advertisement | Prefer no ads?

WHO ARE WE? Bounce works on behalf of various Internet properties to
give you better information about why your email wasn't delivered. You
can learn more about us here.

+++ END FORWARDED BOUNCE EMAIL +++

That's all I know about it. One Gmail mangled link in it *appears* to
redirect to b-io.me... Tried searching it before sending this. Ended
up with a lot of references to "biome" on the front page. I'm not
wasting time going deeper in.

The advertisement is not displaying (due to user *_CHOICE_*). I'm also
not going to pursue that aspect beyond that. I'm still in emergency
mode via "that other operating system" is the reason there. The
advertisement is prominently embedded a la the way your basic blog
post type of service embeds images.

That's all I know. If I'd been a hurry and not seen the current thread
first, I'd most likely have (rightly or wrongly) blown it off by
sending it to the trash bin. Maybe.. who knows.. *grin*

Cindy :)

--
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Michael Milliman

unread,
Jun 21, 2016, 9:10:03 AM6/21/16
to
Clearly, the problem is not necessarily with those of us that received
the bounce notices, though I suspect that we could probably add some
additional software/configuration on existing software to filter these
things out. I have received bounce notices before and they were always
very matter-of-fact types of things informing me that the email was
undeliverable and why.

One of the terms used in other replies on this thread is
"misconfigured." And I believe that this is not the correct term.
Misconfigured, to me, implies an error. In this case, I think that the
configuration is deliberate. Knowing that returning the bounce notice
to the envelope from, which in this case is the debian-user list, would
result in no one seeing the spam, the operators of this particular
server have deliberately configured it so that it will return the bounce
notice to the From: of the original message, thereby greatly increasing
the probability that the spam would get seen.

Please note that this is merely my opinion, and that I know that I am
splitting hairs with the misconfiguration/configuration terminology.
However, the solution has been presented in this thread -- forward the
offending message to the list administrator so that the email address
from which the spam/bounce notice is coming can be unsubscribed. Once
that happens, the spam/bounce notices will disappear.

John Hasler

unread,
Jun 21, 2016, 9:20:04 AM6/21/16
to
Here's the explanation:

http://www.atelier.net/en/trends/articles/bounceio-looking-turn-non-delivered-emails-advertising-goldmine_431691

https://betterbounces.net/

I'd say that this "Scott Brown" guy behind bounce.io is a bungler, but
that may be too generous. He may be doing this on purpose so that his
spam always goes to a person rather than to a listserver.

bounce.io is a spam domain. Block it with your filters.

Charlie

unread,
Jun 21, 2016, 9:40:04 AM6/21/16
to
On Tue, 21 Jun 2016 08:00:09 -0500 Michael Milliman sent:

> However, the solution has been presented in this thread -- forward
> the offending message to the list administrator so that the email
> address from which the spam/bounce notice is coming can be
> unsubscribed. Once that happens, the spam/bounce notices will
> disappear.

Did that.

Also no longer use that address or Gmail for the list, as The address is
obviously toxic, while other Gmail addresses are not.

No more bounce messages.

Charlie
--
Registered Linux User:- 329524
***********************************************

No generation has a freehold on the earth. All we have is a
life tenancy - with a full repairing lease. -- UK Prime
Minister Margaret Thatcher 1988

John Hasler

unread,
Jun 21, 2016, 10:30:04 AM6/21/16
to
Charlie writes:
> Also no longer use that address or Gmail for the list, as The address
> is obviously toxic...

No it isn't.

Lisi Reisz

unread,
Jun 21, 2016, 10:40:04 AM6/21/16
to
On Tuesday 21 June 2016 09:26:02 Charlie wrote:
> Then what sender?

The sender of the bounce. The addressee?

Lisi

Don Armstrong

unread,
Jun 21, 2016, 11:00:04 AM6/21/16
to
On Tue, 21 Jun 2016, Charlie S wrote:
> Which people? We who are getting these bounces or some other people?

Some other person whose MUA setup is sending the bounces. You'll get
them in response to messages that you send to the mailing list while the
offending subscriber's email address is broken and subscribed.

> I'll see if I get another like it. If so, then unsubscribe, then
> subscribe with something other than Gmail.

If you're getting them, it's almost certainly not you.

--
Don Armstrong https://www.donarmstrong.com

life's not a paragraph
And death i think is no parenthesis
-- e.e. cummings "Four VII" _is 5_

Michael Milliman

unread,
Jun 21, 2016, 12:30:04 PM6/21/16
to


On 06/21/2016 09:24 AM, John Hasler wrote:
> Charlie writes:
>> Also no longer use that address or Gmail for the list, as The address
>> is obviously toxic...
> No it isn't.
No it is not my email address that is "toxic." I may be able to make
some changes to improve such situations in the future, but the problem
is most definitely not on my end, or at gmail. My system, and google
mail's are working pretty much as they are supposed to. My posts go
through gmail to the debian-user list server, which then "re-broadcasts"
those posts to the subscribed email addresses. One of those addresses
were generating bounce messages which should have gone back to the
debian-user list server, but instead, due to the "misconfiguration" were
sent directly to the originator of the message. The fact that those
messages showed up for some of us and didn't for others could be
accounted for by a number of differing possibilities. In the future,
that server will be blacklisted on my system, so any messages showing up
from it will simply be refused or ignored.

Also, it is worth noting that the bounce messages that I and some others
have experience are no longer happening, at least not with my posts.
Reply all
Reply to author
Forward
0 new messages