Strange bounce-back

[George]

Using OE6 on a XP-SP3 laptop.

 

Have had no problems with outgoing messages for many years, but today a message I sent to a law firm bounced back with this strange explanation:

__________________________________________________________________

 

SMTP error from remote mail server after end of data:
    host inbound.lbrglaw.com.netsolmail.net [206.188.198.64]:
    554 5.7.1 The message from (<reda...@earthlink.net>) with the subject of (redacted) matches a profile the Internet community may consider spam. Please revise your message before resending.

___________________________________________________________________

 

The message is DEFINITELY NOT spam. 

 

"Server requires authentication" under Outgoing Mail Server is checked.

 

Also, when I send the same message thru Earthlink's Webmail, it does not bounce.

 

And mail FROM this same law firm is received fine in my OE Inbox.

 

Can anybody point me to some troubleshooting tips?  What would cause this?

 

Thanks in advance,

George

[VanguardLH]

"George" wrote:

> Using OE6 on a XP-SP3 laptop.
>
> Have had no problems with outgoing messages for many years, but today
> a message I sent to a law firm bounced back with this strange
> explanation:
> __________________________________________________________________
>
> SMTP error from remote mail server after end of data:
> host inbound.lbrglaw.com.netsolmail.net [206.188.198.64]:
> 554 5.7.1 The message from (<reda...@earthlink.net>) with the subject of (redacted) matches a profile the Internet community may consider spam. Please revise your message before resending.
>
> ___________________________________________________________________
>
> The message is DEFINITELY NOT spam. "Server requires authentication"
> under Outgoing Mail Server is checked. Also, when I send the same
> message thru Earthlink's Webmail, it does not bounce. And mail FROM
> this same law firm is received fine in my OE Inbox.

How many e-mails have you sent to the target e-mail server? Are they
very much alike?

Do you add a signature to your outbound e-mails?

Do you send a lot of e-mails (with that signature) to recipients at the
same target e-mail server?

How do you know that a spammer is not using your e-mail address to spew
spam at the target e-mail server? You don't unless you can get hold of
an admin at the target server.

[George]

"VanguardLH" <V...@nguard.LH> wrote in message
news:k5i175$172$1...@news.albasani.net...

Vanguard, thanks for responding. To answer your questions:

This was the my first e-mail to the target server.

No signature added to any e-mails.

I don't know that, but note that when I send to that same address
thru webmail (Earthlink), the message doesn't bounce, only when
using OE6 and to this particular address.

George

[Paul]

Firms receiving emails, can sometimes use blocklists, to block well-known
sources of spam. What I don't understand, is the mechanics, and how
the receiving server gets IP address information about where an email
originated from.

http://forums.verizon.com/t5/FiOS-Internet/Outbound-email-blacklisted/td-p/89063

Paul

[George]

"Paul" <nos...@needed.com> wrote in message
news:k5jl5s$nqd$1...@speranza.aioe.org...

Paul, thanks for the link, this can get quite convoluted! It has
to be some kind of filter at the firm's end causing the
bounce-back. I alerted the firm about it (using Earthlink's
webmail). Since I can use webmail to communicate with them
without any problem, and since none of my outgoing to any other
recipient has bounced back, I'll just continue to use webmail for
this particular recipient until they fix the problem.

George

[VanguardLH]

"George" wrote:

> It has to be some kind of filter at the firm's end causing the
> bounce-back. I alerted the firm about it (using Earthlink's
> webmail). Since I can use webmail to communicate with them without
> any problem, and since none of my outgoing to any other recipient has
> bounced back, I'll just continue to use webmail for this particular
> recipient until they fix the problem.

DNSBLs (DNS blocklists) are built using honey pots or spamtraps and
sometime incorporate user reports (i.e., those that receive spam and
report it, like to Spamcop). These list the IP addresses of the known
spam sources. These lists (if reasonable) will expire a source IP
address after, say, a day (e.g., Spamcop) unless that same IP address
sends more spam in which case repeat offenses will extend the
blocklisting (either for another day or blocking gets progressively
longer for added offenses).

Say a spammer send lots of crap to the same target server to which you
sent your e-mail. That IP address is in a DNSBL so e-mails from that
spam source get blocked (discarded). Since most Internet users have
dynamically-assigned IP addresses, the spammer releases their IP address
after awhile, like when they power down their PC. That unbinds the IP
address so it is available for reassignment to another user. Someone
gets gets their IP lease expired, they unbind, and later they reconnect,
need an IP address, and that previously used IP address by the spammer
gets assigned to some innocent user. That means the DNSBLs that had the
spamming IP address will now consider you the spammer because you are
now using that same IP address. This is what happens with dynamically
assigned IP addresses: you get one from the pool of those that are
available (no bind) but it's very likely someone before you also had
that same IP address before. They don't have it now and instead you
have it. The DNSBLs always have hysterisis: it takes time to update
their lists and how fast they get removed from these blocklists depends
on how short is the expiration on entries in these blocklists.
Spamcop's expiration is 24 hours. Some have longer expirations.

I think SORBS is 3-4 days and sometimes up to a week. In fact, their
cleanup has problems and periodically they have to do a manual cleanup
but that's weeks apart. In fact, I got nailed with a bad IP address (it
was previously a spam source) but it was last listed in SORBS (when they
last saw evidence of further spamming) several months before. They had
a record that was months old beyond their normal expiration period and
long after they had a repeat offense recorded and didn't catch it with
their manual cleanup. I had to contact SORBS to get my current IP
address removed from their list. It was pretty easy considering it was
one that fell through their cracks of their normal expiration and manual
cleanup.

I don't know what is the normal expiration (without repeat offense) of
entries recorded by Spamhaus.

Unless you know what DNSBL is being employed at the target e-mail server
that receives and rejects your e-mail, you have no way to contact that
DNSBL provider to request your entry get removed. If if were Spamcop,
you might as well as wait 24 hours for their normal non-repeat
expiration since it's going to take a day, or more, for Spamcop to see
and work on your request. For SORBS, you do want to contact them if
your entry is after their normal non-repeat offender expiration period.
I've never had to contact Spamhaus since whatever expiration they have
works well enough within a short period to obviate having to get them to
manually update their blocklist.

It isn't of much use for you to contact the admin at the target e-mail
server. Their responsibilities are to their own customers are you
aren't one of them. If you know of a user at that e-mail server, you
could have them, as a customer of that server, contact their e-mail
provider to ask for a resolution on the problem. If they're not using
their own DNSBL, the result will be "wait for the DNSBL to get updated
so your IP address is no longer in their blocklist". In effect, they'll
just tell you to wait or they'll put the trouble ticket on hold for a
couple days and then report the problem has miracuously disappeared or
just tell you the problem was fixed and try to take credit for it. By
the time the low-priority ticket gets attention, the problem no longer
exists. If the target e-mail server is using their own DNSBL, again,
you as an outside user won't get attention from them and you need to get
one of their customers to resolve the problem. Alternatively, you could
report the problem to your e-mail server who then, as an admin, would
contact the admin of the other server to resolve the problem. Because
each wants to have e-mail delivered to the other, admins will work
together to fix e-mail problems between them.

While you said you got the NDR (non-delivery report) once before, you
haven't mentioned if another e-mail from your OE and same host (so the
IP address is the same) after 24 hours of waiting still generated the
same NDR response. You started this thread over a day ago. Have you
tried sending another e-mail to that same target e-mail server to see if
it still blocks your e-mail?

If you're still getting blocked (which means the DNSBL used by the
target server has an unreasonable expiration period) after a day then
see what happens if you change your IP address. See what is your
current IP address. If you are using a router, *that* is the IP address
seen by any host to which you connect. Release the bind on the current
IP address and request a new IP address. In the router should be
Release and Renew option for its WAN-side IP address (the one that it
gets from your ISP's DHCP server). It's possible you get back the same
IP address you had before. A short-circuit algorithm for broadband
providers often results in users getting back their same old IP address
when they release and try to get a new one. You want to make sure the
new IP address you get from your ISP is different from the old one you
had before. If you keep getting back the same IP address, release the
IP address and wait awhile (could be an hour) before requesting a new
one. That should make sure the IP address pool gets stirred well enough
so you'll get a different one than you had before.

This really isn't an issue with Outlook Express. When you want help
with spam or conflicts with anti-spam mechanisms, ask in a newsgroup
that discusses spam, like the alt.spam newsgroup.

[George]

"VanguardLH" <V...@nguard.LH> wrote in message

news:k5ke59$8on$1...@news.albasani.net...

> DNSBLs (DNS blocklists) are built using honey pots or spamtraps
> and
> sometime incorporate user reports (i.e., those that receive spam
> and
> report it, like to Spamcop). These list the IP addresses of the
> known
> spam sources. These lists (if reasonable) will expire a source
> IP
> address after, say, a day (e.g., Spamcop) unless that same IP
> address
> sends more spam in which case repeat offenses will extend the
> blocklisting (either for another day or blocking gets
> progressively
> longer for added offenses).

(rest of message snipped)

Vanguard, thanks for that thorough and interesting explanation.
I'm going to release and renew my IP address thru my router and
see if that fixes the problem.

George

[VanguardLH]

"George" wrote:

> Vanguard, thanks for that thorough and interesting explanation.
> I'm going to release and renew my IP address thru my router and
> see if that fixes the problem.

Record the old IP you have.
Release.
Renew.
Check the new IP you got.

You need to ensure the new one is different than the old one. You do
this on whatever node in your network is connected to the cable modem
whether that be a router or your computer (if you're not using a
router).

[George]

"VanguardLH" <V...@nguard.LH> wrote in message news:k5mqqm$huc$1...@news.albasani.net...

 

> Record the old IP you have. 
> Release.
> Renew.
> Check the new IP you got.
>
> You need to ensure the new one is different than the old one.  You do
> this on whatever node in your network is connected to the cable modem
> whether that be a router or your computer (if you're not using a
> router).

 

Vanguard, when I run ipconfig from a command prompt to get my IP Address, I get two as below:

 

Ethernet adapter Wireless Network Connection:

 

   Connection-specific DNS Suffix  . :

   IP Address. . . . . . . . . . . . : 192.168.11.2

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   IP Address. . . . . . . . . . . . : fe80::68b:e8qq:fm9k:y37%y2  

   Default Gateway . . . . . . . . . : 192.168.11.1

 

(In order not to broadcast the second one to the entire world via this ng, I changed it slightly for posting here, but the real one is in this same alpha-numeric format).  My question is, which IP address would OE be using when I send e-mails?

 

George 

 

[VanguardLH]

It's irrelevant what dynamic IP address the DHCP server inside your
router assigned to your host. No host to which you connect will see
that IP address (well, it can be dug out using Javascript). External
hosts to your intranetwork (i.e., out in Internet) will see the WAN-side
IP address of your *router* and that's the node you need to change its
dynamic IP address assigned by your ISP.

Use your web browser to connect to the web server inside your router to
see what is the *router's* WAN-side IP address. Find its config screen
that lets you release its dynamic IP address and get a new one.

[DAS]

It can be the sender's ISP's server which, yes, has been identified as a
source of spam. It has happened to me quite a few
times. It may clear itself or sender has to inform his ISP.

DAS
--
To reply directly replace 'nospam' with 'schmetterling'
---

"VanguardLH" <V...@nguard.LH> wrote in message

news:k5nvur$ei3$1...@news.albasani.net...

[VanguardLH]

"DAS" wrote:

> It can be the sender's ISP's server which, yes, has been identified as a
> source of spam. It has happened to me quite a few
> times. It may clear itself or sender has to inform his ISP.

The OP would have to send a test e-mail to a *different* domain then the
one where he has an e-mail account; i.e., he needs to send a test e-mail
from one e-mail provider to a different e-mail provider. Sending an
e-mail to himself would likely result in shortcut (internal) routing
that might not have the necessary headers. He needs to find the
boundary e-mail server for his own e-mail provider. Looking at the
Received headers in the received test e-mail would show what was the
SMTP server used by the OP to send out his e-mail. Once the sending
SMTP server is known, check if it is on the DNSBls by visiting:

http://www.spamhaus.org/lookup/
http://www.spamcop.net/bl.shtml
http://www.sorbs.net/lookup.shtml

These check multiple blocklists:
http://whatismyipaddress.com/blacklist-check (checks several BLs)
http://www.blacklistalert.org/
http://www.blacklistmaster.com/
http://www.mxtoolbox.com/blacklists.aspx

The OP could repeat this test twice: send a test e-mail using his local
e-mail client connecting to the SMTP server and send again using the
webmail interface to his same e-mail account. Then compare the Received
headers to see if the boundary SMTP servers were different; that is, see
if the boundary SMTP server used to send his e-mail when he used a local
e-mail client is the same or different than the boundary SMTP server
used to send his e-mail when he used the webmail interface.

Of course, the target e-mail server (the receiving one) could be using
their own blocklist or contract with some anti-spam service that builds
their own. Anti-spam solutions can be private or proprietary and not
employ these publicly accessible blocklists. The NDR message doesn't
give a clue as to HOW the received message was determined to be spam. I
don't remember getting an NDR that said "matches a profile that the

Internet community may consider spam".

Personally I think the receiving mail server is going by something more
local to the sender. From his description, his e-mails are probably
originating from the same SMTP server at his same e-mail provider
whether he sends locally or when using their webmail interface. The OP
stated that he gets the NDR when he sends from his local host through
his e-mail provider (Earthlink) but does not get an NDR when he uses the
webmail client for his same e-mail provider. It is possible that the
SMTP server to which he connects locally and the one to which he
connects when using the webmail client result in a different boundary
SMTP server used to send out his e-mail.

Many large ISPs and e-mail providers employ multiple boundary SMTP
servers for load-balancing and redundancy. For example, to register
myself at Spamcop (so I can report spam), they have me send them a test
e-mail to figure out from which SMTP server my e-mail originates. Upon
receipt and inspection of my test e-mail, they know which is my sending
SMTP server. They also have a list of other boundary SMTP servers at
the same domain and assign those to my account because it is possile
that at a later time my e-mail provider happens to send out my e-mails
through a different one of their boundary SMTP servers. For example, if
I go to:

http://mxtoolbox.com/SuperTool.aspx

and enter "earthlink.com", it reports back several known boundary SMTP
servers for Earthlink. If Earthlink got [enough] reports from their own
customers that their outbound e-mails were getting blocked as spam, I'm
sure they would work with the e-mail provider operating the receiving
SMTP server to resolve the problem rather quickly (within a few days, if
not sooner). I ran the IP addresses reported back for the MX records at
Earthlink through MxToolbox's own multi-list checker. None of those IP
addresses were on any blocklist (that MXtoolbox scans). So, again, I
think it is something more local regarding the content or source (below
his ISP's SMTP server) that is causing an NDR when sending locally.

[DAS]

This may be so but I have directly reported being blocked by AOL and Yahoo
to my ISP. I think I even used a telephone...

DAS
--
To reply directly replace 'nospam' with 'schmetterling'
---
"VanguardLH" <V...@nguard.LH> wrote in message

news:k5pm88$5b1$1...@news.albasani.net...

[DAS]

PS. In the meatime I used my Yahoo mail to send messages to Yahoo
addresses...

DAS
--
To reply directly replace 'nospam' with 'schmetterling'
---

"DAS" <nob...@nospam.co.uk> wrote in message
news:k5rnso$9vf$1...@dont-email.me...

[jrichard....@gmail.com]

> Vanguard, thanks for responding. To answer your questions:
>
>
>
> This was the my first e-mail to the target server.
>
>
>
> No signature added to any e-mails.
>
>
>
> I don't know that, but note that when I send to that same address
>
> thru webmail (Earthlink), the message doesn't bounce, only when
>
> using OE6 and to this particular address.
>
>
>
> George

Hey George, I was just searching the web for the very same problem you are having. My father's small company still uses Earthlink for their e-mail, even though the company is about dead and doesn't update their software anymore.

Since we have now swapped from dial-up to high speed internet (yes finally), we will be dropping earthlink as soon as we can notify all our contacts. We even have to pay for just e-mail! If you go to Earthlink.net and attempt to sign up for a new account, you will find no such place exists!

It is for these reasons I believe the e-mails are simply bumped right back by Earthlink's antiquated servers that lack any sort of update since the decline of dial-up internet. hah