Buy

Books
Click images for more details

Support

 

Twitter
Recent comments
Recent posts
Currently discussing
  • Jun 21 - Mark Hodgson on
    COP 23
  • Jun 20 - Mark Hodgson on
    COP 23
Links

A few sites I've stumbled across recently....

Powered by Squarespace
« iPanic | Main | Sheep »
Friday
Aug132010

Email problems

I am having severe email problems. Anything addressed to my normal email address is being bounced. I'm getting odd emails suggesting that spammers are using my domain - ie out of office bounces addressed to non-existent people at my domain.

If anyone can offer advice on how to deal with this, I'd be grateful.

In the meantime, contact me through the contact link on the sidebar.

PrintView Printer Friendly Version

Reader Comments (22)

I just changed domains and I expect to be removing glitches for weeks. Sounds like you need to bring in a real IT guy. My additional advice: 2 shots of Scotch.
If that doesn't help, then take 2 more.

Aug 13, 2010 at 4:12 PM | Unregistered CommenterP Gosselin

I was going to send you an email to see the bounce message, as that will likely give clues as to the cause, but I don't actually see your email listed anywhere here.

Aug 13, 2010 at 4:30 PM | Unregistered CommenterSkip

First: Change the password on your e-mail account.
Second: This really is a police matter. If the bouncebacks include the original message, save them because they'll want to examine the headers and whatever links the message contains.
Third: Don't wanna sound paranoid, but maybe it isn't a random hit.... nuisance mail can be a way to make you unpopular.

Aug 13, 2010 at 4:44 PM | Unregistered CommenterRobert E. Phelan

My email to your tiscali address bounced last week (wasn't important so I didn't follow up).

The out-of-office stuff doesn't necessarily mean anything - probably just spammers forging your domain as the from line - they don't need to hack your domain to do this.

Aug 13, 2010 at 5:25 PM | Unregistered CommenterJonathan

Jonathan is right, it is just some spammer is using your address in the from box. It works against companies and isp's that do not use reverse lookups or blocking from known spamming ip's. People in our company complain all the time about getting bounce backs from people they don't send email too.

Aug 13, 2010 at 5:38 PM | Unregistered CommenterGary C

I agree with Robert E. Phelan

I would strongly advise you to get a new email account with another ISP as you are most like the victim of a serious attack. You have made a lot of hostile "friends". I too have sent an email to see what happens. If it gets through, ignore it.

Aug 13, 2010 at 5:43 PM | Unregistered CommenterDon Pablo de la Sierra

Frustrating computer problems I always watch this:-
http://www.metacafe.com/watch/972864/bad_day_at_the_office/

It doesn’t solve anything but it helps.

Aug 13, 2010 at 5:53 PM | Unregistered Commentermartyn

Hi,
What I think has happened is that your domain address has been spoofed - this is very easy to do. The spammers will have sent out spoofed emails, hence the bounceback. Then I suspect someone has reported the spam with your spoofed address and your real domain has been blacklisted, hence nothing getting through. Speak to your hosting providers.

Another possibility is that you might have a virus or trojan on one of your machines sending out spam. In this instance, it might be prudent to speak to your ISP to get them to monitor your connection. This will show if there is an unusual amount of traffic going out. If so, then isolate the machine with the problem.

If you need any more help, let me know. I'm a pro in this field...

Aug 13, 2010 at 6:01 PM | Unregistered CommenterDangermouse

I wouldn't worry too much. It happens to us occasionally. It's just some spammer using your e-mail address.

My experience is that it happens about once a year, lasts a couple of days, and then the spammer moves on. We just set up a mail filter which junks the bounce-back messages automatically.

Aug 13, 2010 at 6:03 PM | Unregistered CommenterSimon Marsden

Most likely spammers are NOT using your domain.

Instead what they are doing is sending from their domain, but giving your domain as the fake sender, and/or return address. When they do this, some email receipients will bounce back the spam to the fake sender/return address.

There's nothing you can do about this, other than having email addresses on more than one domain, preferably on separate servers.

Aug 13, 2010 at 6:17 PM | Unregistered Commentercopner

If mails are bouncing, the bounce messages will say why, and which machine has done the bouncing. Open a free webmail account (Yahoo, Google, Hotmail) and send yourself a mail, then look carefully at the bounce message. If you want any help interpreting it, mail me - you have the address from this comment. I run ISP mail servers in my day job.

[BH adds. Thanks Peter. I have a few offers of help now. I'll get in touch if I need you]

Aug 13, 2010 at 6:40 PM | Unregistered CommenterPeter Risdon

1. It's possible you have a virus. Rule that out. I recommend free MalwareBytes run in safe mode (assuming you use windows). Reboot and repeat until it comes up with zero infections, only then start in windows normal mode.

2. I redirect all my email to gmail. It acts as a very good spam filter and it's also great for checking mail when away from my normal PC. You can still use your favourite email client in and treat gmail as you incoming mail server. It works very well for me and it searches 15 years worth of email (I uploaded all old email) so much more quickly than my PC.

Aug 13, 2010 at 10:59 PM | Unregistered Commenteragw101

These days almost all email servers check PTR records for mail validity before rejecting an email, as well as relying on spam databases for known-to-be-exploited server IPs. It's possible that your email server has failed a PTR record check - which can also be for a multitude of connectivity-related reasons - and/or has found its way onto a blacklisted email server list. Several centralised databases of vulnerable and exploited servers supply email providers with cross-checking capabilities and some of those will, as a courtesy, notify you if your email server has "failed the test".

It's never a bad idea to check for malware, and MalwareBytes is certainly credible. Very often these days, however, malware is MalwareBytes (and other AV apps) aware, and can make life difficult, short of a format/reinstall.

By the law of averages, your email server has likely either been compromised or wrongly consigned to the spam suspects bin. If this turns out to be the case, it's a bit (but not a lot) of legwork on the part of your email system administrator to have it removed from blacklists, though if it has been compromised the vulnerability would need to be addressed first.

Aug 14, 2010 at 1:22 AM | Unregistered CommenterSimonH

Oops.. missed Peter Risdon's post, above. Follow that white rabbit :o)

Aug 14, 2010 at 1:25 AM | Unregistered CommenterSimonH

Well, it took 24 hours, but my email to you was finally bounced as being delayed.

It said, with redactions: (The number of 'x's are also changed from original.)


Reporting-MTA: dns;eforward1.wef05.name-services.com
Received-From-MTA: dns;c9mailgw41.amadis.com
Arrival-Date: Fri, 13 Aug 2010 09:53:30 -0700

Final-Recipient: rfc822;XXXXXXXXXXXX@XXXXXXXX.XXX.XXX
Action: delayed
Status: 4.4.7
Will-Retry-Until: Sun, 15 Aug 2010 09:54:08 -0700

This is a MIME-formatted message.
Portions of this message may be unreadable without a MIME-capable mail program.

--9B095B5ADSN=_01CB2E6BE1D6F4E60002EBC1eforward1.wef05.
Content-Type: text/plain; charset=unicode-1-1-utf-7

This is an automatically generated Delivery Status Notification.

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipients has been delayed.

xxxxxxxxxxxx@xxxxx.xxx.xxx

This means that the problem is not in your account per se, but in the mail delivery server. That means there is a problem in the server, which could be due to anything. But the problem is most likely not in your own computer. Call you ISP and bitch if it still isn't working. It is very possible that someone hacked the server and got you, or there is just a technical problem.

I might also point out that your ISP is not the name you use on your email, but rather the name of a very large communications company. Your email address was translated automatically, I guess.

I have the complete email and can sent it to whomever. However, the header, with your email redacted, is above.

Aug 14, 2010 at 2:49 PM | Unregistered CommenterDon Pablo de la Sierra

Assuming you haven't noticed -- you personal email is still delayed. I just got my second notice.

It should have been fixed by now.

Aug 15, 2010 at 8:01 PM | Unregistered CommenterDon Pablo de la Sierra

Don P

Tell me about it. If my domain host and ISP offered better service it would no doubt be fixed already.

Aug 15, 2010 at 8:10 PM | Registered CommenterBishop Hill

Do what I did. I got my own domain names (I like Go Daddy, but there are others like Tucow ), and then I went to TCH (there are others as well) where for $19.95 a month I have a Reseller account. I have all my URLs hosted (6 at the moment) and have complete control of the emails, spam controls, etc. I add and delete email accounts at my whim and generally have a good time. I might add since I own all the domains in my account, I am not really a reseller, but I could be if I wish. What I am buying is not a hosted domain alone, but also disk space and monthly bandwidth which I can use to put up additional domains. As many as will fit, in fact. The limiting issue is how much you pay per year per domain name you have registered.

In short, I am my own ISP.

Now the connection to the internet is something else. I have DSL with ATT which runs through my land line (yes, I have one of those!) but you can also do it through cable or even wirelessly. The trick is because of all the restrictions on email for security, I must send emails from xxxxxx@att.net but I can receive them through any of my email accounts. You can do this because you send email on SMTP and receive on either IMAP or IPOP.

If you can administer a Blog, you can administer a domain. The program used is Cpanel and if you have a reseller account, you also get WHM.

While the master account (the reseller account) is under the control of TCH , you actually create and delete and whatever the sub accounts. Thus for $20 a month, I have all six URLs up and running with about a dozen email accounts.

Now, there are downsides. From time to time, things go wrong at TCH, as with anyone. I just had a strange problem with one of my resold accounts. I sent them an email and they sorted it out in about two hours. Things do go wrong, but for the last ten years I have been with them and very very happy. They are the only internet supplier I have stayed with for more than two years.

Aug 16, 2010 at 3:56 PM | Unregistered CommenterDon Pablo de la Sierra

Oh, and another thing -- if TCH ever does piss me off, I can take it all with me to somebody else and I don't have to send out a gazillion emails to various people telling them that I have a new email account. The domain name travels with me. I own it.

And I might point out that you are actually on a reseller at this time. Why not be your own ISP?

There are some hassles, but if you can administer a blog account, you can administer a ISP.

Aug 16, 2010 at 4:02 PM | Unregistered CommenterDon Pablo de la Sierra

Don P

I've switched from my ISP's mail account to gmail. That didn't seem to fix it, so i contacted the domain host. A large backlog of email has now appeared, but my ticket is still open, so I'm unsure if they have fixed it or not.

Aug 16, 2010 at 4:13 PM | Registered CommenterBishop Hill

Well, I think gmail is a mistake, as it is easily hacked. But do what you think is best.

You clearly have an SMTP problem with Tiscali Just what, I don't know. However it is the following two servers what are not getting through somehow. It really looks like a DNS issue, but since I stopped playing network guru 10 years ago, I have no idea what is happening in the internet of 2010. It has changed a lot.


Reporting-MTA: dns;eforward1.wef05.name-services.com
Received-From-MTA: dns;c9mailgw41.amadis.com
Arrival-Date: Fri, 13 Aug 2010 09:53:30 -0700


But good luck with technology. At least the Royal Mail delivered regularly

Aug 16, 2010 at 6:30 PM | Unregistered CommenterDon Pablo de la Sierra

Okay,

I spent a few minutes looking into it. You have an account on a company that does editing. They are going to remain unnamed because you already know that name. They have service on tiscali.co.uk. There appears to be a DNS error in the entry for the name of that company, or somebody has gotten into the tiscali server and did a job on you. This is about all I can do without admin rights on the tiscali server. Have them look carefully at the DNS entries, and SMTP queues on the Tiscali server. I could be wrong, and probably am, but that is my first guess.

Also, somewhere along the way somebody has remapped your email address from XXXX@editors.co.uk to XXXX@tiscali.co.uk. I see both names in the report I got, so it occured down wind of where the problem is.

Aug 16, 2010 at 6:48 PM | Unregistered CommenterDon Pablo de la Sierra

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>