Discussion:
Demon email blocking, need some advice
(too old to reply)
BWYSB
2007-03-23 19:57:51 UTC
Permalink
I've been trying to engage the Demon folk with a problem I started
having about a month ago now (although I first contacted them a few
days after the problem began).

Their mail server started bouncing emails to me from two "respectable"
domains; one is a major electrical retailer and the other an IT
consultancy company. Both are companies I do work for.

The bounced mail told my customers to write to a demon.net address to
have their domains "unblocked". They did that and copied the mails to
me (a little embarrassing but hey, these things happen). They received
no response and their mails to me continued to bounce.

I contacted the Demon helpdesk and was told that I should turn off
mail filtering on my account to stop this happening. I did that.

Now I'm receving about 2000 spam emails each day and my poor laptop
(not to mention me!) is finding it difficult to cope. Allthough, to be
fair, email from my customers are actually arriving among that lot -
if I can find them.

I went back to the helpdesk and told them about the new problem their
"solution" had created. They sent me a pages of detail about how to
configure the spam filter on Outlook - something I already knew. I
responded with a request for me to be able to receive email from the
two "legitimate" domains whilst still being able to use their mail
filter to block the majority of the spam. This was, after all, the
position I had been in (now) two weeks earlier.

They told me to send details of my problem to ***@demon.net. I did
that; waited a week and still got no reply.

I contacted the helpdesk again and they are now about to go back
around the same loop I started with them a month ago.

It's like groundhog day.

Does anyone know who I can talk to who can understand the problem and
help me make it go away?

JJ
Chris Marriott
2007-03-24 08:36:46 UTC
Permalink
"BWYSB" <***@gmail.com> wrote in message
news:***@e65g2000hsc.googlegroups.com...
> Does anyone know who I can talk to who can understand the problem and
> help me make it go away?

JJ,

I think the Demon spam blocking service is a bit of a "blunt instrument"
approach. I stopped using it for similar reasons to you - mail being wrongly
bounced.

I would recommend using a commercial spam filtering service - far better
than any free solution. I've used "Spamcop" (www.spamcop.net) for about 4
years now and been more than happy with their service. The way they work is
that you configure your account with them to collect e-mail by POP3 from
your Demon account, they filter it, and you then collect your filtered mail
from Spamcop's server. You have lots of options to set personal black lists,
white lists, block entire country domains (Nigeria, China, etc). Lots of
stuff. Costs US$35 a year and is worth every penny. The other nice thing
about them is that they have a truly excellent "Webmail" interface which is
great for handling your e-mail via a web browser "on the road".

I have no connection with Spamcop other than as an extremely satisfied
customer, I should add.

Cheers,

Chris
James Coupe
2007-03-24 09:24:06 UTC
Permalink
In message <eu2nur$lhk$1$***@news.demon.co.uk>, Chris Marriott
<***@nowhere.com> writes:
>I think the Demon spam blocking service is a bit of a "blunt instrument"
>approach. I stopped using it for similar reasons to you - mail being wrongly
>bounced.
>
>I would recommend using a commercial spam filtering service - far better
>than any free solution. I've used "Spamcop" (www.spamcop.net) for about 4
>years now and been more than happy with their service.

For my money, I have no ISP level spam filtering going on, but have:

- re-configured my rules so I only accept mail to known aliases
- run everything else through POPFile, which is a client side spam
filter which works pretty well for me.

The amount of spam I get has cut down *massively* since I added the
first part (though it can be annoying to have to remember to set up an
alias properly), and POPFile works well for me for the second part.

Though if I wanted a good webmail service too, I'd probably think about
Spamcop. But I can usually access my email from my home machine without
too much bother.

--
James Coupe
PGP Key: 0x5D623D5D YOU ARE IN ERROR.
EBD690ECD7A1FB457CA2 NO-ONE IS SCREAMING.
13D7E668C3695D623D5D THANK YOU FOR YOUR COOPERATION.
Steve Fitzgerald
2007-03-24 10:38:38 UTC
Permalink
In message <15uiE3F24OBGFwO$@gratiano.zephyr.org.uk>, James Coupe
<***@zephyr.org.uk> writes

>>I think the Demon spam blocking service is a bit of a "blunt instrument"
>>approach. I stopped using it for similar reasons to you - mail being wrongly
>>bounced.
>>
>>I would recommend using a commercial spam filtering service - far better
>>than any free solution. I've used "Spamcop" (www.spamcop.net) for about 4
>>years now and been more than happy with their service.
>
>For my money, I have no ISP level spam filtering going on, but have:
>
>- re-configured my rules so I only accept mail to known aliases
>- run everything else through POPFile, which is a client side spam
> filter which works pretty well for me.
>
>The amount of spam I get has cut down *massively* since I added the
>first part (though it can be annoying to have to remember to set up an
>alias properly), and POPFile works well for me for the second part.
>
>Though if I wanted a good webmail service too, I'd probably think about
>Spamcop. But I can usually access my email from my home machine without
>too much bother.

I was finding problems with Google groups and the Demon filters
rejecting messages so I turned it off.

K9 now works very well for me. I just have to have a quick scan of the
Spam folder every now and then to check for false positives (only 1 in 3
months of use). You do get a few false negatives, but that's only about
one or two a week.

And it's free (other than the voluntary donation!)
--
Steve Fitzgerald has now left the building.
You will find him in London's Docklands, E16, UK
(please use the reply to address for email)
Neil Jackson
2007-03-24 15:11:09 UTC
Permalink
"BWYSB" <***@gmail.com> wrote in message
news:***@e65g2000hsc.googlegroups.com...
<snip>
> Their mail server started bouncing emails to me from two "respectable"
> domains; one is a major electrical retailer and the other an IT
> consultancy company. Both are companies I do work for.
>
> The bounced mail told my customers to write to a demon.net address to
> have their domains "unblocked". They did that and copied the mails to
> me (a little embarrassing but hey, these things happen). They received
> no response and their mails to me continued to bounce.

Hi JJ

The other respondants on this topic have given you some valid solutions
for doing the spam-filtering 'at your end' - but personally, I don't
feel that's a complete solution either, and (depending on the software
you use) you may still find that email from these two errant domains is
being blocked anyway. It all depends on whether these two companies are
blacklisted in one of the common IP address lookup databases that many
antispam programs use.

Put it another way.. if these companies are both tied to either a common
set or specific group of static IP addresses, and these addresses are
in, say, the SORBS list, Spamhaus, Spamcop or any of a (huge) bunch of
realtime black-lists, then THAT is the central problem, really. Most
decent anti-spam software that you might install local will look up
incoming message-senders' IP addresses on one or more of those
blacklists - and if they find it, they block. It's that simple. It
doesn't matter how much 'heuristic analysis' and 'in-message
word-matching' the antispam software does AFTER that - the blacklist
lookup will remove the majority of the kek coming in, and the heuristics
catch and block the new arrivals on the spam scene which haven't yet
made it to a blacklisted IP address, or are (for example) coming via
hijacked PCs that aren't listed (yet). Belt AND Braces... and the
blacklist lookup is usually the belt - which gets tightened first,
before the braces go on!

So... to effectively solve the delivery problem, you need to look at WHY
emails from these two companies are being blocked at all. Are the
messages 'spammy'? Do they use those IP addresses for any solicited
advertising to non-customers? Are there any indications returned to the
companies concerned as to exactly why the messages are being blocked?
Have you checked the various blacklists to see if the IP addresses of
the mailservers of these two companies are listed?

If it turns out these domains ARE being blacklisted, you (or more
likely, they) will need to contact the organisers of those blacklists,
and get themselves removed - or their ability to email ANYONE will be
severely restricted. To get removed, they'll probably first have to
prove that they are no longer sending out spam, or providing an 'open
mail relay', or doing whatever it was that got them on the blacklist in
the first place. Quite often, companies don't realise they have been
hijacked or used as a spam-forwarder until they discover that email to
their customers won't go through (just like now) - and then they realise
this is because they've been blacklisted, and (after further
investigation) they finally discover to their horror the reason was
they've just (unwittingly) participated in a major spam run, or
something, because of a security problem their end, which has been
ruthlessly exploited by a spammer using tools to find vulnerable systems
like theirs!

So - check that aspect out first. If you can determine if this is
happening, focus on getting them removed from any blacklists, and their
'act' cleaned up. Then, you probably won't need any further antispam
tools at your side at all, and can go back to using the Demon-provided
solution.

If you're having difficulties determining things, pop back here with the
domain-names of the companies concerned, and if possible, the IP
addresses of the mailservers. We can then look them up at:
http://www.robtex.com/rbls.html and see whether any are blocked.

Hope this helps,


--
Neil Jackson
Chris Marriott
2007-03-24 18:41:59 UTC
Permalink
"Neil Jackson" <***@techno.spam-me-not.demon.co.uk> wrote in message
news:eu3f6o$gok$1$***@news.demon.co.uk...
> Put it another way.. if these companies are both tied to either a common
> set or specific group of static IP addresses, and these addresses are
> in, say, the SORBS list, Spamhaus, Spamcop or any of a (huge) bunch of
> realtime black-lists, then THAT is the central problem, really. Most
> decent anti-spam software that you might install local will look up
> incoming message-senders' IP addresses on one or more of those
> blacklists - and if they find it, they block. It's that simple.

What you say is of course true, but the benefit of a more sophisticated
anti-spam solution (such as Spamcop, which I use) is that it permits you to
add specific addresses, or entire domains, to your personal "white list".
These messages will then reach you even if they would otherwise have been
blocked by one of the standard "black lists".

Regards,

Chris
James J
2007-03-25 10:43:00 UTC
Permalink
Thanks to all of you who have taken the trouble to offer your
expertise.

I think everyone seems to agree that Demon's mail filtering "value-
add" should not be relied on and that I should make my own
arrangements.

For all the (excellent) reasons and explanations you've given I'm
convinced and am off now to investigate the possibilities starting, of
course, with the recommendations you've kindly offered.

I can't finish this without remarking on the huge difference between
the response from fellow travellers on this newsgroup who offer their
support voluntarily, without charge and in a manner that respects the
intellegence and that provided by the "professional" and paid for
helpdesk which left me feeling frustrated, patronised and unvalued.

Thanks again to all of you,

JJ
Neil Jackson
2007-03-25 14:10:07 UTC
Permalink
"James J" <***@gmail.com> wrote in message
news:***@p77g2000hsh.googlegroups.com...
> Thanks to all of you who have taken the trouble to offer your
> expertise.
>
> I think everyone seems to agree that Demon's mail filtering "value-
> add" should not be relied on and that I should make my own
> arrangements.


Not quite... I would not say that one shouldn't rely on Demon's
offering. It does its job reasonably well, and absolutely DOES reduce
the amount of incoming spam by a massive factor, with, on the face of
it, relatively few cases of 'false positives' stopping 'good' email
gettings through. In my personal experience, I have not yet had a single
PROVEABLE case of a 'good' email being bounced - certainly zero reports
from my many senders to inform me that something's been blocked when it
shouldn't.

However, I would say that even with Demon's solution, it would not hurt,
and is probably beneficial and wise to have your own solution in place
too, if you can. I have my mailserver running a version of SpamAssassin,
which acts to clean up the odd few that make it over Demon's wall when
they shouldn't. To be fair, SpamAssassin itself has made a few 'false
positives', so I don't delete-on-sight, merely 'file away' and check
regularly.

As Chris has said, whitelisting IS possible... but whitelisting only
works in the situations where you KNOW someone is going to email you IN
ADVANCE of them doing so! It does not eliminate the inconvenience of
having a perfectly legitimate but as yet unknown contact, client, or
friend's email bounced, for whatever reason, if they've not yet been
added to the whitelist. And sometimes, if you're receiving stuff from
strangers, or people that have just got a new email addresses, this is
unavoidable.

>
> For all the (excellent) reasons and explanations you've given I'm
> convinced and am off now to investigate the possibilities starting, of
> course, with the recommendations you've kindly offered.
>
> I can't finish this without remarking on the huge difference between
> the response from fellow travellers on this newsgroup who offer their
> support voluntarily, without charge and in a manner that respects the
> intellegence and that provided by the "professional" and paid for
> helpdesk which left me feeling frustrated, patronised and unvalued.
>
> Thanks again to all of you,

Glad to have tried, and hope to have helped!

I would STRONGLY urge again, that as well as investigating your own
situation vis-a-vis getting your own layer of anti-spam defences (which
is not a bad idea at all), that you ALSO further investigate the core
reason why your original correspondents got bounced at all.

That, in turn, may help THEM to escape from a situation that might be
affecting them a lot more widely than they realise. If they really have
been hijacked, or used in a spam operation without realising, or
compromised in some other way, it benefits no-one (least of all them) if
this situation is allowed to continue. Education is everything when it
comes to fighting spam, and you'll find that us 'fellow travellers' will
all agree on that, I think. Compromised companies with low levels of IT
awareness or protection are what give spammers high-bandwidth,
all-weekend-free, mass-mailing capabilities - imho, far more so than the
odd lame user at home with a trojan - because the home user often turns
off his machine for much of the day. Corporate mailserver hijacks can go
on uninterrupted for days... and we ALL get sent the crap that comes out
as a result.

Please - make an effort to have them checked out (at least in terms of
IP addresses and the blacklist lookup page I gave earlier), and satisfy
themselves and you that they're not still at risk. If you don't, and
they are still compromised, then in all seriousness, whitelist or no,
you'll probably still find communication with them will be hard in the
future, and your efforts at resolving the problem, will have come to
nought (though you will have installed a handy personal anti-spam wall
by then, at least!)

Regards
--
Neil Jackson
James J
2007-03-25 15:09:42 UTC
Permalink
On Mar 25, 3:10 pm, "Neil Jackson" <***@techno.spam-me-
not.demon.co.uk> wrote:
> "James J" <***@gmail.com> wrote in message
>
> news:***@p77g2000hsh.googlegroups.com...
>

> Please - make an effort to have them checked out (at least in terms of
> IP addresses and the blacklist lookup page I gave earlier),

Thanks Neil, I will do that when I'm next speaking to them. For
information, I've pasted the email the retailer got back when they
tried sending to me - something that worked for over six months and
then suddenly didn't. I've redacted the actual email addresses for
obvious reasons. They used the URL link in the email from Demon and
were presented with a form to complete which was submitted back
Demon's helpdesk . They heard nothing else.

My other client, the consultancy company, where it also happened a
couple weeks before this one, didn't send me what they got bounced
back.

JJ


From: Mail Delivery System [mailto:Mailer-***@bt.net]
Sent: 12 March 2007 09:53
To: ***@cxxxx.co.uk
Subject: Mail delivery failed: returning message to sender


This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es)
failed:

***@axxxxx.demon.co.uk
SMTP error from remote mailer after end of data:
host punt-1.mail.demon.net [194.217.242.248]:
550 Visit
http://www.demon.net/Scripts/fp.do?id=I28xgAamLDOYxcIPrm5CeJvi_pBC to
report
false positives

------ This is a copy of the message, including all the headers.
------

Return-path: <***@cxxxx.co.uk>
Received: from srv-man-smtp.electricals.co.uk ([62.172.105.9]
helo=comi-sis-sun-man-02.cxxxx.co.uk)
by insmtp21 with esmtp (Exim 4.50)
id 1HQhD1-0006TV-BK
for ***@axxxxx.demon.co.uk; Mon, 12 Mar 2007 09:52:51 +0000
Received: from comi-sis-sun-man-02.cxxxx.co.uk (localhost [127.0.0.1])
by localhost.cxxxx.co.uk (Postfix) with ESMTP id 128BD8DA0F
for <***@axxxxx.demon.co.uk>; Mon, 12 Mar 2007 10:06:11 +0000
(GMT)
Received: from ms01.cxxxx.co.uk (unknown [10.28.7.201])
by comi-sis-sun-man-02.cxxxx.co.uk (Postfix) with ESMTP id
C3DCE8DA0E
for <***@axxxxx.demon.co.uk>; Mon, 12 Mar 2007 10:06:10 +0000
(GMT)
Received: from ex01.cxxxx.co.uk (unverified) by ms01.cxxxx.co.uk
(Clearswift SMTPRS 5.1.4) with ESMTP id
<***@ms01.cxxxx.co.uk> for
<***@axxxxx.demon.co.uk>; Mon, 12 Mar 2007 10:07:49 +0000
Received: by EX01 with Internet Mail Service (5.5.2448.0) id
<Z3KSP8XG>;
Mon,
12 Mar 2007 10:07:49 -0000
Message-ID: <***@EX05>
From: "Hxxxx, pxxxxxx" <***@cxxxx.co.uk>
To: 'James J' <***@axxxxx.demon.co.uk>
Subject: RE: Message with attachments sent ...
Date: Mon, 12 Mar 2007 10:07:40 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Nothing received. We have just checked the mail filter and there is
nothing
waiting for me in the blocked items.......

Can you send it to my hotmail and I'll pick it up from there?
Neil Jackson
2007-03-26 16:49:03 UTC
Permalink
"James J" <***@gmail.com> wrote in message
news:***@p77g2000hsh.googlegroups.com...
> On Mar 25, 3:10 pm, "Neil Jackson" <***@techno.spam-me-
> not.demon.co.uk> wrote:
> > "James J" <***@gmail.com> wrote in message
> >
> > news:***@p77g2000hsh.googlegroups.com...
> >
>
> > Please - make an effort to have them checked out (at least in terms
of
> > IP addresses and the blacklist lookup page I gave earlier),
>
> Thanks Neil, I will do that when I'm next speaking to them.
<snip>

Hi again JJ

Obviously, I can't help all that much because you've (sensibly) obscured
the various SMTP mailservers en-route, but just in case it helps in the
approach to take, I've edited the email you included, so that the 'hops'
between servers are shown in sequential order (ie, the order they took
in real life), so you know what to be looking up (or what to tell them
to look up for themselves!)

Hop 1:
> Received: by EX01 with Internet Mail Service (5.5.2448.0) id
> <Z3KSP8XG>;
Nothing of any value at all recorded in that header-line. Not an
uncommon situation, given that this is probably the first point of
'injection' - ie, where the email left the person's machine and was
handed to the company mailserver. Might be advisable for them to at
least record the internal IP address of the sending workstation,
though - for their own backside-covering purposes later. It is possible
this is a trace from an internal SMTP daemon running ON that workstation
(ie, one step before the email was handed off to the company
mailserver - in which case, it's an internal 'shuffle-round', probably
via the local loopback address).

In any case, nothing to be gleaned from that, nor anything which can be
checked. Next...


Hop 2:
> Received: from ex01.cxxxx.co.uk (unverified) by ms01.cxxxx.co.uk
> (Clearswift SMTPRS 5.1.4) with ESMTP id
> <***@ms01.cxxxx.co.uk> for
> <***@axxxxx.demon.co.uk>; Mon, 12 Mar 2007 10:07:49 +0000

It would be advisable to do a DNS lookup on the first unedited
addresses: ex01.cxxxx.co.uk to determine the IP addresses of those
machines (assuming they are static, and world-routable... ). Then look
up the IP addresses up on the Multi-RBL website I mentioned in an
earlier message, just to ensure that mailserver isn't showing up on a
blacklist.

I would also usually check the second address above too
(ms01.cxxxx.co.uk) - but in this case, it's pointless (but we cannot
determine that until Hop 3 is examined). The IP address for
ms01.cxxxx.co.uk is shown (in Hop 3) as being 10.28.7.201, which is in
the privately-allocated 10.x.x.x netblock, so it's evident of an
internal NATed LAN address, or something (ie not directly reachable from
the outside world). As such, it shouldn't be a risk, and can't be
blocked by IP address anyway (at least, not on any sensible blacklist!)

Hop 3:
> Received: from ms01.cxxxx.co.uk (unknown [10.28.7.201])
> by comi-sis-sun-man-02.cxxxx.co.uk (Postfix) with ESMTP id
> C3DCE8DA0E
> for <***@axxxxx.demon.co.uk>; Mon, 12 Mar 2007 10:06:10 +0000
> (GMT)

Again, normally, one would do a DNS lookup the full second address (ie,
type: nslookup comi-sis-sun-man-02.cxxxx.co.uk into a Command Prompt
window) to get the IP address, and then check that IP against the
blacklists. My guess is that this machine would be some kind of
'corporate HQ' mailserver - ie, the first address was the workstation,
second address was the office mailserver, this third address is the
company-wide or country-wide corporate HQ's mailserver.

For ref (because I have worked out what company it is - see below), I
checked what I could of this address, but it cannot be made to resolve
properly in the DNS... whether this is relevant to why Demon bounced it
(ie because it failed a lookup), I cannot be sure. Doubt it, though.

Hop 4:
> Received: from comi-sis-sun-man-02.cxxxx.co.uk (localhost [127.0.0.1])
> by localhost.cxxxx.co.uk (Postfix) with ESMTP id 128BD8DA0F
> for <***@axxxxx.demon.co.uk>; Mon, 12 Mar 2007 10:06:11 +0000
> (GMT)

Can safely ignore this - looks like an internal 'shuffle round' on the
company HQ mailserver, from itself to itself, probably for purposes of
feeding it to some kind of spam-filtering process, would be my guess.

Hop 5:
> Received: from srv-man-smtp.electricals.co.uk ([62.172.105.9]
> helo=comi-sis-sun-man-02.cxxxx.co.uk)
> by insmtp21 with esmtp (Exim 4.50)
> id 1HQhD1-0006TV-BK
> for ***@axxxxx.demon.co.uk; Mon, 12 Mar 2007 09:52:51 +0000

Interesting... seems like this is ANOTHER internal-to-the-company
mailserver... so maybe the sequence was 'workstation, department,
mailserver, office location mailserver, corporate HQ mailserver'. Either
way, doesn't matter really. I've checked this last one
(srv-man-smtp.electricals.co.uk) on the blacklists, and it's clean. It's
also (inadvertantly) identified who the company was, but I won't say
anything other than 'We Live Electricals' <wink>

There are no further hops after Hop 5, because the Hop 6 that would've
been attempted would have been to Demon - and of course, we already know
that Demon took one look at the message, and bounced it back. Given the
textual content of the message, there's nothing particularly 'spammy'
about the phrase:

"Nothing received. We have just checked the mail filter and there is
nothing waiting for me in the blocked items......."

Of course, I am assuming there wasn't a 50K MIME attachment in the
signature which listed all the latest 'hot deals' from said retailer,
with a giant 'click here' button and a URL! They weren't shown in the
bounce, which appeared to be complete, so I doubt it!

So I can only imagine that Demon must've bounced by virtue of something
else - most likely of which is one of the IP addresses in one of those
other hops, failing a blacklist lookup check. Can't really think of
anything else - at least, not anything that's logical.

On the 'illogical' front, maybe Demon is bouncing stuff if it appears
there is a 'legal' domain-address in the headers, but which won't
resolve when looked up? As is the case with most of the headers in the
above message. T'would seem a dangerous call to make, and would result
in a LOT of bounces being generated needlessly, so I very much doubt it.

Hmm. Hope this helps. Be interested to find out what happens when you've
progressed this with Demon via James. If there IS something iffy about
Demon's rejection policy, I'd like to hear it, so I can prepare! Ta. My
money's on the retailer having narfled something up, though, tbh! ;-)

Regards
--
Neil Jackson
Network Abuse Team
2007-03-27 11:11:38 UTC
Permalink
In article <eu8tmo$mrn$1$***@news.demon.co.uk>, Neil Jackson
<***@techno.spam-me-not.demon.co.uk> writes
>Hmm. Hope this helps. Be interested to find out what happens when you've
>progressed this with Demon via James. If there IS something iffy about
>Demon's rejection policy, I'd like to hear it, so I can prepare! Ta. My
>money's on the retailer having narfled something up, though, tbh! ;-)

Nothing iffy (at least I don't think so); one of the sender's had
contacted us and we had resolved and replied to them, the other we
hadn't heard from at all. As far as I am aware the issue(s) are resolved
but if the senders get into any more problems they just follow the URL
in the error message.

--
James Hoddinott email: ***@demon.net
Network Abuse Team fax: 0870 051 9970
Demon Internet <URL:http://www.demon.net/helpdesk/aup/>
Neil Jackson
2007-03-28 12:58:49 UTC
Permalink
"Network Abuse Team" <***@demon.net> wrote in message
news:***@demon.net...
> In article <eu8tmo$mrn$1$***@news.demon.co.uk>, Neil Jackson
> <***@techno.spam-me-not.demon.co.uk> writes
>
> Nothing iffy (at least I don't think so); one of the sender's had
> contacted us and we had resolved and replied to them, the other we
> hadn't heard from at all. As far as I am aware the issue(s) are
resolved
> but if the senders get into any more problems they just follow the URL
> in the error message.

Good to hear, James. Thanks.

However, sad to report, it's happening to ME now! Just had notification
last night that at least two emails from the NASA Kennedy Space Center
news mailing-list have been bounced, with the usual 550 SMTP error and a
link to Demon. :(

Something ain't right with Clodbust, it would seem! I've been on that
NASA news list since, er, about 1993, and it's NEVER bounced before.
It's also one-way - only the official NASA bods can post - and I really
don't think they're likely to have started sending out emails for
willy-extensions or got themselves RBLed! ;-)

I have taken the liberty of reporting it using the Demon link (I doubt
NASA would have had the time), so hopefully it can be examined. I hope
that was okay, even though I'm not the actual sender.

Possibly some aspect of the heuristics in Clodbust is a little
over-zealous, maybe? Set phasers on stun, not kill, please Captain! ;-)

TTFN
--
Neil Jackson
Network Abuse Team
2007-03-28 14:00:15 UTC
Permalink
In article <eudp02$eme$1$***@news.demon.co.uk>, Neil Jackson
<***@techno.spam-me-not.demon.co.uk> writes
>However, sad to report, it's happening to ME now! Just had notification
>last night that at least two emails from the NASA Kennedy Space Center
>news mailing-list have been bounced, with the usual 550 SMTP error and a
>link to Demon. :(
>
>Something ain't right with Clodbust, it would seem! I've been on that
>NASA news list since, er, about 1993, and it's NEVER bounced before.
>It's also one-way - only the official NASA bods can post - and I really
>don't think they're likely to have started sending out emails for
>willy-extensions or got themselves RBLed! ;-)
>
>I have taken the liberty of reporting it using the Demon link (I doubt
>NASA would have had the time), so hopefully it can be examined. I hope
>that was okay, even though I'm not the actual sender.

Its being processed as part of our processes for such things. Of course,
it could be argued that a good mailing list admin would investigate why
their mails are failing, properly...

>Possibly some aspect of the heuristics in Clodbust is a little
>over-zealous, maybe? Set phasers on stun, not kill, please Captain! ;-)

Given that even if you filter spam locally you can get false positives,
it is not surprising that we get some at the network level. With the
volumes of mail that we have, attempting to come into our network, the
FP rates are pretty good, IMHO.

--
James Hoddinott email: ***@demon.net
Network Abuse Team fax: 0870 051 9970
Demon Internet <URL:http://www.demon.net/helpdesk/aup/>
Michael J Davis
2007-03-28 21:01:35 UTC
Permalink
In message <***@demon.net>, Network Abuse Team
<***@demon.net> writes
>In article <eudp02$eme$1$***@news.demon.co.uk>, Neil Jackson
><***@techno.spam-me-not.demon.co.uk> writes
>>However, sad to report, it's happening to ME now! Just had notification
>>last night that at least two emails from the NASA Kennedy Space Center
>>news mailing-list have been bounced, with the usual 550 SMTP error and a
>>link to Demon. :(
>>
>>Something ain't right with Clodbust, it would seem! I've been on that
>>NASA news list since, er, about 1993, and it's NEVER bounced before.
>>It's also one-way - only the official NASA bods can post - and I really
>>don't think they're likely to have started sending out emails for
>>willy-extensions or got themselves RBLed! ;-)
>>
>>I have taken the liberty of reporting it using the Demon link (I doubt
>>NASA would have had the time), so hopefully it can be examined. I hope
>>that was okay, even though I'm not the actual sender.
>
>Its being processed as part of our processes for such things. Of course,
>it could be argued that a good mailing list admin would investigate why
>their mails are failing, properly...
>
>>Possibly some aspect of the heuristics in Clodbust is a little
>>over-zealous, maybe? Set phasers on stun, not kill, please Captain! ;-)
>
>Given that even if you filter spam locally you can get false positives,
>it is not surprising that we get some at the network level. With the
>volumes of mail that we have, attempting to come into our network, the
>FP rates are pretty good, IMHO.

How do you know?

i.e. if you delete a message on its way to me, but it never gets here,
and I don't know, so don't tell you, well, er, how do you know?

(or have I completely misunderstood?)

Mike

[The reply-to address is valid for 30 days from this posting]
--
Michael J Davis
http://www.trustsof.demon.co.uk
<><
For this is what the Lord has said to me,
"Go and post a Watchman and let
him report what he sees." Isa 21:6
<><
Network Abuse Team
2007-03-29 07:42:03 UTC
Permalink
In article <yj+***@trustsof.demon.co.uk.invalid>, Michael J
Davis <?.?@trustsof.demon.co.uk> writes
>How do you know?
>
>i.e. if you delete a message on its way to me, but it never gets here, and I
>don't know, so don't tell you, well, er, how do you know?

We aren't deleting messages, merely issuing 550 responses to the
connecting server if we believe the message to be spam. That way, the
original sender will know if their mail failed to be delivered.

--
James Hoddinott email: ***@demon.net
Network Abuse Team fax: 0870 051 9970
Demon Internet <URL:http://www.demon.net/helpdesk/aup/>
Neil Jackson
2007-03-30 11:48:17 UTC
Permalink
Network Abuse Team wrote:
> In article <yj+***@trustsof.demon.co.uk.invalid>, Michael J
> Davis <?.?@trustsof.demon.co.uk> writes
>> How do you know?
>>
>> i.e. if you delete a message on its way to me, but it never gets
>> here, and I don't know, so don't tell you, well, er, how do you know?
>
> We aren't deleting messages, merely issuing 550 responses to the
> connecting server if we believe the message to be spam. That way, the
> original sender will know if their mail failed to be delivered.

Mike's original question still stands... though on a different leg! ;-)

If the senders of mail don't get in touch to report false positives,
then what record do you have of the level of bouncing going on? I would
suggest it's dangerous to base any sort of statistical analysis on 'the
number of people who (a) bothered to report (b) knew how to navigate the
Demon website upon reaching it, versus (c) those whose bounces went
unnoticed and (d) those who didn't have time/inclination/whatever to
report it.

For the record, speaking as one who's used it, the weblinks in the
550-STMP rejections are misleading. Click on the link (which because it
features a long unique code, gives the impression you'll be taken
straight to a comment-input box) and you get taken to a Demon FAQ page,
which looks (at first glance) totally generic and non-specific to the
issue at hand.

Of course, much further down, right at the bottom, is a comment-box
enabling input.

IMHO, that need to be at the TOP, and the page title should be clear
that you're visiting a submission-form/false positive report, not some
generic-looking FAQ page... otherwise half your busy mailing-list and
system admins are going to take one look at it and assume 'this is
bust', and move on. Demon haven't really thought much about the human
factors and ergonomics of this reporting system, have they?

And to be fair, James, given the massive numbers of subscribers on the
various NASA lists, I really doubt that they have the time to
investigate and report every one of their recipients' petty little
ISP-blackholes.

I run mailing-lists with about 20,000 users on them, and dealing with
the fallout (zillions of pointless auto-replies telling me John Doe is
out of the office; stupid 'press this button to release this message
from a holding-quarantine and send it on to user' manual-intervention
anti-spam systems; over-zealous spamwalls that just block and deny on a
whim, badly configured whitelists where you add yourself! LOL) is just
too much work. I'm afraid a degree of 'Darwinian Assessment' enters the
frame.

The resulting reasoning goes: If users are on ISPs that are so naff, or
their personal or corporate mail-clients/servers are set up so badly by
their own hand, then it's not the responsibility of the mailing-list
operator to progress that person's problem with their ISP. It's not what
we're paid to do, and we get no direct cost-benefit out of it, other
than (sometimes) being moaned at anyway by a subscriber that doesn't
understand that it's not 'us not sending to them', but instead, it's
their own fault, or their ISP's.

I can only imagine how ridiculous a task that would be for someone like
the Kennedy Space Center to control en masse, given that they probably
have MILLIONS of readers. If some stupid anti-spam system decides to
blacklist a list, simply because 'its bulk is rather bulky', then Darwin
says the anti-spam system fails the Natural Survival test, and must die!

Please, at least, look into improving the page where the false-pos
reporting link takes you to, and make it OBVIOUS it's a report-form...
right at the TOP of the page. Then maybe the 'gut feelings' about
false-positive levels might stand the test of time, imho.

Regards
--
Neil Jackson
Mike Henry
2007-03-30 14:24:59 UTC
Permalink
In <euitj2$952$1$***@news.demon.co.uk>, "Neil Jackson"
<***@techno.spam-me-not.demon.co.uk> wrote:

>I run mailing-lists with about 20,000 users on them, and dealing with
>the fallout (zillions of pointless auto-replies telling me John Doe is
>out of the office; stupid 'press this button to release this message
>from a holding-quarantine and send it on to user' manual-intervention
>anti-spam systems; over-zealous spamwalls that just block and deny on a
>whim, badly configured whitelists where you add yourself! LOL) is just
>too much work.

LOL indeed. It is unbelievable.

>I'm afraid a degree of 'Darwinian Assessment' enters the frame.

I particularly enjoyed reading this announcement, imagining the tone it
was written in and what had led up to it:

============
http://forum.toppy.org.uk/forum/viewtopic.php?p=66313
I'd like to remind site users that filtering your spam is YOUR job, not
ours.

[...]
There are no circumstances in which the admins of this site - or indeed
of many others - will take the time to click links, send extra emails or
otherwise respond to any challenge/authenticate methods just to get an
email to you. We will, instead, leave you in blissful ignorance, and if
your software carries on making demands of us, we may turn off
notifications to you or just delete your membership in extreme cases.
[...]
============
Neil Jackson
2007-03-31 14:07:28 UTC
Permalink
"Mike Henry" <{$mrtickle$}@nospam.demon.co.uk> wrote in message
news:***@4ax.com...
> I particularly enjoyed reading this announcement, imagining the tone
it
> was written in and what had led up to it:
>
> ============
> http://forum.toppy.org.uk/forum/viewtopic.php?p=66313
> I'd like to remind site users that filtering your spam is YOUR job,
not
> ours.
>
> [...]
> There are no circumstances in which the admins of this site - or
indeed
> of many others - will take the time to click links, send extra emails
or
> otherwise respond to any challenge/authenticate methods just to get an
> email to you. We will, instead, leave you in blissful ignorance, and
if
> your software carries on making demands of us, we may turn off
> notifications to you or just delete your membership in extreme cases.
> [...]
> ============


Classic! I SO wish I could write something like that on my mailing-lists
banners, but I fear the clients for whom I operate them would take a dim
view!

I dunno which is worse, actually... all the stupid, stupid, stupid Out
of Office Auto-Reply messages that come back and give me burglary
instructions (I'm out of my small one-person, sole trader business
office - I'm on holiday in Siberia for 2 weeks, so please come round and
rob me! Address in the signature)...

or...

the multifarious ways that STMP and spam-filter bounces (or simple
non-deliveries by dint of 'no mailbox' or 'mailbox full' are reported -
despite there being a rock-solid RFC that has existed since day three of
Genesis (or, if you're a Darwinian, since the day the first fish
walked), which defines them, and how to report them in emails, without
having to access attachments, double-secret lookup tables, or web-pages
located in Phuket...

or...

the dimbles who routinely ignore the prominent boilerplate in every
message that states: "this message is sent by an automated machine,
which is unnattended and cannot be used to communicate with XYZ
Organisation... instead use [email address enclosed and hotlinked]", and
then decide to send the mailing-list robot a long spiel about how they
need directions to the company (even though they're on the website,
complete with maps, which is linked to in the original feckin' email!).

Oh, the joys of modern day internet mail, eh? IMHO, there should be a
proficiency test, and a licence requirement, before people are allowed
to hook up. And perhaps even sterilisation for those that screw it up
consistently. But maybe that's just the effect of Godwin's Law creeping
in to my frustration. ;-)

TTFN
--
Neil Jackson
Andy
2007-03-31 15:22:11 UTC
Permalink
In message <eulq43$l0a$1$***@news.demon.co.uk>, Neil Jackson
<***@techno.spam-me-not.demon.co.uk> wrote

[wonderfully!]

>But maybe that's just the effect of Godwin's Law creeping
>in to my frustration. ;-)
>
Gresham?
--
Andy
For Austria & its philately, Lupus, & much else visit
<URL:http://www.kitzbuhel.demon.co.uk/>
Mike
2007-04-01 12:23:44 UTC
Permalink
In article <***@kitzbuhel.demon.co.uk>,
Andy <***@kitzbuhel.demon.co.uk> wrote:
>>But maybe that's just the effect of Godwin's Law creeping
>>in to my frustration. ;-)
>>
>Gresham?

What, "Follow the evidence"?

Oh no, wait ... that's Grissom's law.
--
--------------------------------------+------------------------------------
Mike Brown: mjb[at]pootle.demon.co.uk | http://www.pootle.demon.co.uk/
Pluto needs full planet status! http://www.cafepress.com/LeavePlutoIn
Andy
2007-04-02 08:54:15 UTC
Permalink
In message <euo88g$vkp$***@posie.local.dom>, Mike <***@posie.local.dom>
wrote
>In article <***@kitzbuhel.demon.co.uk>,
>Andy <***@kitzbuhel.demon.co.uk> wrote:
>>>But maybe that's just the effect of Godwin's Law creeping
>>>in to my frustration. ;-)
>>>
>>Gresham?
>
>What, "Follow the evidence"?
>
>Oh no, wait ... that's Grissom's law.

I was thinking about money: "the bad drives out the good".
--
Andy
For Austria & its philately, Lupus, & much else visit
<URL:http://www.kitzbuhel.demon.co.uk/>
Nicholas D. Richards
2007-04-02 13:33:35 UTC
Permalink
In article <***@kitzbuhel.demon.co.uk>, Andy
<***@kitzbuhel.demon.co.uk> writes
>In message <euo88g$vkp$***@posie.local.dom>, Mike <***@posie.local.dom>
>wrote
>>In article <***@kitzbuhel.demon.co.uk>,
>>Andy <***@kitzbuhel.demon.co.uk> wrote:
>>>>But maybe that's just the effect of Godwin's Law creeping
>>>>in to my frustration. ;-)
>>>>
>>>Gresham?
>>
>>What, "Follow the evidence"?
>>
>>Oh no, wait ... that's Grissom's law.
>
>I was thinking about money: "the bad drives out the good".

Yup, I still have some silver thruppenny pieces. They were definitely
driven out of circulation before the mint withdrew them.
--
Nicholas David Richards -

"Où sont les neiges d'antan?"
Neil Jackson
2007-04-04 18:46:50 UTC
Permalink
"Andy" <***@kitzbuhel.demon.co.uk> wrote in message
news:***@kitzbuhel.demon.co.uk...
> In message <euo88g$vkp$***@posie.local.dom>, Mike <***@posie.local.dom>
> wrote
> >In article <***@kitzbuhel.demon.co.uk>,
> >Andy <***@kitzbuhel.demon.co.uk> wrote:
> >>>But maybe that's just the effect of Godwin's Law creeping
> >>>in to my frustration. ;-)
> >>>
> >>Gresham?
> >
> >What, "Follow the evidence"?
> >
> >Oh no, wait ... that's Grissom's law.
>
> I was thinking about money: "the bad drives out the good".

Alas, I was thinking only of the muppets and munchkins whose
email-client (and sometimes server) settings mean that 'handling email'
on a large scale is not nearly so straightforward and enjoyable as it
used to be, back when the internet was all fields, and pretty much all
the SPAM came from one source - AOL - and we knew how to speak their
language to get it to stop. Ahh, those were the days...

And I was especially thinking what I'd like to do to these
aforementioned PEBCAK end-user morons, for messing up 'my' internet, so
to speak, and rendering SMTP a nightmare nowadays. I think I proposed
sterilisation, but only half-seriously. Had I been fully serious, I
probably would've invoked the H-word or the N-word, at which point,
Godwin's Law would've reached its expected outcome and been proved
true.

http://www.killfile.org/~tskirvin/faqs/godwin.html

Mentioned it once...think I got away with it, though...;-)
--
Neil Jackson
Michael J Davis
2007-03-30 16:19:55 UTC
Permalink
In message <euitj2$952$1$***@news.demon.co.uk>, Neil Jackson
<***@techno.spam-me-not.demon.co.uk> writes
>Network Abuse Team wrote:
>> In article <yj+***@trustsof.demon.co.uk.invalid>, Michael J
>> Davis <?.?@trustsof.demon.co.uk> writes
>>> How do you know?
>>>
>>> i.e. if you delete a message on its way to me, but it never gets
>>> here, and I don't know, so don't tell you, well, er, how do you know?
>>
>> We aren't deleting messages, merely issuing 550 responses to the
>> connecting server if we believe the message to be spam. That way, the
>> original sender will know if their mail failed to be delivered.
>
>Mike's original question still stands... though on a different leg! ;-)

Yes, I did think that with the response, but couldn't be bothered to
keep up the argument....

[snip]
>
>Please, at least, look into improving the page where the false-pos
>reporting link takes you to, and make it OBVIOUS it's a report-form...
>right at the TOP of the page. Then maybe the 'gut feelings' about
>false-positive levels might stand the test of time, imho.

An excellent point. The only time I tried to report a false positive I
felt that I'd been routed to the wrong page, and gave up. Maybe that
explains it!

Mike

[The reply-to address is valid for 30 days from this posting]
--
Michael J Davis
http://www.trustsof.demon.co.uk
<><
For this is what the Lord has said to me,
"Go and post a Watchman and let
him report what he sees." Isa 21:6
<><
David Woolley
2007-03-30 20:07:12 UTC
Permalink
In article <euitj2$952$1$***@news.demon.co.uk>,
Neil Jackson <***@techno.spam-me-not.demon.co.uk> wrote:

> bust', and move on. Demon haven't really thought much about the human
> factors and ergonomics of this reporting system, have they?

I haven't looked, but I suspect they have thought about it. The
page is probably designed to minimise false positives by forcing
people to eliminate them themselves. Of course, faced with competent
users, this will produce false negatives!

I've noticed this tactic on several big company sites.
Neil Jackson
2007-03-31 13:56:59 UTC
Permalink
"David Woolley" <***@djwhome.demon.co.uk> wrote in message
news:***@djwhome.demon.co.uk...
> In article <euitj2$952$1$***@news.demon.co.uk>,
> Neil Jackson <***@techno.spam-me-not.demon.co.uk> wrote:
>
> > bust', and move on. Demon haven't really thought much about the
human
> > factors and ergonomics of this reporting system, have they?
>
> I haven't looked, but I suspect they have thought about it. The
> page is probably designed to minimise false positives by forcing
> people to eliminate them themselves. Of course, faced with competent
> users, this will produce false negatives!
>
> I've noticed this tactic on several big company sites.

Ah, yes - Good point, David.

I should've said: "Demon haven't really thought much about ENSURING the
human factors and ergonomics of this reporting system DON'T
INCONVENIENCE THEIR CUSTOMERS AND USERS UNECESSARILY, have they?"

I keep forgetting that all big companies these days seem hell bent on
ensuring that their workloads are minimised while profits maximised, to
the detriment of actually providing services that work reliably and do
what the customer paid for.

You are probably quite right... Demon, like most others, will almost
certainly have closely studied the ergonomics precisely enough to ensure
that only the really sharp-witted, aware, and cynical b*st**ds like
myself, actually make it through the process and get the opportunity to
bend the stats towards the 'hmm, this Clodmark ain't so hot' end of the
meter.

Everyone else just gets confused, gives up, and thus the Thus stats
which are bandied about the board-room to support payment of Clodmuck's
fees, are kept clean and rosy! ;-)
--
Neil Jackson
Jim O'Reilly
2007-03-28 16:35:08 UTC
Permalink
In article <eudp02$eme$1$***@news.demon.co.uk>, Neil Jackson
<***@techno.spam-me-not.demon.co.uk> writes
>
>"Network Abuse Team" <***@demon.net> wrote in message
>news:***@demon.net...
>> In article <eu8tmo$mrn$1$***@news.demon.co.uk>, Neil Jackson
>> <***@techno.spam-me-not.demon.co.uk> writes
>>
>> Nothing iffy (at least I don't think so); one of the sender's had
>> contacted us and we had resolved and replied to them, the other we
>> hadn't heard from at all. As far as I am aware the issue(s) are
>resolved
>> but if the senders get into any more problems they just follow the URL
>> in the error message.
>
>Good to hear, James. Thanks.
>
>However, sad to report, it's happening to ME now! Just had notification
>last night that at least two emails from the NASA Kennedy Space Center
>news mailing-list have been bounced, with the usual 550 SMTP error and a
>link to Demon. :(
>
>Something ain't right with Clodbust, it would seem! I've been on that
>NASA news list since, er, about 1993, and it's NEVER bounced before.
>It's also one-way - only the official NASA bods can post - and I really
>don't think they're likely to have started sending out emails for
>willy-extensions or got themselves RBLed! ;-)
>
>I have taken the liberty of reporting it using the Demon link (I doubt
>NASA would have had the time), so hopefully it can be examined. I hope
>that was okay, even though I'm not the actual sender.
>
>Possibly some aspect of the heuristics in Clodbust is a little
>over-zealous, maybe? Set phasers on stun, not kill, please Captain! ;-)
>
>TTFN
>--
>Neil Jackson
>
>Same here,Nasa have told me mail is being bounced and told me they'll
remove me from the list if it does'nt stop.Please Demon sort this out
before they remove me.

--
Jim O'Reilly

--
Posted via a free Usenet account from http://www.teranews.com
Network Abuse Team
2007-03-26 07:42:03 UTC
Permalink
In article <***@e65g2000hsc.googlegroups.com>, BWYSB
<***@gmail.com> writes
>The bounced mail told my customers to write to a demon.net address to
>have their domains "unblocked". They did that and copied the mails to
>me (a little embarrassing but hey, these things happen). They received
>no response and their mails to me continued to bounce.

Really? That would be surprising, given that I have responded to
everyone who reported a false positive to us. Do you know what domain(s)
they were mailing from?

If they are still having problems then they should definitely fill in
the newer form (it now includes a unique code to identify the mail that
was rejected) and it can be escalated.

[...]
>They told me to send details of my problem to ***@demon.net. I did
>that; waited a week and still got no reply.

Even more surprising! What ticket number did you receive, and which
address did you mail from?

--
James Hoddinott email: ***@demon.net
Network Abuse Team fax: 0870 051 9970
Demon Internet <URL:http://www.demon.net/helpdesk/aup/>
Tim Willets
2007-03-26 23:23:41 UTC
Permalink
In message <***@demon.net>, Network Abuse Team
<***@demon.net> writes
>In article <***@e65g2000hsc.googlegroups.com>, BWYSB
><***@gmail.com> writes
>>The bounced mail told my customers to write to a demon.net address to
>>have their domains "unblocked". They did that and copied the mails to
>>me (a little embarrassing but hey, these things happen). They received
>>no response and their mails to me continued to bounce.
>
>Really? That would be surprising, given that I have responded to
>everyone who reported a false positive to us. Do you know what domain(s)
>they were mailing from?
>
>If they are still having problems then they should definitely fill in
>the newer form (it now includes a unique code to identify the mail that
>was rejected) and it can be escalated.

Not only is something bouncing all mail to here from hse.gsi.gov.uk for
unknown reasons (started happening last Thursday, about a dozen emails
so far) but the URL in the bounce message doesn't work (at least, not
when tried from within hse.gsi.gov.uk). IE announces the page is not
available (even though it is when checked from a Demon account).
***@demon notified on Friday (Demon's website appears to suggest
they have responsibility for sorting this out), no response as yet. I
have no way of knowing about other mail it may have mis-identified as
UBE where the sender hasn't told me it's bounced, so as far as I can see
this may be the tip of a very large iceberg.

I'm very wary of third-party mail filters with parameters I can't
control, but Brightmail did appear to work quite effectively. Unlike
it's replacement. Still, if Thus/Demon don't mind storing a few hundred
to maybe 2,000 UBEs a day so I can then reject them at this end I don't
mind switching filtering off and advising other Demon customers I know
to do the same.
--
Tim Willets
Network Abuse Team
2007-03-27 11:09:42 UTC
Permalink
In article <***@redowa.co.uk>, Tim Willets
<***@redowa.co.uk> writes
>Not only is something bouncing all mail to here from hse.gsi.gov.uk for unknown
>reasons (started happening last Thursday, about a dozen emails so far) but the
>URL in the bounce message doesn't work (at least, not when tried from within
>hse.gsi.gov.uk). IE announces the page is not available (even though it is when
>checked from a Demon account). ***@demon notified on Friday (Demon's
>website appears to suggest they have responsibility for sorting this out), no
>response as yet. I have no way of knowing about other mail it may have mis-
>identified as UBE where the sender hasn't told me it's bounced, so as far as I
>can see this may be the tip of a very large iceberg.

So you *are* getting bounces? Could you provide us with this data
(either here or to ***@demon.net)?

--
James Hoddinott email: ***@demon.net
Network Abuse Team fax: 0870 051 9970
Demon Internet <URL:http://www.demon.net/helpdesk/aup/>
Tim Willets
2007-03-27 12:38:59 UTC
Permalink
In message <***@demon.net>, Network Abuse Team
<***@demon.net> writes
>In article <***@redowa.co.uk>, Tim Willets
><***@redowa.co.uk> writes
>>Not only is something bouncing all mail to here from hse.gsi.gov.uk
>>for unknown
>>reasons (started happening last Thursday, about a dozen emails so far)

>So you *are* getting bounces?

Well I'm not, but the person sending the email is :-)

> Could you provide us with this data
>(either here or to ***@demon.net)?

I'll try and get copies of the bounce messages and forward them on (they
contain all the relevant header info of course). I'm not sure whether I
can provide the content as well, but I will if I can.
--
Tim Willets
Tim Willets
2007-03-29 02:40:52 UTC
Permalink
In message <***@demon.net>, Network Abuse Team
<***@demon.net> writes
>In article <***@redowa.co.uk>, Tim Willets
><***@redowa.co.uk> writes
>>Not only is something bouncing all mail to here from hse.gsi.gov.uk
>>for unknown
>>reasons (started happening last Thursday, about a dozen emails so far)

>
>So you *are* getting bounces? Could you provide us with this data
>(either here or to ***@demon.net)?
>

Sorry about the delay. Copies of some of the bounce messages follows.
Sorry about the =20's here and there, but that's what Outlook seems to
want to do, and there's no way to stop it.

From: Mail Delivery System
[mailto:Mailer-***@sov-mail-b0021.gradwell.net]
Sent: 26 March 2007 18:53
To: Jan Willets
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a
permanent error. The following address(es) failed:

***@willets.demon.co.uk
Host punt-2.mail.demon.net [194.217.242.75]:25 rejected message
after data was sent:
550 Visit
http://www.demon.net/Scripts/fp.do?id=eBFPIarSRRfVRJ5l9I574coQI0B, to
report false positives

------ This is a copy of the message, including all the headers. ------
Received: from mail39.messagelabs.com ([193.109.254.243] country=GB)
by sov-mail-b0021.gradwell.net with smtp (Gradwell gwh-smtpd
1.243) id 46080861.2ae0.7
for ***@redowa.co.uk; Mon, 26 Mar 2007 18:52:33 +0100
(envelope-sender <***@hse.gsi.gov.uk>)
X-VirusChecked: Checked
X-Env-Sender: ***@hse.gsi.gov.uk
X-Msg-Ref: server-18.tower-39.messagelabs.com!1174931552!16428925!1
X-StarScan-Version: 5.5.10.7.1; banners=hse.gsi.gov.uk,-,-
X-Originating-IP: [62.25.106.208]
Received: (qmail 4211 invoked from network); 26 Mar 2007 17:52:32 -0000
Received: from gateway-102.energis.gsi.gov.uk (HELO
mx.hosting-w.gsi.gov.uk) (62.25.106.208)
by server-18.tower-39.messagelabs.com with SMTP; 26 Mar 2007 17:52:32
-0000
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----_=_NextPart_001_01C76FCF.CE98B972"
Subject: FW: Emailing: West District IOSH Meeting
Date: Mon, 26 Mar 2007 18:54:19 +0100
Message-ID: <***@MXVS1.hse.int>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: Emailing: West District IOSH Meeting
Thread-Index: AcdvhZufLn/jJzlDS3K45F8qLLNWFwASiajg
From: <***@hse.gsi.gov.uk>
To: <***@redowa.co.uk>
X-OriginalArrivalTime: 26 Mar 2007 17:54:32.0496 (UTC)
FILETIME=[CEFD2B00:01C76FCF]

This is a multi-part message in MIME format.

------_=_NextPart_001_01C76FCF.CE98B972
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

=20


Jan=20Willets
Manufacturing=20Sector
1,=20Hagley=20Road,=20Birmingham
0121=20607=206245

-----Original=20Message-----
From:=20Jan=20Willets=20
Sent:=2026=20March=202007=2010:03
To:=20'***@redowa.co.uk'
Subject:=20FW:=20Emailing:=20West=20District=20IOSH=20Meeting


*************************************************************************
*********************
Please Note: Incoming and Outgoing E-mail messages are routinely
monitored for compliance with
our policy on the use of electronic communications.

Interested in Occupational Health & Safety information? Please visit the
HSE website at the
following address to keep yourself up to date

www.hse.gov.uk

Or contact HSE Infoline on 0845 345 0055 or email
***@natbrit.com

*************************************************************************
*********************


The original of this email was scanned for viruses by Government Secure
Intranet (GSi) virus
scanning service supplied exclusively by Cable & Wireless in partnership
with MessageLabs. On
leaving the GSI this email was certified virus free. The MessageLabs
Anti Virus Service is the first
managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate
Number
2006/04/0007), the UK Government quality mark initiative for information
security products and
services. For more information about this please visit
www.cctmark.gov.uk




From: Mail Delivery System
[mailto:Mailer-***@sov-mail-b0024.gradwell.net]
Sent: 26 March 2007 18:51
To: Jan Willets
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a
permanent error. The following address(es) failed:

***@willets.demon.co.uk
Host punt-2.mail.demon.net [194.217.242.248]:25 rejected message
after data was sent:
550 Visit
http://www.demon.net/Scripts/fp.do?id=lzxim0yiryyTk52wMHFuPM8nzzzu to
report false positives

------ This is a copy of the message, including all the headers. ------
Received: from mail39.messagelabs.com ([193.109.254.243] country=GB)
by sov-mail-b0024.gradwell.net with smtp (Gradwell gwh-smtpd
1.243) id 460807f8.4c9.b
for ***@redowa.co.uk; Mon, 26 Mar 2007 18:50:48 +0100
(envelope-sender <***@hse.gsi.gov.uk>)
X-VirusChecked: Checked
X-Env-Sender: ***@hse.gsi.gov.uk
X-Msg-Ref: server-21.tower-39.messagelabs.com!1174931429!18872974!1
X-StarScan-Version: 5.5.10.7.1; banners=hse.gsi.gov.uk,-,-
X-Originating-IP: [195.92.40.48]
Received: (qmail 15281 invoked from network); 26 Mar 2007 17:50:29 -0000
Received: from gateway-201.energis.gsi.gov.uk (HELO
mx.hosting-e.gsi.gov.uk) (195.92.40.48)
by server-21.tower-39.messagelabs.com with SMTP; 26 Mar 2007 17:50:29
-0000
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C76FCF.8560602C"
Subject: FW: Test
Date: Mon, 26 Mar 2007 18:52:23 +0100
Message-ID: <***@MXVS1.hse.int>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Test
Thread-Index: Acdvimj9oqwNEw3DRr67HoM9shjeuQARROBg
From: <***@hse.gsi.gov.uk>
To: <***@redowa.co.uk>
X-OriginalArrivalTime: 26 Mar 2007 17:52:29.0713 (UTC)
FILETIME=[85CDF810:01C76FCF]

This is a multi-part message in MIME format.

------_=_NextPart_001_01C76FCF.8560602C
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

=20
=20
Jan=20Willets
Manufacturing=20Sector
1,=20Hagley=20Road,=20Birmingham
0121=20607=206245
=20

________________________________

From:=20Jan=20Willets=20
Sent:=2026=20March=202007=2010:38
To:=20'***@redowa.co.uk'



*************************************************************************
*********************
Please Note: Incoming and Outgoing E-mail messages are routinely
monitored for compliance with
our policy on the use of electronic communications.

Interested in Occupational Health & Safety information? Please visit the
HSE website at the
following address to keep yourself up to date

www.hse.gov.uk

Or contact HSE Infoline on 0845 345 0055 or email
***@natbrit.com

*************************************************************************
*********************


The original of this email was scanned for viruses by Government Secure
Intranet (GSi) virus
scanning service supplied exclusively by Cable & Wireless in partnership
with MessageLabs. On
leaving the GSI this email was certified virus free. The MessageLabs
Anti Virus Service is the first
managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate
Number
2006/04/0007), the UK Government quality mark initiative for information
security products and
services. For more information about this please visit
www.cctmark.gov.uk


From: Mail Delivery System
[mailto:Mailer-***@sov-mail-b0021.gradwell.net]
Sent: 26 March 2007 18:50
To: Jan Willets
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a
permanent error. The following address(es) failed:

***@willets.demon.co.uk
Host punt-2.mail.demon.net [194.217.242.75]:25 rejected message
after data was sent:
550 Visit
http://www.demon.net/Scripts/fp.do?id=MYJ9AoeUrXynkJ2I4wFBrg7Sz_zB to
report false positives

------ This is a copy of the message, including all the headers. ------
Received: from mail67.messagelabs.com ([193.109.254.83] country=GB)
by sov-mail-b0021.gradwell.net with smtp (Gradwell gwh-smtpd
1.243) id 460807e0.2a7e.4
for ***@redowa.co.uk; Mon, 26 Mar 2007 18:50:24 +0100
(envelope-sender <***@hse.gsi.gov.uk>)
X-VirusChecked: Checked
X-Env-Sender: ***@hse.gsi.gov.uk
X-Msg-Ref: server-2.tower-67.messagelabs.com!1174931423!16728653!1
X-StarScan-Version: 5.5.10.7.1; banners=hse.gsi.gov.uk,-,-
X-Originating-IP: [195.92.40.48]
Received: (qmail 14395 invoked from network); 26 Mar 2007 17:50:23 -0000
Received: from gateway-201.energis.gsi.gov.uk (HELO
mx.hosting-e.gsi.gov.uk) (195.92.40.48)
by server-2.tower-67.messagelabs.com with SMTP; 26 Mar 2007 17:50:23
-0000
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C76FCF.816655B9"
Subject: FW: EUROHSE 2007 Conference - Spring into OSH
Date: Mon, 26 Mar 2007 18:52:00 +0100
Message-ID: <***@MXVS1.hse.int>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: EUROHSE 2007 Conference - Spring into OSH
Thread-Index: Acdvoj/xjeM6omXpR2mxcltP5egPXQABO8HQAAoOhmA=
From: <***@hse.gsi.gov.uk>
To: <***@redowa.co.uk>
X-OriginalArrivalTime: 26 Mar 2007 17:52:23.0010 (UTC)
FILETIME=[81CF2C20:01C76FCF]

This is a multi-part message in MIME format.

------_=_NextPart_001_01C76FCF.816655B9
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

=20
=20
Jan=20Willets
Manufacturing=20Sector
1,=20Hagley=20Road,=20Birmingham
0121=20607=206245
=20

________________________________

From:=20Jan=20Willets=20
Sent:=2026=20March=202007=2014:04
To:=20'***@redowa.co.uk'


*************************************************************************
*********************
Please Note: Incoming and Outgoing E-mail messages are routinely
monitored for compliance with
our policy on the use of electronic communications.

Interested in Occupational Health & Safety information? Please visit the
HSE website at the
following address to keep yourself up to date

www.hse.gov.uk

Or contact HSE Infoline on 0845 345 0055 or email
***@natbrit.com

*************************************************************************
*********************


The original of this email was scanned for viruses by Government Secure
Intranet (GSi) virus
scanning service supplied exclusively by Cable & Wireless in partnership
with MessageLabs. On
leaving the GSI this email was certified virus free. The MessageLabs
Anti Virus Service is the first
managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate
Number
2006/04/0007), the UK Government quality mark initiative for information
security products and
services. For more information about this please visit
www.cctmark.gov.uk


--
Tim Willets
Network Abuse Team
2007-03-30 07:36:08 UTC
Permalink
In article <***@redowa.co.uk>, Tim Willets
<***@redowa.co.uk> writes
>Sorry about the delay. Copies of some of the bounce messages follows. Sorry
>about the =20's here and there, but that's what Outlook seems to want to do, and
>there's no way to stop it.
>
>From: Mail Delivery System
>[mailto:Mailer-***@sov-mail-b0021.gradwell.net]
>Sent: 26 March 2007 18:53
>To: Jan Willets
>Subject: Mail delivery failed: returning message to sender
>
>This message was created automatically by mail delivery software.
>
>A message that you sent could not be delivered to one or more of its
>recipients. This is a
>permanent error. The following address(es) failed:
>
> ***@willets.demon.co.uk
> Host punt-2.mail.demon.net [194.217.242.75]:25 rejected message
>after data was sent:
> 550 Visit
>http://www.demon.net/Scripts/fp.do?id=eBFPIarSRRfVRJ5l9I574coQI0B, to report
>false positives

This should now be resolved (all 3 relate to the same issue).

--
James Hoddinott email: ***@demon.net
Network Abuse Team fax: 0870 051 9970
Demon Internet <URL:http://www.demon.net/helpdesk/aup/>
Neil Jackson
2007-03-30 11:49:33 UTC
Permalink
Network Abuse Team wrote:
> This should now be resolved (all 3 relate to the same issue).

Which was?


--
Neil Jackson
Scott Millar
2007-03-26 09:08:22 UTC
Permalink
> Does anyone know who I can talk to who can understand the problem and
> help me make it go away?
>
> JJ
>

Use another ISP.
Neil Jackson
2007-03-26 16:03:00 UTC
Permalink
"Scott Millar" <***@spam.com> wrote in message
news:eu82ic$lp5$1$***@news.demon.co.uk...
>
> > Does anyone know who I can talk to who can understand the problem
and
> > help me make it go away?
> >
> > JJ
> >
>
> Use another ISP.

<SARCASM>
Yeah, one that hasn't got a diligent bloke like James working in their
Network Abuse Dept, trawling USENET posts and ensuring that important
customer reported incidents don't go astray, and instead making sure
they actually get dealt with, by whatever means necessary.
</SARCASM>

Right.. like BT, or AOL or any one of the 'big boy ISPs' is ever going
to do anything remotely as personal as that. As if...
Continue reading on narkive:
Loading...