Unusual Email To: Line Addresses

gjohn · 16 Jun 2016, 10:54 AM

Approximately 2 months ago I began receiving some unusual To: line email addresses coming from a particular site. These addresses do not show up from any other emailer. The email content is legitimate. It is simply the email address on the To: line that is unusual. This began after I suggested the name being associated with my legitimate email address was wrong. My email had been entered into a record of a member of a club that had the same last name. Instead of the simple change being made it appears someone attached my full name denoted by FULLNAME, to some illegitimate prodigy.net email addresses. I have never had a prodigy.net email address. In addition to these prodigy email addresses there is my valid email address, myemail@sbcglobal.net, but with a “JR.” for the name. I am a junior. Below are some typical email addresses. There have been 7 so far.

FULLNAME@nlpi162.prodigy.net
FULLNAME@flph395.prodigy.net
FULLNAME@nlpi180.prodigy.net
FULLNAME@nlpi184.prodigy.net

Below is a header analysis and then the header. The provider suggested the effect is somehow AT&T's problem. AT&T says the emails are SPAM. They are certainly not SPAM in the conventional sense because I know the source and they contain club information. Someone has questioned how the sender knows which server to put in the prodigy email address ahead of time. Does anyone know?

MessageId
1465403150390.14646264.18877059.4271...eonline-e3.com
Created at: 6/8/2016, 11:25:57 AM6/8/2016, 11:25:57 AM ( Delivered after 66 sec )
From: CLUBNAME <club@etex.net>
To: FULLNAME@nlpi169.prodigy.net, JR. <myemail@sbcglobal.net>
Subject: CLUBNAME Update 6-8-16
DKIM: permerror

# Delay From* To* Protocol Time received
0 65 sec mail01.mailer.clubhouseonline-e3.com → nlpi169.prodigy.net ESMTP 6/8/2016, 11:27:02 AM6/8/2016, 11:27:02 AM

1 1 sec 216.24.225.125 → mta1195.sbc.mail.bf1.yahoo.com SMTP 6/8/2016, 11:27:03 AM6/8/2016, 11:27:03 AM

From: 45 2016 <>
X-Account-Key: account6
X-UIDL: AG52w0MAFvv+V1hHWAKzaHTvj04
X-Mozilla-Status: 1001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: myemail@sbcglobal.net; Wed, 08 Jun 2016 16:27:03 +0000
Received-SPF: pass (domain of mailer.clubhouseonline-e3.com designates 216.24.225.125 as permitted sender)
X-YMailISG: vuMRW.8WLDuXcFvowgOy397Bdhd4gkMwB5EA_eK46T0h1AZL g3X6M4ad4yr4GiFrsAdxlNAOZJDZlABo0Zyx3buO1jDfQ_1iZqhsjUAlpl97 ZG86IGQcUTexnuP_EXZac9zn7mS5a7gDEauUG_bwyIFSk8FrD7oGph0PTa8v dZy72qzfgTBt7DjlTjpqpkQ8aQ9oo9gqqpftYJ_vgOAQzUblMQl3KenLh14V KQMKbZhIQPXbwUTt5yw.ldr66rymlVCjr8TBwu9Z.LvLmp96QGSe0kXHLZfe D1zXK6eT2GgF7DhUMHpSFpPtYkq8ZGX5Vrb7ZVO6XAvjnWEBeHu2xYbpD62d T8m40B4cSgNvgBq8c.fjcww6LVxVn8Q.gsgZ2UnXL5vm89nHlkK.Pr7mhB22 vRkUqJzSyB72t3pTakLlmlbDj_dTybmHowmFbgNj8E77V9fHyUsOcloDvew_ yCWggfBz2OXqkXpgQdgtQRPnmtmkXlquEhTCXhghRhpzbISdIM6GvR4D8n_U 9pa4i1OJunHIRKt1gDudRnC9ZeNoNumRGGSo9REen7zdDtNKNtm0qN4kHZ1S CHKQzAjBdh3CzQz3Fy0n2WDjY7McINtkPoYcDt8BM6riyNwzthKAMo6srJIX LU7HmekH5qIliJqVGkkZ2xPe2orBqZBcyEYAziwZCBClJYblsdMj0f.IY7LB K23s_6mpkKenboEb3M8NZOqMf8LBDc1.LJRy96JRRb6yGIr2HaO3dcMKREbK FRhGK4J5b7IuhOamM9jLmIVtOvaOiDtw2gSEcw1uKPnqz6hNvDkMoDPiT033 MltBwq15H3pj8O1fc2ggalYe.rMx0xoVG300ltK3YVpvZcG3tdd1qFkljVwd PlmgdqXYi_r.Cidoh1fxJem8dc9Zxbsr1_rubYixURNP7oikLnMwt1dyUdFk WuMEzjBcMttO.phtPiI5xim4elxb3wWo59ymeWJ6CLGdxXH0Y2cDlXu8w3fF v7AOGFbt8s8MxSFxUkWxBe.yysycxYVBpsFQPRG2lRwK9z54tLWc7b3wxECP LVBJ0I_5OlGWzWOwwS6GJzmgrFaWEHiGkUKHjZx4v5exg.OHVOEoZBnMdkj8 dv7HbIbMc7NXvVibYCaNBpdoIsor2sHASRZ1hGtypSVAYmM7g_v_dnqebZwJ 3_2lHAvFG67wrB7fYcExABBQhEyXEm3rIozny1byhCXrN.mGesCBIktWmb1c zcu0EVnT4Qt8rg5fkg3KfbTvxPq0yIRn7PnJXf5egj.0zRGTlv6Uh5X.HtOp KspyJFmUZckKS0H7TLDidVZFOPr28k.A9ZKF2Pbw.ckrZAOUAuVKSd1XYwwf nr_p.2z1jpWPpf0fZg2GeoGkXhQqP_B7tWjpdvwi0aQDFbLknMbbGsxrizxE cqTxAD4D5htR9L0VAWLwN4xoYQxsSil79FLN6f592kBvlt_ecJlUwYif.nVx HA--
X-Originating-IP: [216.24.225.125]
Authentication-Results: mta1195.sbc.mail.bf1.yahoo.com from=etex.net; domainkeys=neutral (no sig); from=cmpgnr.com; dkim=permerror (bad sig)
Received: from 216.24.225.125 (EHLO nlpi169.prodigy.net) (207.115.36.41) by mta1195.sbc.mail.bf1.yahoo.com with SMTP; Wed, 08 Jun 2016 16:27:03 +0000
X-Originating-IP: [216.24.225.125]
Received: from mail01.mailer.clubhouseonline-e3.com (mail01.mailer.clubhouseonline-e3.com [216.24.225.125]) by nlpi169.prodigy.net (8.14.4 IN nd2 TLS/8.14.4) with ESMTP id u58GQxop022418 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <myemail@sbcglobal.net>; Wed, 8 Jun 2016 11:27:02 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=em; d=mailer.clubhouseonline-e3.com; h=Message-ID

ate:List-Unsubscribe:Subject:To:From:Reply-To:MIME-Version:Content-Type; bh=TqFV5tRhRotctVqPXYXXupH7XMY=; b=Y+Ih6ZaSU+CodvqAkc9aHzzEjlS0mbeBJwS8uHlHxsCR34i6LU0KVt+MO+NvZX3ydLmPFjDutyBe XnBLbwXuACGZkbh2htmOJCq/k2rc96m8D/ldGrJBefHsWGN4itCWfkX2GLQLktSDffRVkzdvXW0O Imi8kBanxJugxshfDXw=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=campaigner; d=cmpgnr.com; h=Message-ID

ate:List-Unsubscribe:Subject:To:From:Reply-To:MIME-Version:Content-Type; bh=TqFV5tRhRotctVqPXYXXupH7XMY=; b=wjEsmNqsihM+zFzU+2bT8F6ytnjFYGnNcGQGKe7Snx6EZuZlGZaNvKycp0xnKSAaPe/YSc/T4EPZ msuKS+4D4uNt19Q9VPkNitSX9kTCQx2b8K7VIwdNI2dnjB0IOuXs2A9IQHTnHBjzdnu4mDG+U24b KXrbrszNaiJWL1rnhMk=
Received: by mail01.mailer.clubhouseonline-e3.com id hb13ku159ukl for <myemail@sbcglobal.net>; Wed, 8 Jun 2016 12:25:57 -0400 (envelope-from <bounce_onppahm-myemail=sbcglobal.net@mailer.clubhouseonline-e3.com>)
Message-ID: <1465403150390.14646264.18877059.4271503327@backend.mailer.clubhouseonline-e3.com>
Date: Wed, 8 Jun 2016 12:25:57 -0400
X-Campaign: 14646264/18877059/4271503327
List-Unsubscribe: <mailto:unsub_ciwnrd_yilqvjh@mailer.clubhouseonline-e3.com?subject=unsubscribe>
Bounces-To: bounce_ciwnrd_yilqvjh@mailer.clubhouseonline-e3.com
Errors-To: bounce_ciwnrd_yilqvjh@mailer.clubhouseonline-e3.com
Subject: HLRA Update 6-8-16
To: FULLNAME@nlpi169.prodigy.net, JR. <myemail@sbcglobal.net>
From: CLUBNAME <club@etex.net>
Reply-To: CLUBNAME <reply_ciwnrd_yilqvjh@mailer.clubhouseonline-e3.com>
MIME-Version: 1.0
Content-Type: text/html;charset=UTF-8

n5bb · 16 Jun 2016, 01:02 PM

Welcome to the EMD Forums!

The To header has nothing to do with delivery of an email to you. Instead the sending server uses an "Envelope-To" address when finding and sending to the destination server. Prodigy was merged with SBC in 2001, and SBC is now AT&T and uses Yahoo email services. The message appears to have been sent from clubhouseonline through a Prodigy (old SBC) server to you. The DKIM authentication failed with a bad signature, so the message appears to have been corrupted in transit. Many spam messages fail DKIM. It's very difficult to know for certain that those headers are valid when DKIM is failing.

I would ask the clubhouseonline staff about this. Their system appears to be creating these messages with the odd To addresses. They should be asked to fix the DKIM signing also.

Bill

gjohn · 17 Jun 2016, 03:24 AM

I do understand the To: is basically a part of the email and has nothing to do with delivery address. Here is the problem. I have contacted the club and they contacted the "provider" who said the following - "I opened a help ticket with our provider..they looked into it and said it wasn’t from their end. They said you could probably find an answer if you consulted with your email provider, SBCGlobal, because it looks like it is filtered through them and then sent out to you." I then complained to the CEO of AT&T email address and got someone from the President's office who would only tell me the emails were SPAM. They suggested everyone gets SPAM even them (the so-called experts) and suggested I delete the emails. I might but I would be deleting club news. I posted all the details on an AT&T forum and at one time had over 50 views with no responses.

A fundamental question is if the servers are changing and the To: is a part of the original email then how can the email content anticipate which server is going to be used since the server name is on the To line and changes with every email.

I complained to clubhouseonline technical help and they wanted more information. When I gave it to them they went silent. So, I believe someone is stonewalling but I do not know for what reason. Maybe clubhouseonline is using these servers clandestinely.

I just need a very detailed anlysis of the email so I can determine what to do next.

n5bb · 17 Jun 2016, 06:38 AM

The main issue I see is that the DKIM failure indicates that something is not set up properly.

Usually this failure indicates that the system which is creating the original email is providing an improper encrypted DKIM signature or that the message is being corrupted in transit. This might be happening as the sending system is relaying the message internally or by the SBC receiving servers.
But the example message you posted had two DKIM signatures. One was from "cmpgnr.com" while the other was from "mailer.clubhouseonline-e3.com". Both seem to be failing at the Yahoo receiving server (which SBC uses for their email).

DKIM allows the sending email server to add a cryptographic signature to the message. This allows the receiver to verify that the message was indeed sent by a system operated by the sending domain. Since both of the DKIM signatures can't be verified, the message appears to be spam to the SBC staff. But the SPF(Sender Policy Framework) test passes for the mailer.clubhouseonline-e3.com IP, which means that it was sent by a server they specific as correct for their domain.

The bottom line is that this message appears to be poorly formed by the sending system. My guess is that they patched two different systems together without understanding how the messages would appear to the recipient. The To address seems to be something broken at the originating system.

Would it be possible for you to ask the originating system operators to create a new clean account for you to use? It would also be nice if you had another email system you could use to receive messages, since then we could eliminate SBC/Yahoo as the culprit. What I don't understand (as you also don't) is what those Prodigy addresses with your full name included are doing in the To field. Although it would be possible for SBC/Yahoo to modify that header after the message arrives at your account, this is nonstandard and they should have included another header letting you know the original To field value in this case.

I agree that it's a mystery, and I think the only way to get a clearer idea of what is going on is to create a new account which uses a different email destination.

Bill

gjohn · 17 Jun 2016, 09:37 AM

As I said what you see is I think an attempt to get my name on the To: line when apparently it could not be done correctly otherwise for whatever reason. I.e., my name should appear as FULLNAME (first, middle initial, lastname) JR. So someone thought up the crazy scheme you see where the JR got put in front of my real email address which appeared after the nutty prodigy address. The club is a gated community of elderly who are easily flimflammed when it comes to technical issues like this. They did succeed in getting my name right but with some spurious ingredients.

I probably can do what you say but I would have to have the cooperation of the club staff and they do not know much and only repeat what they hear from the "provider" who is the culprit to begin with since they want to blame the problem on some "echo" effect created by SBCGLOBAL.

So, are you able to tell how it is possible to get the server name, which changes every email, into the To: line when it would seem the server would not be known at that time?

Thanks for looking at this. With your explanation about the DKIM I see how AT&T might have just blown me off, especially since it seems that much of what passes for AT&T technical personnel are just placeholders who have standard, canned answers.

I am going to collect everything I have found out and present it to those I think most responsible. Everything I present will be what I have gathered from various anonymous sources.

n5bb · 17 Jun 2016, 01:25 PM

Quote:

Originally Posted by gjohn

... So, are you able to tell how it is possible to get the server name, which changes every email, into the To: line when it would seem the server would not be known at that time? ...

But the receiving server (nlpi***.prodigy.net) announces it's name to the sending server (mail01.mailer.clubhouseonline-e3.com) when they first connect. So the sending server can do anything it wants to to any header it's sending at that time. This is not a normal thing a regular email server does, but this is a marketing campaign system and who knows what it might do. I'm convinced that the sending system is not configured correctly, and I'm not surprised that SBC/Yahoo told you it looked like spam to them.

It sounds to me like the sending system staff isn't going to do much for you as long as the emails continue to arrive in your SBC Inbox. I'm guessing that an untrained employee or volunteer at your club made some change which has caused this problem, and since two software/services companies are involved (campaigner and clubhouseonline-e3) it's not clear to them what happened.

I don't know what to tell you, except that I'm nearly positive that someone at the sending end will need to fix this.

Bill

gjohn · 18 Jun 2016, 03:56 AM

I have learned about the DKIM. I had also not noticed the cmpgnr.com which is some kind of emailing service. I have run about 5 header analyis programs and none show cmpgnr.com as a part of the path. MXToolBox says blacklist:- 216.24.225.125. What significance that has I do not know. All of the header analysis just mentions clubhouseonline, prodigy, and yahoo, which I presume is me.

I am having a little trouble with the sequence of events. I see a number of Received. I have been told the local club has its own server but it looks like the clubhouseonline IP is in Canada. Also, etex.net is the local club INTERNET provider which if the mail is coming out of cmpgnr.com then why is the local provider involved?

I understand if I have worn out my welcome. I will just keep digging.

Thanks

16 Jun 2016, 10:54 AM	#1
gjohn Junior Member Join Date: Jun 2016 Posts: 4	Unusual Email To: Line Addresses Approximately 2 months ago I began receiving some unusual To: line email addresses coming from a particular site. These addresses do not show up from any other emailer. The email content is legitimate. It is simply the email address on the To: line that is unusual. This began after I suggested the name being associated with my legitimate email address was wrong. My email had been entered into a record of a member of a club that had the same last name. Instead of the simple change being made it appears someone attached my full name denoted by FULLNAME, to some illegitimate prodigy.net email addresses. I have never had a prodigy.net email address. In addition to these prodigy email addresses there is my valid email address, myemail@sbcglobal.net, but with a “JR.” for the name. I am a junior. Below are some typical email addresses. There have been 7 so far. FULLNAME@nlpi162.prodigy.net FULLNAME@flph395.prodigy.net FULLNAME@nlpi180.prodigy.net FULLNAME@nlpi184.prodigy.net Below is a header analysis and then the header. The provider suggested the effect is somehow AT&T's problem. AT&T says the emails are SPAM. They are certainly not SPAM in the conventional sense because I know the source and they contain club information. Someone has questioned how the sender knows which server to put in the prodigy email address ahead of time. Does anyone know? MessageId 1465403150390.14646264.18877059.4271...eonline-e3.com Created at: 6/8/2016, 11:25:57 AM6/8/2016, 11:25:57 AM ( Delivered after 66 sec ) From: CLUBNAME <club@etex.net> To: FULLNAME@nlpi169.prodigy.net, JR. <myemail@sbcglobal.net> Subject: CLUBNAME Update 6-8-16 DKIM: permerror # Delay From* To* Protocol Time received 0 65 sec mail01.mailer.clubhouseonline-e3.com → nlpi169.prodigy.net ESMTP 6/8/2016, 11:27:02 AM6/8/2016, 11:27:02 AM 1 1 sec 216.24.225.125 → mta1195.sbc.mail.bf1.yahoo.com SMTP 6/8/2016, 11:27:03 AM6/8/2016, 11:27:03 AM From: 45 2016 <> X-Account-Key: account6 X-UIDL: AG52w0MAFvv+V1hHWAKzaHTvj04 X-Mozilla-Status: 1001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: X-Apparently-To: myemail@sbcglobal.net; Wed, 08 Jun 2016 16:27:03 +0000 Received-SPF: pass (domain of mailer.clubhouseonline-e3.com designates 216.24.225.125 as permitted sender) X-YMailISG: vuMRW.8WLDuXcFvowgOy397Bdhd4gkMwB5EA_eK46T0h1AZL g3X6M4ad4yr4GiFrsAdxlNAOZJDZlABo0Zyx3buO1jDfQ_1iZqhsjUAlpl97 ZG86IGQcUTexnuP_EXZac9zn7mS5a7gDEauUG_bwyIFSk8FrD7oGph0PTa8v dZy72qzfgTBt7DjlTjpqpkQ8aQ9oo9gqqpftYJ_vgOAQzUblMQl3KenLh14V KQMKbZhIQPXbwUTt5yw.ldr66rymlVCjr8TBwu9Z.LvLmp96QGSe0kXHLZfe D1zXK6eT2GgF7DhUMHpSFpPtYkq8ZGX5Vrb7ZVO6XAvjnWEBeHu2xYbpD62d T8m40B4cSgNvgBq8c.fjcww6LVxVn8Q.gsgZ2UnXL5vm89nHlkK.Pr7mhB22 vRkUqJzSyB72t3pTakLlmlbDj_dTybmHowmFbgNj8E77V9fHyUsOcloDvew_ yCWggfBz2OXqkXpgQdgtQRPnmtmkXlquEhTCXhghRhpzbISdIM6GvR4D8n_U 9pa4i1OJunHIRKt1gDudRnC9ZeNoNumRGGSo9REen7zdDtNKNtm0qN4kHZ1S CHKQzAjBdh3CzQz3Fy0n2WDjY7McINtkPoYcDt8BM6riyNwzthKAMo6srJIX LU7HmekH5qIliJqVGkkZ2xPe2orBqZBcyEYAziwZCBClJYblsdMj0f.IY7LB K23s_6mpkKenboEb3M8NZOqMf8LBDc1.LJRy96JRRb6yGIr2HaO3dcMKREbK FRhGK4J5b7IuhOamM9jLmIVtOvaOiDtw2gSEcw1uKPnqz6hNvDkMoDPiT033 MltBwq15H3pj8O1fc2ggalYe.rMx0xoVG300ltK3YVpvZcG3tdd1qFkljVwd PlmgdqXYi_r.Cidoh1fxJem8dc9Zxbsr1_rubYixURNP7oikLnMwt1dyUdFk WuMEzjBcMttO.phtPiI5xim4elxb3wWo59ymeWJ6CLGdxXH0Y2cDlXu8w3fF v7AOGFbt8s8MxSFxUkWxBe.yysycxYVBpsFQPRG2lRwK9z54tLWc7b3wxECP LVBJ0I_5OlGWzWOwwS6GJzmgrFaWEHiGkUKHjZx4v5exg.OHVOEoZBnMdkj8 dv7HbIbMc7NXvVibYCaNBpdoIsor2sHASRZ1hGtypSVAYmM7g_v_dnqebZwJ 3_2lHAvFG67wrB7fYcExABBQhEyXEm3rIozny1byhCXrN.mGesCBIktWmb1c zcu0EVnT4Qt8rg5fkg3KfbTvxPq0yIRn7PnJXf5egj.0zRGTlv6Uh5X.HtOp KspyJFmUZckKS0H7TLDidVZFOPr28k.A9ZKF2Pbw.ckrZAOUAuVKSd1XYwwf nr_p.2z1jpWPpf0fZg2GeoGkXhQqP_B7tWjpdvwi0aQDFbLknMbbGsxrizxE cqTxAD4D5htR9L0VAWLwN4xoYQxsSil79FLN6f592kBvlt_ecJlUwYif.nVx HA-- X-Originating-IP: [216.24.225.125] Authentication-Results: mta1195.sbc.mail.bf1.yahoo.com from=etex.net; domainkeys=neutral (no sig); from=cmpgnr.com; dkim=permerror (bad sig) Received: from 216.24.225.125 (EHLO nlpi169.prodigy.net) (207.115.36.41) by mta1195.sbc.mail.bf1.yahoo.com with SMTP; Wed, 08 Jun 2016 16:27:03 +0000 X-Originating-IP: [216.24.225.125] Received: from mail01.mailer.clubhouseonline-e3.com (mail01.mailer.clubhouseonline-e3.com [216.24.225.125]) by nlpi169.prodigy.net (8.14.4 IN nd2 TLS/8.14.4) with ESMTP id u58GQxop022418 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <myemail@sbcglobal.net>; Wed, 8 Jun 2016 11:27:02 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=em; d=mailer.clubhouseonline-e3.com; h=Message-IDate:List-Unsubscribe:Subject:To:From:Reply-To:MIME-Version:Content-Type; bh=TqFV5tRhRotctVqPXYXXupH7XMY=; b=Y+Ih6ZaSU+CodvqAkc9aHzzEjlS0mbeBJwS8uHlHxsCR34i6LU0KVt+MO+NvZX3ydLmPFjDutyBe XnBLbwXuACGZkbh2htmOJCq/k2rc96m8D/ldGrJBefHsWGN4itCWfkX2GLQLktSDffRVkzdvXW0O Imi8kBanxJugxshfDXw= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=campaigner; d=cmpgnr.com; h=Message-IDate:List-Unsubscribe:Subject:To:From:Reply-To:MIME-Version:Content-Type; bh=TqFV5tRhRotctVqPXYXXupH7XMY=; b=wjEsmNqsihM+zFzU+2bT8F6ytnjFYGnNcGQGKe7Snx6EZuZlGZaNvKycp0xnKSAaPe/YSc/T4EPZ msuKS+4D4uNt19Q9VPkNitSX9kTCQx2b8K7VIwdNI2dnjB0IOuXs2A9IQHTnHBjzdnu4mDG+U24b KXrbrszNaiJWL1rnhMk= Received: by mail01.mailer.clubhouseonline-e3.com id hb13ku159ukl for <myemail@sbcglobal.net>; Wed, 8 Jun 2016 12:25:57 -0400 (envelope-from <bounce_onppahm-myemail=sbcglobal.net@mailer.clubhouseonline-e3.com>) Message-ID: <1465403150390.14646264.18877059.4271503327@backend.mailer.clubhouseonline-e3.com> Date: Wed, 8 Jun 2016 12:25:57 -0400 X-Campaign: 14646264/18877059/4271503327 List-Unsubscribe: <mailto:unsub_ciwnrd_yilqvjh@mailer.clubhouseonline-e3.com?subject=unsubscribe> Bounces-To: bounce_ciwnrd_yilqvjh@mailer.clubhouseonline-e3.com Errors-To: bounce_ciwnrd_yilqvjh@mailer.clubhouseonline-e3.com Subject: HLRA Update 6-8-16 To: FULLNAME@nlpi169.prodigy.net, JR. <myemail@sbcglobal.net> From: CLUBNAME <club@etex.net> Reply-To: CLUBNAME <reply_ciwnrd_yilqvjh@mailer.clubhouseonline-e3.com> MIME-Version: 1.0 Content-Type: text/html;charset=UTF-8

17 Jun 2016, 03:24 AM	#3
gjohn Junior Member Join Date: Jun 2016 Posts: 4	Thanks I do understand the To: is basically a part of the email and has nothing to do with delivery address. Here is the problem. I have contacted the club and they contacted the "provider" who said the following - "I opened a help ticket with our provider..they looked into it and said it wasn’t from their end. They said you could probably find an answer if you consulted with your email provider, SBCGlobal, because it looks like it is filtered through them and then sent out to you." I then complained to the CEO of AT&T email address and got someone from the President's office who would only tell me the emails were SPAM. They suggested everyone gets SPAM even them (the so-called experts) and suggested I delete the emails. I might but I would be deleting club news. I posted all the details on an AT&T forum and at one time had over 50 views with no responses. A fundamental question is if the servers are changing and the To: is a part of the original email then how can the email content anticipate which server is going to be used since the server name is on the To line and changes with every email. I complained to clubhouseonline technical help and they wanted more information. When I gave it to them they went silent. So, I believe someone is stonewalling but I do not know for what reason. Maybe clubhouseonline is using these servers clandestinely. I just need a very detailed anlysis of the email so I can determine what to do next.

17 Jun 2016, 06:38 AM	#4
n5bb Intergalactic Postmaster Join Date: May 2004 Location: Irving, Texas Posts: 8,926	The main issue I see is that the DKIM failure indicates that something is not set up properly. Usually this failure indicates that the system which is creating the original email is providing an improper encrypted DKIM signature or that the message is being corrupted in transit. This might be happening as the sending system is relaying the message internally or by the SBC receiving servers. But the example message you posted had two DKIM signatures. One was from "cmpgnr.com" while the other was from "mailer.clubhouseonline-e3.com". Both seem to be failing at the Yahoo receiving server (which SBC uses for their email). DKIM allows the sending email server to add a cryptographic signature to the message. This allows the receiver to verify that the message was indeed sent by a system operated by the sending domain. Since both of the DKIM signatures can't be verified, the message appears to be spam to the SBC staff. But the SPF(Sender Policy Framework) test passes for the mailer.clubhouseonline-e3.com IP, which means that it was sent by a server they specific as correct for their domain. The bottom line is that this message appears to be poorly formed by the sending system. My guess is that they patched two different systems together without understanding how the messages would appear to the recipient. The To address seems to be something broken at the originating system. Would it be possible for you to ask the originating system operators to create a new clean account for you to use? It would also be nice if you had another email system you could use to receive messages, since then we could eliminate SBC/Yahoo as the culprit. What I don't understand (as you also don't) is what those Prodigy addresses with your full name included are doing in the To field. Although it would be possible for SBC/Yahoo to modify that header after the message arrives at your account, this is nonstandard and they should have included another header letting you know the original To field value in this case. I agree that it's a mystery, and I think the only way to get a clearer idea of what is going on is to create a new account which uses a different email destination. Bill

17 Jun 2016, 09:37 AM	#5
gjohn Junior Member Join Date: Jun 2016 Posts: 4	Ok As I said what you see is I think an attempt to get my name on the To: line when apparently it could not be done correctly otherwise for whatever reason. I.e., my name should appear as FULLNAME (first, middle initial, lastname) JR. So someone thought up the crazy scheme you see where the JR got put in front of my real email address which appeared after the nutty prodigy address. The club is a gated community of elderly who are easily flimflammed when it comes to technical issues like this. They did succeed in getting my name right but with some spurious ingredients. I probably can do what you say but I would have to have the cooperation of the club staff and they do not know much and only repeat what they hear from the "provider" who is the culprit to begin with since they want to blame the problem on some "echo" effect created by SBCGLOBAL. So, are you able to tell how it is possible to get the server name, which changes every email, into the To: line when it would seem the server would not be known at that time? Thanks for looking at this. With your explanation about the DKIM I see how AT&T might have just blown me off, especially since it seems that much of what passes for AT&T technical personnel are just placeholders who have standard, canned answers. I am going to collect everything I have found out and present it to those I think most responsible. Everything I present will be what I have gathered from various anonymous sources.

18 Jun 2016, 03:56 AM	#7
gjohn Junior Member Join Date: Jun 2016 Posts: 4	Learned A Lot I have learned about the DKIM. I had also not noticed the cmpgnr.com which is some kind of emailing service. I have run about 5 header analyis programs and none show cmpgnr.com as a part of the path. MXToolBox says blacklist:- 216.24.225.125. What significance that has I do not know. All of the header analysis just mentions clubhouseonline, prodigy, and yahoo, which I presume is me. I am having a little trouble with the sequence of events. I see a number of Received. I have been told the local club has its own server but it looks like the clubhouseonline IP is in Canada. Also, etex.net is the local club INTERNET provider which if the mail is coming out of cmpgnr.com then why is the local provider involved? I understand if I have worn out my welcome. I will just keep digging. Thanks

16 Jun 2016, 01:02 PM	#2
n5bb Intergalactic Postmaster Join Date: May 2004 Location: Irving, Texas Posts: 8,926	Welcome to the EMD Forums! The To header has nothing to do with delivery of an email to you. Instead the sending server uses an "Envelope-To" address when finding and sending to the destination server. Prodigy was merged with SBC in 2001, and SBC is now AT&T and uses Yahoo email services. The message appears to have been sent from clubhouseonline through a Prodigy (old SBC) server to you. The DKIM authentication failed with a bad signature, so the message appears to have been corrupted in transit. Many spam messages fail DKIM. It's very difficult to know for certain that those headers are valid when DKIM is failing. I would ask the clubhouseonline staff about this. Their system appears to be creating these messages with the odd To addresses. They should be asked to fix the DKIM signing also. Bill