|
The Technical Zone... The Geeky forum... Use this forum to discuss technical aspects of email, from authentication protocols to encryption. |
|
Thread Tools |
29 Jan 2017, 06:54 PM | #16 | ||
The "e" in e-mail
Join Date: Sep 2004
Location: The Netherlands
Posts: 2,894
|
Quote:
Quote:
|
||
29 Jan 2017, 11:35 PM | #17 |
Member
Join Date: Jan 2017
Posts: 31
|
I got a reply back from Freehostia and they asked me to send 4 messages in succession to see if greylisting was active and they replied that they are getting nothing from Comcast (which Comcast admits). So there's no greylisting.
So do I tell Comcast that DMARC is a mechanism that Freehostia checks ...for valid emails? I don't know if I understand it totally. To me it's like comcast needing to send a technician to my brother's house to work on wiring and my brother needs to ID him (using DMARK) before letting him into the house. It's totally up to my brother whether he checks for ID (DMARC) or not, not the comcast technician. So when Comcast tells me they are not relaying my emails to Freehostia because "they need a valid DMARC record," it's like telling me that the technician didn't go into my brother's house because my brother didn't ask for ID. Is that analogy correct, because I need to understand how DMARK works before I call Comcast back. Thank you! I must say I am very thankful for everyone who has helped and I am stunned with the great amount of info I received here. Berenburger, is my tonytoninixyz@hotmail.com (remove the "xyz") funny because it doesn't work? ...or something else? I'm a bit of a novice, so I'd love some input if there's a problem with it (outside of using a form). Thanks. |
30 Jan 2017, 07:57 AM | #18 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,916
|
The problem you have described with the headers you posted before (sending messages from one of your personal domains to another of your personal domains) can't be due to DMARC policy failure because your DNS records for those domains don't specify any DMARC policy, and they don't provide any SPF related records either. It's harder to check the DKIM situation - I see a DKIM related DNS record for one domain but I'm not sure about the other domain. I can't tell if Comcast is DKIM signing your outgoing messages, since I don't have the complete headers of received messages which were sent by you through the Comcast outgoing SMTP servers. Here is what these terms mean:
I agree with jhollington -- there is likely a block or connection problem between Comcast and the receiving ISP. It's crazy for Comcast or the receiving domain to complain about missing SPF, DKIM, or DMARC. If the mechanisms fail, then they can complain. But if they are not implemented (no DNS entries) the email should be handed off normally. The spam filters at the receiver might increase the spam score, but they shouldn't refuse to accept the messages. As a point of reference, here are these policies for the comcast.net domain:
|
30 Jan 2017, 08:08 AM | #19 | ||
Essential Contributor
Join Date: Apr 2008
Posts: 371
|
Quote:
Quote:
Obviously, it's possible for Freehostia to refuse to accept messages if Comcast's DMARC/SPF policies were incorrectly configured, but as Bill points out, that's not the case — Comcast has extremely relaxed DMARC/SPF records (to the point where there's almost no point in having them published at all). Even in this case, however, the issue would not be Freehostia's DMARC/SPF/DKIM records, but rather Comcast's. Jesse Last edited by jhollington : 30 Jan 2017 at 08:34 AM. |
||
30 Jan 2017, 08:31 AM | #20 |
Essential Contributor
Join Date: Apr 2008
Posts: 371
|
To help boil this down to the basic procedures of how mail transfer should work in this case....
Also, it's worth noting that DMARC/SPF/DKIM checks are almost never handled at the SMTP session level (steps 4-7). The only thing that "mail.destination.com" (Freehostia) could be doing on their end that would affect that is having "outbound.comcast.net" on a blacklist. In that case, the destination server (mail.destination.com) essentially "hangs up" on the sending server (outbound.comcast.net) after step 6. However, this is assuming that Freehostia is the problem, of course, and that the problem exists at the SMTP layer. However, these are almost always permanent (500-series) failures, which would result in a non-delivery notification right away. The real smoking gun here are the fact that these are temporary failures. There are very few reasons why a message fails with a 400-series SMTP error code, and they're almost always related to communication issues:
While there are a handful of other common reasons why a transient error might be returned (and a whole lot of other very uncommon reasons), almost all of these other reasons would impact any sending server trying to communicate with the destination. For example, a 452 "Mailbox Full" is a common transient error, but if you were actually beyond your quota, your mailbox would be refusing messages from everybody, not just Comcast. Jesse Last edited by jhollington : 30 Jan 2017 at 08:42 AM. |
31 Jan 2017, 08:29 AM | #21 |
Member
Join Date: Jan 2017
Posts: 31
|
I called Comcast today and the guy I got in tier2 said that Comcast passes all traffic to everyone and it can't be true that they are not relaying it to Freehostia (yes, even after the last guy said he observed Comcast not sending it). I pretty much lost it and asked to talk to someone else and he said he'll have his supervisor call me back ...they never called back. I will post tomorrow after I call again.
|
1 Feb 2017, 06:15 AM | #22 |
Member
Join Date: Jan 2017
Posts: 31
|
The Comcast Security Assurance Tier 2 support supervisor never called me back (or course) but I called and got the original guy that told me that Comcast is indeed not passing email traffic to Freehostia because Freehostia does not have a DMARC (or SPF/DKIM) record/policy.
When I started to explain that it wouldn't make sense that emails wouldn't be passed off because the receiver doesn't have a good spam filter (DMARC/SPF/DKIM). He didn't know why I just didn't just accept what he told me (and suggested I should stop calling them), and I told him I had 2-3 people on email forums who were experts at this advising me that this explanation didn't make sense (that Comcast refuses to send email traffic to someone who isn't filtering well enough) ...because the filtering is on the receiving end (not Comcast's sending end). So he said "how do you know if they're more of an expert that me?" I said "I don't know, but it HAS to make sense to me and the other guys make more sense right now." Lastly he offered the following proof that it's Freehostia's lack of a DMARC record (his words -->) When hosted with Freehostia, I didn't get the emails because there's no DMARC record and when I switched my email over to Godaddy hosting (temporarily), I now get them successfully because Godaddy is a major player and they have a DMARK policy. BUT after we hung up I did a check on that with a DMARK lookup tool and Godaddy DOES NOT have a DMARC record for my domain despite receiving the emails normally!! (or an SPF) Here's what I did: I told him I'd set up DMARK and if I start getting emails, I'll apologize and let him know that was the problem. So I successfully set up a DMARC record and an SPF record to boot. Guess if that got me receiving emails from Comcast? Nope. Last edited by tony17112acst : 2 Feb 2017 at 10:40 AM. |
1 Feb 2017, 06:24 AM | #23 |
Member
Join Date: Jan 2017
Posts: 31
|
PS - When I found a tool for DMARC lookups and that website allows the option to click on a green "Find Problems" button. When the analysis is over, it says mbox.freehostia.com is on blacklisted by UCEPROTECTL1.
See it in action here: http://mxtoolbox.com/domain/anthonytonini.com/ Could that be the the problem? Keep in mind, I cannot send SMTP email with my hosting plan at Freehostia. Thanks! |
1 Feb 2017, 09:00 AM | #24 |
Junior Member
Join Date: Feb 2017
Posts: 8
|
Question her are you able to get any emails to mail@anthonytonini.com? If so are you able to post those headers?
|
1 Feb 2017, 09:06 AM | #25 |
Member
Join Date: Jan 2017
Posts: 31
|
Sure, here's one form a gmail account:
Return-path: <csatech749@gmail.com> Envelope-to: mail@anthonytonini.com Delivery-date: Sat, 28 Jan 2017 19:37:37 +0000 Received: from [209.85.218.42] (helo=mail-oi0-f42.google.com) by mail.freehostia.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.86_2 (FreeBSD)) (envelope-from <csatech749@gmail.com>) id 1cXYoa-000ML0-4h for mail@anthonytonini.com; Sat, 28 Jan 2017 19:37:36 +0000 Received: by mail-oi0-f42.google.com with SMTP id u143so175260723oif.3 for <mail@anthonytonini.com>; Sat, 28 Jan 2017 11:37:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Zsvxkh0ul2Z3qOpD3ZkYSyV0kC7+iX9YYOwBVI+Ul60=; b=av04RFV5H5IlncHp+74+0GUFlrEicEsNZb1eOWKsKj967yXOk+avjK2Vhft01eBlKO MhB0h0tgiSkIMmbUOpWeGMQg/TSxdqqDqy5fmDeFMj+RahJJ2rrj920qm9hHPvooK+nR nF8IHn9E3yquMomngXqTXjN7atV+KhZ1lMAqHFa127jH38ruJLkpPFB66f/un2sZ9P6l seOO2uwI3mnF80uD5OhC3zcXv6KRqHzEDAILAKu85yzN8uNyB7XIzzQD8DwdTGM2byMI ikUggU5M/1GUOemIWL3D3yJJ3/LaXYLrAxK8sUaQ3OnpjS/lL0q0GgpAgvEzmOJfK0MN COLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Zsvxkh0ul2Z3qOpD3ZkYSyV0kC7+iX9YYOwBVI+Ul60=; b=TuwjRB00iwvxWKX6i0+uZzq78jj839LEqWjFTLukzc9q/kbGN6QysO3Qg7lvM+2iKg PBwNQ3sSvVkCvKc9UnSajgCQ1SMrHZC/YNRtzj1Il68A/BTcasDU90QLHnOlElWUzuco FSI8Wc4+67mMa1LJGqVOSGHpRCy30jDOwm/uMfFPa4cQUjAVEh13R2R0qt62GaT9LIeJ AWYseAS2FBsllitdVz7ZSX5qeAp57k8UG2WnwN4gp6YSGvjOIodgh8zDJLrDAncgisBK BJnnTIzAYA+fzl4lLhGUPHoQEQBxsFmtPfcvbA3+OD1q1lMJgbQrlO0zBkC/q5BjCtpv FvgQ== X-Gm-Message-State: AIkVDXIrJzVJ6hHjROHETFj5rqBXDq2v/PFsGwoeXxXMo0pC8szwV27wNapMqGoh1OgNKsK3L7bV/Cb3ac1AvQ== X-Received: by 10.202.234.87 with SMTP id i84mr8475642oih.64.1485632255524; Sat, 28 Jan 2017 11:37:35 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.10.168 with HTTP; Sat, 28 Jan 2017 11:37:35 -0800 (PST) From: CSATech749 <csatech749@gmail.com> Date: Sat, 28 Jan 2017 14:37:35 -0500 Message-ID: <CAC8t75eNE6Q_kqT5i-ewbKvoC+Vga8ruPuZee7-W7Wiufm3euw@mail.gmail.com> Subject: Test To: mail@anthonytonini.com Content-Type: multipart/alternative; boundary=001a113d5d3edb856105472cb6dd X-Spam-Score-Int: 14 X-Spam-Score: + (1.4) --001a113d5d3edb856105472cb6dd Content-Type: text/plain; charset=UTF-8 |
1 Feb 2017, 09:29 AM | #26 | ||
Essential Contributor
Join Date: Apr 2008
Posts: 371
|
Quote:
That said, UCEPROTECTL1 isn't a good thing, and indicates that Freehostia has been a source of spam at some point within the last seven days according to the UCEPROTECT database at http://www.uceprotect.net/en/rblcheck.php. However, again, it seems unlikely that this is the problem, as senders don't usually care about blacklists, but who knows what Comcast might be doing. Quote:
|
||
1 Feb 2017, 10:01 AM | #27 |
Member
Join Date: Jan 2017
Posts: 31
|
jholl:
With my Freehostia setup, they do not provide the SMTP service at my service level (free). I could send with their SMTP if I upgraded and paid a monthly fee. So I do use pop3 to grab all email. Also, Wow that's good info to know ...I didn't know blacklists were for receiving! Also, with that blacklist being only 7 days old, my problem has been since Jan 1st (4.5 weeks now), so hopefully it's not the problem. I did let the Technician at Comcast know that Godaddy doesn't have a DMARC record and I get Comcast email there fine AND I let them know that I created valid DMARC and SPF records. He just sent me an email from his gmail account asking for headers from that suiccessful email ...so hopefully he's off the DMARC thing (which he berated me for challenging). So they MAY be researching it right now. |
1 Feb 2017, 11:24 PM | #28 | ||||
Essential Contributor
Join Date: Apr 2008
Posts: 371
|
Quote:
Quote:
Again, nobody should really be using blacklists to determine who to send mail to. Doesn't mean they can't do that, just that it doesn't make a lot of sense. The purpose of a blacklist is to identity which mail servers are sources of spam or other illegitimate messages, which (like DMARC and SPF) would only be relevant for receiving messages from those servers. Quote:
Quote:
Again, it's not impossible for Comcast to be looking at DMARC records or blacklists when sending. IMHO, it would be pretty silly of them to do so, but it wouldn't be out of the question — especially in the case of blacklists; the lack of a DMARC record doesn't say the mail system is "bad" whereas a blacklist entry definitely is a red flag that something is wrong. |
||||
2 Feb 2017, 02:29 AM | #29 | |
Junior Member
Join Date: Feb 2017
Posts: 8
|
Quote:
Try updating the mx record to point to mail.freehostia.com instead of the mxbox.freehostia.com |
|
2 Feb 2017, 03:01 AM | #30 |
Member
Join Date: Jan 2017
Posts: 31
|
mavas: I'll have to digest that recommendation (since I am a novice), but will your recommendation explain why I get email from everyone else in the world ...but not comcast? FYI, when you setup the account, we are instructed to use mbox.freehostia.com.
Jholl: Yes, they have webmail ...it's what I'm using temporarily. |
Thread Tools | |
|
|