Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Help
Been getting a lot of these bounces - any suggestions?
alan at firstclassradio
Mar 23, 2010, 1:33 PM
Post #1 of 6 (5087 views)
Permalink
This is the entire returned email.
-----------------------------------------------------

A message from <alan@firstclassradio.com> to:
-> fuking_owned@hotmail.com

was considered unsolicited bulk e-mail (UBE).

Our internal reference code for your message is 10320-06/vcEKGkniLzK2

The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.

We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases of UBE some balance
between losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on both sides.

First upstream SMTP client IP address: [24.178.235.119] unknown
According to a 'Received:' trace, the message originated at:
[24.178.235.119],
[192.168.1.104] (unknown [24.178.235.119])

Return-Path: <alan@firstclassradio.com>
Message-ID: <4BA86F50.8050004@firstclassradio.com>
Subject: Where are you dude?

Delivery of the email was stopped!



Reporting-MTA: dns; mail.firstclassradio.com
Received-From-MTA: smtp; mail.firstclassradio.com ([127.0.0.1])
Arrival-Date: Tue, 23 Mar 2010 03:23:28 -0500 (CDT)

Original-Recipient: rfc822;fuking_owned@hotmail.com
Final-Recipient: rfc822;fuking_owned@hotmail.com
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 554 5.7.1 Rejected, id=10320-06 - SPAM
Last-Attempt-Date: Tue, 23 Mar 2010 03:23:39 -0500 (CDT)



Return-Path: <alan@firstclassradio.com>
Received: from [192.168.1.104] (unknown [24.178.235.119])
by mail.firstclassradio.com (Postfix) with ESMTP id 2F8319BC2D
for <fuking_owned@hotmail.com>; Tue, 23 Mar 2010 03:23:28 -0500 (CDT)
Message-ID: <4BA86F50.8050004@firstclassradio.com>
Date: Tue, 23 Mar 2010 02:35:44 -0500
From: Alan Johnson <alan@firstclassradio.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100317)
MIME-Version: 1.0
To: sam bicknell <fuking_owned@hotmail.com>
Subject: Where are you dude?
Content-Type: multipart/alternative;
boundary="------------070501070904050906050509"



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Been getting a lot of these bounces - any suggestions? [ In reply to ]
gcerullo at pixelpointstudios
Mar 23, 2010, 1:50 PM
Post #2 of 6 (4956 views)
Permalink
On 23-Mar-10, at 4:33 PM, Alan Johnson wrote:

> This is the entire returned email.
> -----------------------------------------------------
>
> A message from <alan@firstclassradio.com> to:
> -> fuking_owned@hotmail.com
>
> was considered unsolicited bulk e-mail (UBE).
>
> Our internal reference code for your message is 10320-06/vcEKGkniLzK2
>
> The message carried your return address, so it was either a genuine
> mail
> from you, or a sender address was faked and your e-mail address abused
> by third party, in which case we apologize for undesired notification.
>
> We do try to minimize backscatter for more prominent cases of UBE and
> for infected mail, but for less obvious cases of UBE some balance
> between losing genuine mail and sending undesired backscatter is
> sought,
> and there can be some collateral damage on both sides.
>
> First upstream SMTP client IP address: [24.178.235.119] unknown
> According to a 'Received:' trace, the message originated at:
> [24.178.235.119],
> [192.168.1.104] (unknown [24.178.235.119])
>
> Return-Path: <alan@firstclassradio.com>
> Message-ID: <4BA86F50.8050004@firstclassradio.com>
> Subject: Where are you dude?
>
> Delivery of the email was stopped!
>
>
>
> Reporting-MTA: dns; mail.firstclassradio.com
> Received-From-MTA: smtp; mail.firstclassradio.com ([127.0.0.1])
> Arrival-Date: Tue, 23 Mar 2010 03:23:28 -0500 (CDT)
>
> Original-Recipient: rfc822;fuking_owned@hotmail.com
> Final-Recipient: rfc822;fuking_owned@hotmail.com
> Action: failed
> Status: 5.7.1
> Diagnostic-Code: smtp; 554 5.7.1 Rejected, id=10320-06 - SPAM
> Last-Attempt-Date: Tue, 23 Mar 2010 03:23:39 -0500 (CDT)
>
>
>
> Return-Path: <alan@firstclassradio.com>
> Received: from [192.168.1.104] (unknown [24.178.235.119])
> by mail.firstclassradio.com (Postfix) with ESMTP id 2F8319BC2D
> for <fuking_owned@hotmail.com>; Tue, 23 Mar 2010 03:23:28 -0500
> (CDT)
> Message-ID: <4BA86F50.8050004@firstclassradio.com>
> Date: Tue, 23 Mar 2010 02:35:44 -0500
> From: Alan Johnson <alan@firstclassradio.com>
> User-Agent: Thunderbird 2.0.0.24 (X11/20100317)
> MIME-Version: 1.0
> To: sam bicknell <fuking_owned@hotmail.com>
> Subject: Where are you dude?
> Content-Type: multipart/alternative;
> boundary="------------070501070904050906050509"


You have an invalid SPF policy for your domain.

firstclassradio.com. IN TXT "v=spf1 a ip4"

The A record for firstclassradio.com points to the IP address of
68.253.14.134 so you want an SPF policy that looks like one of the
following (assuming all your mail originates from the same server that
your domain A record points to.)

v=spf1 a -all

or

v=spf1 ip4:68.253.14.134 -all

You are also missing the "all" mechanism at the end of the policy
statement (please understand the differences between the different
"all" mechanisms before you choose one).

--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Been getting a lot of these bounces - any suggestions? [ In reply to ]
rob.macgregor at gmail
Mar 23, 2010, 1:53 PM
Post #3 of 6 (4948 views)
Permalink
On Tue, Mar 23, 2010 at 20:33, Alan Johnson <alan@firstclassradio.com> wrote:
> This is the entire returned email.

I see nothing in there about SPF - what makes you think this is an SPF
related problem?

That said your SPF record is massively broken:

TXT: "v=spf1 a ip4<br>"
SPF: "v=spf1 a ip4"

Neither of those are valid SPF records. Assuming you send email from
the hosts firstclassradio.com and mail.firstclassradio.com then your
SPF record would be:

v=spf1 ip4:68.253.14.134 ip4:68.253.14.135 -all

Ensure that whoever manages your SPF records keeps both the TXT and
SPF record identical.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Been getting a lot of these bounces - any suggestions? [ In reply to ]
alan at firstclassradio
Mar 23, 2010, 2:20 PM
Post #4 of 6 (4951 views)
Permalink
Gino Cerullo wrote:
>
>
> You have an invalid SPF policy for your domain.
>
> firstclassradio.com. IN TXT "v=spf1 a ip4"
>
> The A record for firstclassradio.com points to the IP address of
> 68.253.14.134 so you want an SPF policy that looks like one of the
> following (assuming all your mail originates from the same server that
> your domain A record points to.)
>
> v=spf1 a -all
>
> or
>
> v=spf1 ip4:68.253.14.134 -all
>
> You are also missing the "all" mechanism at the end of the policy
> statement (please understand the differences between the different
> "all" mechanisms before you choose one).
>
> --
> Gino Cerullo
>
> Pixel Point Studios
> 21 Chesham Drive
> Toronto, ON M3M 1W6
>
> 416-247-7740
>
Actually the record is correct as written in the data file for tinydns.

'firstclassradio.com:v=spf1 a ip4:68.253.14.135 mx -all:3600
'mail.firstclassradio.com:v=spf1 a -all:3600

but for some reason it gets reported wrong

Just to double check I deleted both lines and re-typed them and ran make.

no joy.

I'm almost one hundred percent sure they where reported correctly when I
first set them up. (its been a couple of years, since I did it) I
haven't really had any issues until a couple of weeks ago. Well, I'll
try to get to the bottom of it.

And as to Rob's question. I only check ip's and validate logins to
relay. Since it didn't seem to be a postfix error, I though it had to
be spf.

Thanks



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Been getting a lot of these bounces - any suggestions? [ In reply to ]
scott at kitterman
Mar 23, 2010, 2:27 PM
Post #5 of 6 (4941 views)
Permalink
"Rob MacGregor" <rob.macgregor@gmail.com> wrote:

>On Tue, Mar 23, 2010 at 20:33, Alan Johnson <alan@firstclassradio.com> wrote:
>> This is the entire returned email.
>
>I see nothing in there about SPF - what makes you think this is an SPF
>related problem?
>
>That said your SPF record is massively broken:
>
>TXT: "v=spf1 a ip4<br>"
>SPF: "v=spf1 a ip4"
>
>Neither of those are valid SPF records. Assuming you send email from
>the hosts firstclassradio.com and mail.firstclassradio.com then your
>SPF record would be:
>
>v=spf1 ip4:68.253.14.134 ip4:68.253.14.135 -all
>
>Ensure that whoever manages your SPF records keeps both the TXT and
>SPF record identical.
>
It looks like you're using my SPF record tester. The trailing <BR> is due to a bug in the site and not in the record.

Scott K

-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Been getting a lot of these bounces - any suggestions? [ In reply to ]
rob.macgregor at gmail
Mar 23, 2010, 3:31 PM
Post #6 of 6 (4939 views)
Permalink
On Tue, Mar 23, 2010 at 21:27, Scott Kitterman <scott@kitterman.com> wrote:
>
> It looks like you're using my SPF record tester.

Well, it is the best one out there ;)

>The trailing <BR>  is due to a bug in the site and not in the record.

Ah - good to know.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal