Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Help

Unknown address error?

  

 
SPF help RSS feed   Index | Next | Previous | View Threaded


ianw at graticule

May 2, 2008, 1:29 AM

Post #1 of 8 (780 views)
Permalink
Unknown address error?
I'm wondering if anyone can provide me with any assistance on the
following problem? Any help would be much appreciated.

We started getting an overload of fraudlant emails caliming to be from
graticule.com and therefore I decided to set up an SPF record to try and
prevent this. This has prevented most of the emails, however we are
getting the occasional message bounce back saying it was undeliverable
because it failed an SPF check. I don't understand why/where this source
IP address is coming from, and therefore am not sure how to go about
resolving the issue.

The SPF record is setup to allow both our office mail server and our
ISP's servers to send mail:
v=spf1 ip4:62.241.162.1/24 ip4:81.86.72.99 a mx -all/

The error message is as follows:

/"The following message to <aaaa[at]bbbb.com> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'"Mail from graticule.com is denied
from host 212.74.114.38 SPF"' /

-----------------------------------------------------------
/Reporting-MTA: dns; mk-outboundfilter-2.mail.uk.tiscali.com

Final-Recipient: rfc822;aaaa[at]bbbb.com
Action: failed
Status: 5.0.0 (permanent failure)
Remote-MTA: dns; [212.53.64.43]
Diagnostic-Code: smtp; 5.1.0 - Unknown address error 550-'"Mail from
graticule.com is denied from host 212.74.114.38 SPF"' (delivery
attempts: 0)"/

Our IP address however is 81.86.72.99 or 81-86-72-99.dsl.pipex.com and
have our own mail server, so I can understand where this 212.74.114.38
is coming from...

In case it helps, the email header is as follows:

/Subject: ------------- Removed -------------
From: Graticule Sales <sales[at]graticule.com>
Date: Thu, 01 May 2008 10:14:02 +0100
To: "aaaa[at]bbbb.com" <aaaa[at]bbbb.com>
Received: from galaxy.systems.pipex.net ([62.241.162.31]) by
smtp.pipex.tiscali.co.uk with ESMTP; 01 May 2008 10:14:03 +0100
Received: from galaxy.systems.pipex.net ([62.241.162.31]) by
smtp.pipex.tiscali.co.uk with ESMTP; 01 May 2008 10:14:03 +0100
Received: from graticule.com (81-86-72-99.dsl.pipex.com [81.86.72.99])
by galaxy.systems.pipex.net (Postfix) with ESMTP id EED88E000082 for
<aaaa[at]bbbb.com>; Thu, 1 May 2008 10:14:02 +0100 (BST)
Received: by graticule.com (Postfix, from userid 519) id A1F7AC74335;
Thu, 1 May 2008 10:14:02 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on kirkstall
X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00
autolearn=ham version=3.2.4
Received: from [192.168.1.11] (unknown [192.168.1.11]) by graticule.com
(Postfix) with ESMTP id 2FF0DC74335 for <aaaa[at]bbbb.com>; Thu, 1 May 2008
10:14:02 +0100 (BST)
Message-ID: <481989DA.9000704[at]graticule.com>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="------------010400090903040808050306" /

Thanks for the help.

Ian Wright

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


rob.macgregor at gmail

May 2, 2008, 2:11 AM

Post #2 of 8 (762 views)
Permalink
Re: Unknown address error? [In reply to]
On Fri, May 2, 2008 at 9:29 AM, Ian Wright <ianw[at]graticule.com> wrote:
> I'm wondering if anyone can provide me with any assistance on the following
> problem? Any help would be much appreciated.
>
> We started getting an overload of fraudlant emails caliming to be from
> graticule.com and therefore I decided to set up an SPF record to try and
> prevent this. This has prevented most of the emails, however we are getting
> the occasional message bounce back saying it was undeliverable because it
> failed an SPF check. I don't understand why/where this source IP address is
> coming from, and therefore am not sure how to go about resolving the issue.
>
> The SPF record is setup to allow both our office mail server and our ISP's
> servers to send mail:
> v=spf1 ip4:62.241.162.1/24 ip4:81.86.72.99 a mx -all/
>
> The error message is as follows:
>
> /"The following message to <aaaa[at]bbbb.com> was undeliverable.
> The reason for the problem:
> 5.1.0 - Unknown address error 550-'"Mail from graticule.com is denied from
> host 212.74.114.38 SPF"' /

This to me seems like some badly configured mail server is accepting
the mail, then bouncing it because it fails the SPF test, rather than
rejecting it at the SMTP session level.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


ianw at graticule

May 2, 2008, 2:26 AM

Post #3 of 8 (760 views)
Permalink
Re: Unknown address error? [In reply to]
Rob,

Would that imply our office mail server at (81.86.72.99) or one
somewhere else down the line? I don't
have a brilliant idea on how it all works so would have expected our
mail server to resolve the address of
the receipient's mail server (in this case bbbb.com) and send the mail
straight to it. But if that is the case, then
I can't understand where the extra IP address comes from?

If there systems a bit more complicated than that, then you think it may
well be the other mail server, which I believe
is a Pipex one that is at fault?

Ian
> On Fri, May 2, 2008 at 9:29 AM, Ian Wright <ianw[at]graticule.com> wrote:
>
>> I'm wondering if anyone can provide me with any assistance on the following
>> problem? Any help would be much appreciated.
>>
>> We started getting an overload of fraudlant emails caliming to be from
>> graticule.com and therefore I decided to set up an SPF record to try and
>> prevent this. This has prevented most of the emails, however we are getting
>> the occasional message bounce back saying it was undeliverable because it
>> failed an SPF check. I don't understand why/where this source IP address is
>> coming from, and therefore am not sure how to go about resolving the issue.
>>
>> The SPF record is setup to allow both our office mail server and our ISP's
>> servers to send mail:
>> v=spf1 ip4:62.241.162.1/24 ip4:81.86.72.99 a mx -all/
>>
>> The error message is as follows:
>>
>> /"The following message to <aaaa[at]bbbb.com> was undeliverable.
>> The reason for the problem:
>> 5.1.0 - Unknown address error 550-'"Mail from graticule.com is denied from
>> host 212.74.114.38 SPF"' /
>>
>
> This to me seems like some badly configured mail server is accepting
> the mail, then bouncing it because it fails the SPF test, rather than
> rejecting it at the SMTP session level.
>
>


--
*Ian Wright*
/Software Developer
ianw[at]graticule.com /

* Graticule <http://www.graticule.com>
* 01132 344000

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


ianw at graticule

May 2, 2008, 2:28 AM

Post #4 of 8 (754 views)
Permalink
Re: Unknown address error? [In reply to]
On top of that, maybe I should make it clear that these currently
rejected emails are legitimate ones from ourselves, and are not
fradulant ones. Don't think I explained that very well originally...

Ian

> On Fri, May 2, 2008 at 9:29 AM, Ian Wright <ianw[at]graticule.com> wrote:
>
>> I'm wondering if anyone can provide me with any assistance on the following
>> problem? Any help would be much appreciated.
>>
>> We started getting an overload of fraudlant emails caliming to be from
>> graticule.com and therefore I decided to set up an SPF record to try and
>> prevent this. This has prevented most of the emails, however we are getting
>> the occasional message bounce back saying it was undeliverable because it
>> failed an SPF check. I don't understand why/where this source IP address is
>> coming from, and therefore am not sure how to go about resolving the issue.
>>
>> The SPF record is setup to allow both our office mail server and our ISP's
>> servers to send mail:
>> v=spf1 ip4:62.241.162.1/24 ip4:81.86.72.99 a mx -all/
>>
>> The error message is as follows:
>>
>> /"The following message to <aaaa[at]bbbb.com> was undeliverable.
>> The reason for the problem:
>> 5.1.0 - Unknown address error 550-'"Mail from graticule.com is denied from
>> host 212.74.114.38 SPF"' /
>>
>
> This to me seems like some badly configured mail server is accepting
> the mail, then bouncing it because it fails the SPF test, rather than
> rejecting it at the SMTP session level.
>
>


--
*Ian Wright*
/Software Developer
ianw[at]graticule.com /

* Graticule <http://www.graticule.com>
* 01132 344000

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


alex at ergens

May 2, 2008, 3:10 AM

Post #5 of 8 (759 views)
Permalink
Re: Unknown address error? [In reply to]
On Fri, May 02, 2008 at 09:29:43AM +0100, Ian Wright wrote:
> I'm wondering if anyone can provide me with any assistance on the
> following problem? Any help would be much appreciated.
>
> We started getting an overload of fraudlant emails caliming to be from
> graticule.com and therefore I decided to set up an SPF record to try and
> prevent this. This has prevented most of the emails, however we are
> getting the occasional message bounce back saying it was undeliverable
> because it failed an SPF check. I don't understand why/where this source
> IP address is coming from, and therefore am not sure how to go about
> resolving the issue.
>
> The SPF record is setup to allow both our office mail server and our
> ISP's servers to send mail:
> v=spf1 ip4:62.241.162.1/24 ip4:81.86.72.99 a mx -all/
>
> The error message is as follows:
>
> /"The following message to <aaaa[at]bbbb.com> was undeliverable.
> The reason for the problem:
> 5.1.0 - Unknown address error 550-'"Mail from graticule.com is denied
> from host 212.74.114.38 SPF"' /
>
> -----------------------------------------------------------
> /Reporting-MTA: dns; mk-outboundfilter-2.mail.uk.tiscali.com
>
> Final-Recipient: rfc822;aaaa[at]bbbb.com
> Action: failed
> Status: 5.0.0 (permanent failure)
> Remote-MTA: dns; [212.53.64.43]
> Diagnostic-Code: smtp; 5.1.0 - Unknown address error 550-'"Mail from
> graticule.com is denied from host 212.74.114.38 SPF"' (delivery
> attempts: 0)"/
>
> Our IP address however is 81.86.72.99 or 81-86-72-99.dsl.pipex.com and
> have our own mail server, so I can understand where this 212.74.114.38
> is coming from...
>
> In case it helps, the email header is as follows:
>
> /Subject: ------------- Removed -------------
> From: Graticule Sales <sales[at]graticule.com>
> Date: Thu, 01 May 2008 10:14:02 +0100
> To: "aaaa[at]bbbb.com" <aaaa[at]bbbb.com>

> Received: from galaxy.systems.pipex.net ([62.241.162.31]) by
> smtp.pipex.tiscali.co.uk with ESMTP; 01 May 2008 10:14:03 +0100

If you can trust smtp.pipex.tiscali.co.uk, this means the message
was routed through 62.241.162.31

This is the last added Received: header line.

According to the error message, 212.53.64.43 refuses to accept the
message, because 212.74.114.38 claims to be sending in name of
sales[at]graticule.com


Looking at DNS:

43.64.53.212.in-addr.arpa. 28800 IN PTR relay1.netnames.net.
38.114.74.212.in-addr.arpa. 900 IN PTR mk-outboundfilter-2.mail.uk.tiscali.com.

This probably means someone at tiscali received the message, and
then decided to transmit a copy ("forward") to another address.
That other address has an MX at netnames.net, which detected a mismatch
between your domain name and the sending host.

If I'm right, this is an example of the forwarder's problem
(known as the forwarder problem).


Again, in other words:

You sent a message to someone[at]tiscali without any problems.

That someone[at]tiscali forwards his/her mail to elsewhere, but uses
your name to do so.

That elsewhere is aware of SPF, and refuses the message.
Tiscali cannot deliver the message, needs to do something, and
returns it not to the true sender but to you.

In this example case the message is delivered to the originator of the
original message, but it could easily have been a forged message which
then is "returned" to you.


HTH
Alex

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


ianw at graticule

May 2, 2008, 4:30 AM

Post #6 of 8 (755 views)
Permalink
Re: Unknown address error? [In reply to]
Alex,

Thanks for that explanation, all makes sense. I've looked it up on
google and appears to be one of the main reasons people advise against
using SPF. I'm guessing there isn't really a way around this as yet?
Would it make any difference if I changed my SPF record to "~all"
instead of "-all" which I believe adds more checks rather than just a
blanket ban on mail not from the given SPF record addresses?

Ian
> On Fri, May 02, 2008 at 09:29:43AM +0100, Ian Wright wrote:
>
>> I'm wondering if anyone can provide me with any assistance on the
>> following problem? Any help would be much appreciated.
>>
>> We started getting an overload of fraudlant emails caliming to be from
>> graticule.com and therefore I decided to set up an SPF record to try and
>> prevent this. This has prevented most of the emails, however we are
>> getting the occasional message bounce back saying it was undeliverable
>> because it failed an SPF check. I don't understand why/where this source
>> IP address is coming from, and therefore am not sure how to go about
>> resolving the issue.
>>
>> The SPF record is setup to allow both our office mail server and our
>> ISP's servers to send mail:
>> v=spf1 ip4:62.241.162.1/24 ip4:81.86.72.99 a mx -all/
>>
>> The error message is as follows:
>>
>> /"The following message to <aaaa[at]bbbb.com> was undeliverable.
>> The reason for the problem:
>> 5.1.0 - Unknown address error 550-'"Mail from graticule.com is denied
>> from host 212.74.114.38 SPF"' /
>>
>> -----------------------------------------------------------
>> /Reporting-MTA: dns; mk-outboundfilter-2.mail.uk.tiscali.com
>>
>> Final-Recipient: rfc822;aaaa[at]bbbb.com
>> Action: failed
>> Status: 5.0.0 (permanent failure)
>> Remote-MTA: dns; [212.53.64.43]
>> Diagnostic-Code: smtp; 5.1.0 - Unknown address error 550-'"Mail from
>> graticule.com is denied from host 212.74.114.38 SPF"' (delivery
>> attempts: 0)"/
>>
>> Our IP address however is 81.86.72.99 or 81-86-72-99.dsl.pipex.com and
>> have our own mail server, so I can understand where this 212.74.114.38
>> is coming from...
>>
>> In case it helps, the email header is as follows:
>>
>> /Subject: ------------- Removed -------------
>> From: Graticule Sales <sales[at]graticule.com>
>> Date: Thu, 01 May 2008 10:14:02 +0100
>> To: "aaaa[at]bbbb.com" <aaaa[at]bbbb.com>
>>
>
>
>> Received: from galaxy.systems.pipex.net ([62.241.162.31]) by
>> smtp.pipex.tiscali.co.uk with ESMTP; 01 May 2008 10:14:03 +0100
>>
>
> If you can trust smtp.pipex.tiscali.co.uk, this means the message
> was routed through 62.241.162.31
>
> This is the last added Received: header line.
>
> According to the error message, 212.53.64.43 refuses to accept the
> message, because 212.74.114.38 claims to be sending in name of
> sales[at]graticule.com
>
>
> Looking at DNS:
>
> 43.64.53.212.in-addr.arpa. 28800 IN PTR relay1.netnames.net.
> 38.114.74.212.in-addr.arpa. 900 IN PTR mk-outboundfilter-2.mail.uk.tiscali.com.
>
> This probably means someone at tiscali received the message, and
> then decided to transmit a copy ("forward") to another address.
> That other address has an MX at netnames.net, which detected a mismatch
> between your domain name and the sending host.
>
> If I'm right, this is an example of the forwarder's problem
> (known as the forwarder problem).
>
>
> Again, in other words:
>
> You sent a message to someone[at]tiscali without any problems.
>
> That someone[at]tiscali forwards his/her mail to elsewhere, but uses
> your name to do so.
>
> That elsewhere is aware of SPF, and refuses the message.
> Tiscali cannot deliver the message, needs to do something, and
> returns it not to the true sender but to you.
>
> In this example case the message is delivered to the originator of the
> original message, but it could easily have been a forged message which
> then is "returned" to you.
>
>
> HTH
> Alex
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: http://www.listbox.com/member/archive/1020/=now
> RSS Feed: http://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>


--
*Ian Wright*
/Software Developer
ianw[at]graticule.com /

* Graticule <http://www.graticule.com>
* 01132 344000

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


scott at kitterman

May 2, 2008, 4:48 AM

Post #7 of 8 (752 views)
Permalink
Re: Unknown address error? [In reply to]
On Fri, 02 May 2008 12:30:35 +0100 Ian Wright <ianw[at]graticule.com> wrote:
>Alex,
>
>Thanks for that explanation, all makes sense. I've looked it up on
>google and appears to be one of the main reasons people advise against
>using SPF. I'm guessing there isn't really a way around this as yet?
>Would it make any difference if I changed my SPF record to "~all"
>instead of "-all" which I believe adds more checks rather than just a
>blanket ban on mail not from the given SPF record addresses?
>

It might, but you would also lose the benefit of 'bad guys' being deterred
from sending using your domain.

I've gotten a handful of these over the 4 years I've had a -all SPF record.
These error messages have always had the address to which the message was
being forwarded in them. I just resend them and son't worry about it.

Technically this is a receiver misconfiguration (shouldn't check SPF on
fowarded mail), but , at least for me, it seems to be a very rare one.

Scott K

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


steve at teamITS

May 2, 2008, 7:32 AM

Post #8 of 8 (752 views)
Permalink
RE: Unknown address error? [In reply to]
Ian Wright wrote on 5/2/2008 6:30:35 AM:
> Would it make any difference if I changed my SPF record to "~all"
> instead of "-all" which I believe adds more checks rather than just a
> blanket ban on mail not from the given SPF record addresses?

~all doesn't add anything specifically. ~all says to be
suspicious of the message. It's up to the receiving mail server to
decide what to do with it. -all says to go ahead and reject the
message.


Scott Kitterman wrote on 5/2/2008 6:48:22 AM:
> Technically this is a receiver misconfiguration (shouldn't check SPF
on
> fowarded mail),

If it's as Alex described, it is the forwarder's problem, where
the forwarding server is not rewriting the from address. For lurkers:

http://www.openspf.org/FAQ/Forwarding


-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- At least egotists don't talk about other people, too.

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

SPF help RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.