Subscribe to the::unwired's RSS Feedthe::unwired at Twitterthe::unwired on Facebookthe::unwired on Google Plus
the::unwired Article
THOUGHT: If your Wireless Connection isn't good for E-Mails anymore
Posted by Arne Hess - on Wednesday, 22.08.07 - 15:20:12 CET under 09 - Thoughts - Viewed 11494x
Tagged under: [] []

How important is mobile E-Mail? I think it's as important for you as it is for me, at least that's one reason why I'm using smartphones, in this case a Windows Mobile 6 upgraded Samsung SGH-i600 (the European version of the BlackJack) and O2 Xda trion; and I'm using these devices for several reasons and one of it is the QWERTY keyboard which allows to write text messages as well as E-Mails. So indeed, E-Mail is important for me, especially because I'm receiving some dozens E-Mail per day as well as I'm writing some E-Mails per day, wirelessly from my mobile device. But have ever thought about the fact, that your wireless connection is marked as spam?

Me neither, until I sent an E-Mail yesterday to my buddy Jason Dunn from Thoughts Media and I was somehow irritated when he told me, my E-Mail was marked by SpamCop as spam. I was irritated for several reasons, mostly because I'm using a non-public E-Mail server (related to my web server) where I had to fear that my E-Mail and/or web server was abused for spam. If one of these two servers would be abused it means my server could have some serious security issues.
Thankfully Jason sent the report in his reply which made it easier for me to nail down the problem:

Content analysis details: (5.5 points, 5.0 required) pts rule name description

  • 1.2 MSGID_MULTIPLE_AT Message-ID contains multiple '@' characters
  • 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
    [Blocked - see <http://www.spamcop.net/bl.shtml?212.23.126.23>]
  • 1.0 FB_WORD1_END_DOLLAR BODY: Looks like a word ending with a $
  • 1.1 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server
    [212.23.126.23 listed in dnsbl.sorbs.net]
  • X-Spam-Flag: YES

Okay, as you can see above, the bad guy was a server with the IP 212.23.126.23. However, in this moment it was clear for me that it can't be my server since my IP addresses are different and I did a IP lookup. The result (what I feared already), the IP address isn't my but is related to E-Plus - the 3rd largest GSM and UMTS provider here in Germany:

inetnum: 212.23.126.0 - 212.23.126.31
netname: GPRS-NAT-POOL1
descr: GPRS NAT Pool
address: E-Plus Mobilfunk GmbH & Co KG
address: E-Plus Patz 1
address: D-40476 Duesseldorf

Okay, now that's too bad! While I have no clue where the E-Plus server went into the game (I've sent the E-Mail through my mail server which needs authentication), for some reasons the E-Plus server (to which I was connected via UMTS) took over the E-Mail (or whatever) and signed my E-Mail with his IP address. The result, the E-Mail was marked as spam when Jason received it (thankfully he received it anyway, I wouldn't receive such E-Mails on some of my E-Mail accounts).

Now I've checked SpamCop again to find out what the problem was and here is the result, why SpamCop lists the E-Plus server as unsafe:

  • System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
  • SpamCop users have reported system as a source of spam less than 10 times in the past week
    Automatic delisting

Furthermore SpamCop writes, "If you are the administrator of gprs-pool-1-023.eplus-online.de and you are sure it will not be the subject of any more reports of spam, you may cause the system to be delisted without waiting for us to review the issue. (Otherwise) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 12 hours."

Too bad, the 12 hours passed already and it looks like the situation hasn't became better which means the E-Plus GPRS IP range keeps blocked:

Looks like this specific IP address and a good amount of other IP addresses in E-Plus' IP rage are blocked which means for me, that my E-Plus SIM card becomes nearly useless since I'm also using my Windows Mobile devices as my wireless modems for my Tablet PC and on my Notebook I write even more E-Mails per day!

Sure I've called the E-Plus customer service already but forget it. The agent hasn't had a single clue what I was talking about and she wasn't able to connect me with someone in charge of this problem.

Again, I subscribed at E-Plus for one single reason: using their UMTS network for mobile data but what is a subscription worth if I have to fear now that non of my E-Mails will ever reach the recipient? What's a UMTS data connection good for if you cannot use it to do your work (and I need my wireless connections for work)? I mean I'm talking about very basic Internet services here like Web, E-Mail and FTP. Not more but also not less and these three services have to work; otherwise it becomes useless. Good that my contract is expiring soon and after this finding, I don't think I will renew it again.

Cheers ~ Arne


 

Related Articles THOUGHT:

Comments
Posted by fab on 22.08.07 - 20:10:13

hehe

Posted by Brandon on 23.08.07 - 06:20:20

Just a thought ... but did you check the advanced settings in the account on your i600? I noticed when I upgraded to WM6 that the smtp server settings configured by the carrier tried to override both my exchange setup and my gmail setup.

I'm sure already did... but I can't come up with a better explanation of why your personal email server would send outbound traffic through your carrier's server.

Posted by heliod on 23.08.07 - 06:22:05

Arne,

Usually, you are able to write to Spamcop and report that this range of IP addresses belong to an internet provider and even if one address has sent SPAM through it it doesn't mean that the whole range is SPAM source.

They are able to verify that and correct the error. It has happened to me and they did fix the problem.

What I don't get is that if you say that your server is not in E-plus you should be in a different range of addresses. If you are in their range, it seems that your server connection is going out through them somehow.

Do a TRACERT yourservername (or PING yourservername) and see what your actual address is, and then write them this letter, requesting to remove your specific address from the list.

Best regards,

Helio

Posted by Heinz Burkart on 23.08.07 - 09:58:34

Always the same problem with spam filtering sites. What is the use of a SPAM-Filter function if it blocks an IP address of an internet provider? Even more if the IP address is within a DHCP range.

No question: SPAM filters are usefull. At least in the past. We should go back to the times where we trusted the human brain more than any technik. So please Spamcop (and all the others out there) take your job serious. It can not be the business of an email user to do things like trace route, ping or nslookup just to send an email.

Cheers Heinz

Posted by Arne Hess on 23.08.07 - 12:14:01

@Brandon: No, my settings are fine and as I said, I need server authentication (for good reasons) for sending E-Mails and all my accounts are fine.
@Helio: I've sent them an E-Mail already and let them know that they are blocking a wireless carrier in Germany and while they are not blocking any SMTP or IMAP servers, they are blocking their range of GPRS IPs! We will see what happens. Anyway, I've traced and pinged my mail server and for sure I get the IP the servers are connected to. So that's all fine. Don't know where the E-Plus IP came into the game but as Heinz said, it's not my job to trace my IPs before I'm sending an E-Mail. My job is to send the E-Mail.

Posted by heliod on 24.08.07 - 11:14:23

The big problem is another: culture.

This problem will only finish when we manage to teach email receiving people NOT TO BUY FROM SPAMMERS!!!

Only when everybody (or most people) understands that they are only giving incentive to SPAM when they buy from spammers, and that SPAM messages should go directly to the trash can without reading, spammers will feel that the return is too small for the operation and we won't need spam filters anymore.

I've found an internet operator in Brazil that was filtering all email coming from Israel.... well, some people would laugh at this, and some extremists would say that this is anti-semitism, but the owner of the company is Jewish, so this is surely not the explanation. I t took me almost one month of conversations to make them undrestand how stupid that was :-)

I hope your problem is solved soon....

Posted by Mundl on 25.08.07 - 18:06:08

Arne,

could it be that e-plus was/is using a transparent SMTP proxy? Their router notices a connection attempt to port 25 to your email server, but the router would automatically divert the connection to their SMTP server, and you can do nothing about it because ALL outgoing port 25 connections are diverted.

Regards
Mundl

Posted by Arne Hess on 25.08.07 - 18:24:12

Ah, oh... yikes That's an interesting finding. Yes, could be - especially because E-Plus uses a WWW compression as well which compress all websites, reducing GIF quality, etc (which also sucks since you cannot disable it). So maybe they are routing all HTTP traffic through their own proxies (incl. SMTP, POP, etc.) to compress the traffic. This would make most sense.
Thanks for the idea, will try to follow-up with E-Plus, maybe I find second level support agent who knows more about it.

Social Sharing
     
This Week's Top Stories
Feeds & More
Awards & More
Recent Discussions
© Copyright 1998 - 2013 by the::unwired® & Arne Hess
All rights reserved!
the::unwired is a registered trademark of Arne Hess.
All trademarks are owned by their respective companies.
All site video, graphic and text content is copyrighted to the respective party and may not be reproduced without express written consent.