The refusal by an
ISP
to accept a bounce message (one with an empty envelope sender) is increasingly rare these days, but occasionally we do see it.
This is always a bad idea:
H=mx01.csx1.net [38.103.192.105] … SMTP error from remote mail server after pipelined DATA: 550 Empty envelope senders not allowed
The sender of the message (their client remember) will never
find out that the email has not been delivered. In this case the mail was being forwarded, so it's impossible for us to do any better than accept the mail and then test the
recipient address by trying a delivery. We had to delete the bounce message — there was nowhere to send it.
TFL
are rejecting authenticated mail relayed through our servers
due to one of the SMTP Received: headers containing an IP address listed at
Spamhaus.
In this case, it's the mistaken & inadvertent use of the
Spamhaus PBL where the error lies.
A majority of e-mail sent from a home broadband connection will contain an IP listed in the PBL.
TFL (or is it
Capita?)
are wrongly using the
Spamhaus ZEN
blocklist which is an aggregate of all the lists maintained by Spamhaus. This includes the PBL.
Here's the rejection message:
REDACTED@tflcc.co.uk
host smtp.tflcc.co.uk [80.82.130.162]
SMTP error from remote mail server after end of data:
550 5.7.1 92.40.249.10 listed at zen.spamhaus.org
The IP address TFL take an exception to is [
92.40.249.10] which is indeed listed in the PBL. The crucial thing is that this IP
has not connected to TFL's servers at all. Instead it has been plucked from the trace headers included in the message.
Here’s a phish, sent by: mail14-co9on0066.outbound.messaging.microsoft.com [157.56.211.66] seconds ago:
From: Barclays Bank PLC
Subject: Important Information From Barclays!
You have not used the telephone banking service for some
time now and this could lead to a temporary de-activation
of your access to this service.
In order to ensure your continued usage of the service and
other services such as the internet banking, please follow
the steps below :
Click here to begin
© 2014 Barclays Bank.
All Rights Reserved
We've trapped a couple of mails from gmail containing malware. Malware in the form of an attachment called
"Payment.rar", "document.rar" or "INVOICES.rar";
within that file is a windows ".scr" or ".exe" executable.
The text is like this (sic):
Dear Sir/Ma
Please check attachment for the confirmation of the part payment into your account. Thanks for your patient and we sincerely apologize for the delay. Please find swift message for the payment made via attachment and confirm back.
--
Thanks & Regard,
Rohitashwa K. Mishra,
Senior Journalist,
Dainik Bhaskar Group.
Or perhaps like this, received from
mail-vc0-f194.google.com [209.85.220.194]
on Tue, 29 Oct 2013 06:12:01
(sic):
Dear sir ,
Regarding to the previous order i made in your company , the goods shipped
to me are not exactly what i purchased, the attachments are the slip of
the payment i made and sample of the products i need if you have them give
me feedback and the new account so that i`ll make the next payment as you
told me .
thanks.
Of little importance in the great scheme of things, but
MessageLabs
are currently rejecting reports sent to
LloydsTSB's
reporting address:
2013-07-08 09:08:18 ** emailscams@lloydstsb.REDACTED SMTP error from remote mail server after end of data:
host cluster1.eu.messagelabs.com [195.245.230.115]:
553-Message filtered. Please see the FAQs section on spam
553-at http://www.messagelabs.com/support/ for more
553 information. (#5.7.1)