[dba-Tech] Seeking your advice regarding false positives for spam lists

Gustav Brock Gustav at cactus.dk
Fri Feb 5 04:00:18 CST 2010 

Hi Mark

GMail is one service that is relying on the existence of a spf record to look up to detect possible spam. 
We did this test a few days ago with two e-mails which will demonstrate. One went directly to the spam folder, the other did not. gustav at cactusdata.dk is a GMail account of ours.

This one was send from an in-house server at a client with a fixed-IP address ADSL line via the SMTP service of Windows Server 2000. At that moment, however, smtp.prconnect.dk was not recorded in the DNS; it is now:

<spamyes>
Delivered-To: gustav at cactusdata.dk 
Received: by 10.90.104.1 with SMTP id b1cs233630agc;
        Wed, 3 Feb 2010 04:57:45 -0800 (PST)
Received: by 10.223.4.22 with SMTP id 22mr7664289fap.97.1265201864702;
        Wed, 03 Feb 2010 04:57:44 -0800 (PST)
Return-Path: <admin at prconnect.dk>
Received: from smtp.prconnect.dk (cpe.atm2-0-10585.bynxx13.customer.tele.dk [80.164.141.170])
        by mx.google.com with ESMTP id 7si1489834fxm.43.2010.02.03.04.57.44;
        Wed, 03 Feb 2010 04:57:44 -0800 (PST)
Received-SPF: neutral (google.com: 80.164.141.170 is neither permitted nor denied by best guess record for domain of admin at prconnect.dk) client-ip=80.164.141.170;
Authentication-Results: mx.google.com; spf=neutral (google.com: 80.164.141.170 is neither permitted nor denied by best guess record for domain of admin at prconnect.dk) smtp.mail=admin at prconnect.dk 
Received: from server ([192.168.1.1]) by smtp.prconnect.dk with Microsoft SMTPSVC(5.0.2195.6713);
	 Wed, 3 Feb 2010 13:57:43 +0100
Message-ID: <000b01caa4d0$79910360$fa01a8c0 at prconnect.dk>
From: "Admin" <admin at prconnect.dk>
To: <gustav at cactusdata.dk>
Subject: Test fra PR Connect
Date: Wed, 3 Feb 2010 12:25:47 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0006_01CAA4CC.03A689D0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1983
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1983
Return-Path: admin at prconnect.dk 
X-OriginalArrivalTime: 03 Feb 2010 12:57:43.0334 (UTC) FILETIME=[79937460:01CAA4D0]
</spamyes>

This one was sent from our in-house GroupWise server:

<spamnot>
Delivered-To: gustav at cactusdata.dk 
Received: by 10.90.104.1 with SMTP id b1cs237337agc;
        Wed, 3 Feb 2010 06:18:35 -0800 (PST)
Received: by 10.142.7.25 with SMTP id 25mr161191wfg.141.1265206714605;
        Wed, 03 Feb 2010 06:18:34 -0800 (PST)
Return-Path: <Gustav at cactus.dk>
Received: from cactus.dk (mail.cactus.dk [213.150.48.58])
        by mx.google.com with ESMTP id 17si16796170pzk.125.2010.02.03.06.18.33;
        Wed, 03 Feb 2010 06:18:34 -0800 (PST)
Received-SPF: pass (google.com: domain of Gustav at cactus.dk designates 213.150.48.58 as permitted sender) client-ip=213.150.48.58;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of Gustav at cactus.dk designates 213.150.48.58 as permitted sender) smtp.mail=Gustav at cactus.dk 
Received: from gwdom-MTA by cactus.dk
	with Novell_GroupWise; Wed, 03 Feb 2010 15:18:32 +0100
Message-Id: <sb6993c8.057 at cactus.dk>
X-Mailer: Novell GroupWise Internet Agent 6.5.4 
Date: Wed, 03 Feb 2010 15:18:03 +0100
From: "Gustav Brock" <Gustav at cactus.dk>
To: <gustav at cactusdata.dk>
Subject: Cactus spf
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: base64
Content-Disposition: inline
</spamnot>

So a missing spf record may be what causes trouble for your client. I know there is some discussion about the spf record but I don't care that much as it works for probably all of the public major web based mail hosts.

In this example the spf record reads:

  "v=spf1 mx mx:smtp.prconnect.dk -all"

/gustav


>>> marklbreen at gmail.com 05-02-2010 10:23 >>>
Hello All,

I have a customer with six employees.  They are a government linked
childcare related organisation.  Their primary role in life is to dispense
funds to local pre-school child care businesses here in Ireland.

They have been noticing that they often get told that their emails were in
the spam folder of their recipient.

I did some tests yesterday sending from their email addresses to a few of my
gmail accounts and all of their emails went to google's spam folder.

Could they have gotton themselves onto a so called black list?
Do such things really exist and is it really so easy to get on one of these
lists?
I have to presume that if they exist and if you get on one, there is no easy
way to get off such a list?
If so, what do you suggest?  Register a similar domain name and cease use of
the old domain name?

Thanks for your suggestions and comments.

Mark

More information about the dba-Tech mailing list