broken emails from techtarget/crn mag? omeda communications?
mouss
mouss at ml.netoyen.net
Tue Jul 26 23:19:56 CEST 2011
Le 22/07/2011 17:50, Michael Scheidell a écrit :
> any of you subscribed to techtarget or crm emails?
>
> seems on june 16th or 17th, something broke. and I am trying to
> determine if its something we did or something they did.
no, it's much older than that. I can see a borked one dating back to 25
April 2011 (yeah, I use European date format, not US format).
when they send via
http://www.omeda.com/careers_environment.html
a borked app sends SMTP commands inside data. so they send a
<CRLF>
DATA
<CRLF>
DKIM-Signature: ....
as _data_.
that ESP is also "forgetting" to expand variables:
Reply-To: "@{from_ttnt}@ Recommends" <no_reply at lists.techtarget.com>
now, even when they send via other means (for ex 206.19.49.33), their
mail is spammy (html only, bold font, unclickable URLs, ... etc).
so I'd say: all their mail may be blocked. this is probably the only way
to get them understand how email works...
>
> headers come in, received, received, then a BIG BLANK LIKE, then
>
> DATA DKIM
>
> (its almost like they shoved an extra DATA\r\n in there. or SA did.. or
> amavisd-new did)
>
> sometimes they are totally blank.
they are never blank. what is blank is what your mailer shows.
>
> headers (yes, it looks like spam, this one does) but we do have people
> who subscribed to it. notice the blank line after the received header?
> if you grep for 205.162.4[0-7]\.* you might see some like this.
> (and, no, this is not after microsoft mangles it.. maybe amavisd/sa/dkim
> version 38 does, but I don't know)
>
>
> Received: from crnnetwork.com (crnnetwork.com [205.162.47.163])
> by mx2.slpowers.com.ionspam.net (Postfix) with ESMTP id 115F06FE15B
> for <user at domain.com>; Fri, 22 Jul 2011 10:08:50 -0400 (EDT)
>
> DATA
> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
> t=1311343699; d=crnnetwork.com; s=dkim;
> h=date:message-id:from:to:subject:mime-version:content-type:list-unsubscribe;
> bh=WveFEzHxhYkhwXaVxeYtjjm8Q34bjdVex+sTxWOdwXg=;
> b=lL4+c3ymOfW+NTTsa1liqJrB4TPeV5ANFPiFeTkow8XWD796wMJdsCUVh8iNyuThGzngShLI0AByxbZk5g6MmWMNbujzSKf2Tnpm59BcISmOxOsVvUpNSfYO07K2rrqvDlRyiu0SZ6LZz85XAcVJGFHYXYXr1Z+GG6QwByltY4M=;
>
> Date: Fri, 22 Jul 2011 09:08:19 -0500 (CDT)
> Message-ID:
> <4Oz1ccmceDmcBfmLekDNsxjec.mD.1311343694695 at OMS05.crnnetwork.com>
> From: CRN <CRNmagazine at crnnetwork.com>
> Sender: CRN <CRNmagazine at crnnetwork.com>
> Reply-To: CRN <CRNmagazine at crnnetwork.com>
> To: user at domain.com
> Subject: Confirm Your Free Subscription to CRN Magazine Now
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary=----4Oz1ccmceDmcBfmLekDNsxjec.mD
> X-MailSessionID: 4Oz1ccmceDmcBfmLekDNsxjec.mD.1311343694695
> Referer: http://crnnetwork.com/portal/
>
> ------4Oz1ccmceDmcBfmLekDNsxjec.mD
>
> common factors seem to be their ESP
>
> NetRange: 205.162.40.0 - 205.162.47.255
> CIDR: 205.162.40.0/21
> OriginAS:
> NetName: SPRINTLINK
> NetHandle: NET-205-162-40-0-1
> Parent: NET-205-160-0-0-1
> NetType: Reassigned
> RegDate: 2003-11-12
> Updated: 2003-11-12
> Ref: http://whois.arin.net/rest/net/NET-205-162-40-0-1
>
> OrgName: Omeda Communications
>
>
>
More information about the amavis-users
mailing list