Is phx.gbl a real domain? Are messages that appear to be from it legitimate?

I checked the header data for a suspicious email that claimed to be a newsletter purportedly sent from Microsoft. The actual sender domain was @phx.gbl. A couple of WHOIS searches failed to find such a domain (not even just ".gbl"). I did notice in the results of a Google search that many newslist posts have this domain, but could find no specific discussion of its meaning. Should I be concerned when I find this domain in the sender address? I have not opened the main body of the message.

I don't submit many questions because I am not clear on the rules or expectations. This seems like a question a network expert would know the answer to, so I have rated it as easy. If I am wrong about this, please give feedback and I'll be more generous in the future. Thanks.

Mark H
harrismarkcAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

deaditeCommented:
if WHOIS does not list them, it was probably a randomly generated spoof.  You'll often find this with Spam and Virus emails.  I'm sure alot of people asked the same questions, that's why it appeared in a google search.  I'm not sure if this was your computer or for a work computer.  If it is for an enterprise, I would recommend using a Spam filter such as GFI.

If this sender appears alot in the header, then you are receiving SPAM emails.  If you receive a bunch of random senders that do not have any registered Domains in WHOIS, you can pretty much assume it to be junk.  Just don't open any attachments on the email (and some not the email if you don't know the sender).  I'm not sure what to tell you specifically about your situation (personal vs work, if you receive a bunch of random junk mail, etc).  If you need more details, let me know.
The--CaptainCommented:
Here's the definitive method to determine a domain's existence:

dig @198.41.0.4 <domain>

or in your case:

dig @198.41.0.4 phx.gbl

198.41.0.4 happens to be one of the IP addresses of a.root-servers.net, which is one of the DNS servers that contains all the relevant information for all root domains - the 'dig' command reveals that there are no authoritative servers for the .gbl root domain, and as such the domain is completely bogus.

Cheers,
-Jon

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
harrismarkcAuthor Commented:
Jon, your answer was so direct and articulate that I accepted it before trying it. I'm sure it works, but I'm running into difficulty applying it. Perhaps you can help me see what I'm doing incorrectly.

What kind of application should I use to implement this command?

Even though there is an "@" in the address, I guessed I was supposed to treat it as a URL in a browser. Apparently not, since both Firefox 1.0.4 and IE 6 SP2 return errors. I also tried removing the space between "dig" and "@". Still the errors. Next, I tried the string as an email address. With the space, it was unrecognizable to the email client (Oulook 2003). With the space removed, Outlook sent the message, but returned an error stating

The following addresses failed:  <dig@198.41.0.4>
domain name system error:
domain 198.41.0.4:
domain not found

I removed the space and re-sent. No success. Any further insights?

Thanks
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

alexmauerCommented:
I ran into this problem with an employee who was not getting email from someone he knew using MSN.com When I checked the headers and did a search on PHX.gbl, it appears to be a global name server that is not functioning or something like that. My exchange server cannot resolve it so it drops it. I can send to this guys msn account as I suspect it is routing through a different server. So thankfully, it is a MSN.com issue and not an issue with my exchange!

Mayhaps that helps
rstainforthCommented:
Hi guys,  I know its been a while since this topic was posted, but i recently had a similar issue with that domain name showing up on a netsat from a domain machine.  On investigation it appeared that it was an msn messenger connection (port 1863).  i believe the domain is some sort of NAT/spoof domain that Microsoft use, their servers are notriously dodgy when it comes to reverse dns lookups (we have endless problems with mail security dropping mails from these guys), which would be why you can't find it.
The--CaptainCommented:
>it appears to be a global name server that is not functioning or something like that

Not really.  This article has some details:

http://artific.com/articles/2005/12/27/a_practically_u/

Summary:  People use bogus domains in their reverse DNS - it can be annoying, but we can't really stop them from doing it.

Cheers,
-Jon
slackwareCommented:
.phx.gbl (colloquially referred to as "Phoenix" is the Microsoft internal domain that forward-facing servers are joined to.  All Hotmail, Live, and other MSN servers are members of this domain, so if you are running the Windows Live Messenger, or have your Hotmail inbox open you will see connections.  Blocking .phx.gbl will likely render your MS provided apps/services kaput.
The--CaptainCommented:
>I removed the space and re-sent. No success. Any further insights?

Those are unix commands (at least typically) - like most software, they don't work if they're not installed.

>Blocking .phx.gbl will likely render your MS provided apps/services kaput.

Likely?  It either will or will not break things (hint: it will *not* break things, since you can't break something that is already broken).  

Cheers,
-Jon
Darlene JacobsenCommented:
@phx.gbl is a commissioned domain name that is used by Phoenix Gobal Intelligence.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.