Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Setting up a legitimate mail server

Posted on 2006-12-01
8
Medium Priority
?
271 Views
Last Modified: 2010-03-04
I have a video email software package.  I allow my clients to login and send out video emails.  However, when I sent out the email I bounce it of our server but I spoof it with their email addres.  When the video is received it will go back to the user's primary address.  For example, if their email address is name@yahoo.com then when the email show up in the recipients inbox it will show that it is coming from name@yahoo.com.  Obviously that is not really the case.  I need to be able to allow my customers to legitimately send out emails through my mailserver.  We are having difficulty with yahoo and hotmail specifically.  This is very urgent.  I have a lot of unhappy customers.   Any Ideas?

0
Comment
Question by:covideosystems
  • 4
  • 3
8 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 18058573
What a LOT of e-mail severs will do is when they receive email that says it from johndoe@somewhere.com, they will do a reverse lookup on the IP address that is sending the e-mail, then they do a forward lookup on what is returned.  If the two do not match they reject the e-mail.

In your case, you may think this is legitimate, but what you are doing is mis-representing where the e-mail is truly coming from, which is considered against the laws.
0
 

Author Comment

by:covideosystems
ID: 18058654
I do a lot of business with Auto Dealers.  Most dealerships incorporate a CRM tool that allows them to manage all of their customers and prospects.  They also use this tool to send emails.  There are thousands of dealers across that United States that use CRM's.  When they implement a CRM each employee will get a email address provided to them.  Let's say the CRM name is Dealerpeak.  Everyone will have a name@dealerpeak.com email account.  However when the sales rep from Joe's Honda sends out an email to his prospect it will say repname@joeshonda.com.  Now if you look at the email header you will see clearly that the email is orginating and tracing back to mail.dealerpeak.com.  Now they do this with all of their clients.  Every dealership has their own internal email account and the CRM's spoof their emails with the dealerships name and email address.  The emails are not coming from the dealerships mail server but the CRM shows that it does.  The CRM industry is a billion dollar business.  I find it hard to belive that they are all breaking the law.

I'm hoping that this isn't black and white.  I don't know if I'm breaking the law.  I sure hope i'm not because that would really screw up my software.  
Thoughts?

Thanks.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 18058724
I am assuming that you mean Customer Relationship Management tool.  Not sure, our CRM tool is setup to say that it is coming from @mydomain.com, not @someotherdomain.com.  In fact ever CRM tool I have worked on was setup like this.  

However, I have only worked in enviroments where the company was actually running the CRM tool in-house.  I have not worked in any enviroments where a 3rd party was hosting it.  

When the CRM software you have dealt with issued the HELO/EHEL command to the remote SMTP server what domain name does it use?

Which header shows that it is actually coming from dealerpeak.com?
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:covideosystems
ID: 18060200
All the CRM's that I have dealt with are third party.

They EHLO would be outbound.dealerpeak.com.
They HELO would be fe1.mail.dealerpeak.com.

I can assure that they successfully do this.  All the traces go back to dealerpeak and their IP.  However when you receive the email unless you looked at the headers you would never know it was from dealerpeak.  It would show that it is coming directly from the dealership.

Also, dealerpeak is just one example.  There are many many CRM's that do this.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 18060534
I looked at Dealer Peak and it seems they are full hosting sevice: Web, CRM, and e-mail.  If they are hosting the dealers e-mail sevice, then they will be able to send e-mail as though it came from joeshonda.com, as they are the hosting sevice for joeshonda and so it is coming from joeshonda's e-mail sever.

This is not a issue you can solve, this is how some companies and ISP's hace setup their inbound e-mail severs work.   It is not a problem with your software, it is a issue with the fact that the IP address that the e-mail is coming from, does not map back to a domain name that matches where the e-mail is coming from.
0
 

Author Comment

by:covideosystems
ID: 18060549
Ok.  I'm with you.  Our set up is flawed.  There must be a way around this.  What if I set up a legitimate mail server and give everyone an email account from my server, name@myserver.com.  I send out all the emails from my server.  The only thing that I will need is the recipient to be able to reply back to the email and have it go to joeshonda.com.  Also, it would be nice if it looked like it came from joeshonda.com.

You've given me a lot of bad news.  Please tell me there is light at the end of the tunnel.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 1440 total points
ID: 18060772
Well, think about it.  You even said it.  You want to spoof e-mail.  How do most spammers work?  Spoofing.  How do a lot of virus and malware get around? Spoofed e-mail.

How would you like it if I started sending out e-mail saying it was you?  Even if you "gave me permission", how can the person receiving the e-mail know this?  They can't.  This is why a lot of e-mail servers and most e-mail filtering products block e-mail that appears to be spoofed.

Some e-mail that is spam is sent though SMTP severs that are not properly configured and are open relays.  That is they send out e-mail from domains other than their own.  This is exactly what you are doing.  Sending e-mail out from a domain (joeshonda.com) that is not your domain.

You should be able to send the e-mail out as being from "joeshonda@mysever.com" and have the Replyto address be "salesperonsname@joeshonda.com".  That way when the person replies back, it will go to the salesperson.  

The only other thing I can think if is that you ask each customer to give you a host name within their domain and setup an CNAME in their DNS sever that points to a host name within your domain.  Then you add that host name to your PTR record for the IP address of the server you use to send the e-mail out.

Examples:

You have an A record for oemail.yourdomain.com pointing to x.x.x.x

joe's honda assigns you the host name crm.joeshonda.com.  They setup a CNAME that as crm.joeshonda.com -> oemail.yourdomain.com.

You add crm.joeshonda.com to the PTR record for x.x.x.x.

bill's toyota assigns you the host name crm.billstoyota.com.  They setup a CNAME that as crm.billstoyota.com -> oemail.yourdomain.com.

You add crm.billstoyota.com to the PTR record for x.x.x.x.

The reason for using a CNAME is that if you ever change your IP address, they don't have to do anything, you just update the A record for your sever's name.
0
 
LVL 33

Assisted Solution

by:shalomc
shalomc earned 60 total points
ID: 18069013
Try playing with the From and Sender headers.

For example, gmail lets you send email on behalf on another email address. They set headers like

From: "Co Video" <covideosystems@joeshonda.com>
Sender: covideosystems@gmail.com

covideosystems@gmail.com is the real gmail account, and covideosystems@joeshonda.com is the "spoofed" email.

Maybe this setup will work for you?

ShalomC



0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses
Course of the Month8 days, 2 hours left to enroll

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question