Solved

malformed email header stopping e-mail from entering major ISP's What is wrong with this header?

Posted on 2007-11-15
9
2,465 Views
Last Modified: 2013-12-09
This header get into gmail and other mail programs, but gets blocked by AOL, verizon, comcast, or Network solutions web based e-mail programs.  It is not sent to the users spam box but is rejected by the ISP even before the letter enters their system.

This e-mail does make it to my personal box, and others like hotmail, but will not make it to the other ISPs like AOL.

I think something is wrong with this header.

X-Account-Key: 	account3	

X-UIDL: 	1b66c3af33e39ee3	

X-Mozilla-Status: 	0001	

X-Mozilla-Status2: 	00000000	

X-Mozilla-Keys: 	

Return-Path: 	<taf@wiz.WIZARDPROGRAMS.COM>	

X-Original-To: 	jon@thralow.com	

Delivered-To: 	jthralow@mail.dodaday.com	

Received: 	from wiz.WIZARDPROGRAMS.COM (unknown [216.246.57.42]) by mail.dodaday.com (Postfix) with ESMTP id ED77311974010 for <jon@thralow.com>; Thu, 20 Sep 2007 10:05:47 -0500 (CDT)	

Received: 	from taf by wiz.WIZARDPROGRAMS.COM with local (Exim 4.68) (envelope-from <taf@wiz.WIZARDPROGRAMS.COM>) id 1IYNb9-0001uI-1j for jon@thralow.com; Thu, 20 Sep 2007 10:05:47 -0500	

To: 	jon<jon@thralow.com>	

From: 	jthralow@gmail.com	

Subject: 	test	

MIME-Version: 	1.0	

Content-Type: 	text/html; boundary="8=--"	

Message-Id: 	<E1IYNb9-0001uI-1j@wiz.WIZARDPROGRAMS.COM>	

Date: 	Thu, 20 Sep 2007 10:05:47 -0500	

X-AntiAbuse: 	This header was added to track abuse, please include it with any abuse report	

X-AntiAbuse: 	Primary Hostname - wiz.WIZARDPROGRAMS.COM	

X-AntiAbuse: 	Original Domain - thralow.com	

X-AntiAbuse: 	Originator/Caller UID/GID - [32004 509] / [47 12]	

X-AntiAbuse: 	Sender Address Domain - wiz.WIZARDPROGRAMS.COM

Open in new window

0
Comment
Question by:jthralow
  • 5
  • 3
9 Comments
 
LVL 36

Expert Comment

by:grblades
ID: 20290039
What error do you get when they reject the mail?

You could send a test to me at test@cdlive.co.uk and I can check all the headers, rbls etc...
0
 

Author Comment

by:jthralow
ID: 20290094
I do not get any error no bounce that I can find it just seems to go into a hole.
It would make more sense if it ended up in a spam filter, but it does not get that far.

This header is generated from a Perl script and I assume it is from the header as It makes it fine to most ISPs just these large ones do not like something about it.

0
 
LVL 31

Expert Comment

by:moorhouselondon
ID: 20292084
Are there carriage returns and line feeds in the transcript?  (There don't appear to be any).
0
 

Author Comment

by:jthralow
ID: 20292167
I think the formating may be off from uploading it here.
I can send something to you directly if you would like.

Jon
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 36

Expert Comment

by:grblades
ID: 20292214
Did you send the test email to me?
Please post here if you do send it.
0
 

Author Comment

by:jthralow
ID: 20299315
I have sent a few tests to you.
Let me know what you find.
0
 
LVL 36

Accepted Solution

by:
grblades earned 250 total points
ID: 20299882
1) Received: from 7610.wingsix.com (unknown [216.246.57.42])
The email is coming from the IP address above but there does not seem to be a reverse DNS (PTR record) associated with it. You should contact whichever ISP provided this IP address to you and ask them to set a PTR record for it pointing back to 7610.wingsix.com.

2) The 7610.wingsix.com address the emails are coming from does not exist. You will need to create it.

You were not on any RBLs and the actual email did not trigger and spam rules other than it only contained a html email and no plain text version aswell.


I suggest you fix those two dns issues. and then implement SPF (www.openspf.org) which is just a TXT entry in the DNS. And then after 24 hours to allow the DNS changes to take effect go to http://www.dnswl.org and add your IP address to the free whitelist.
0
 

Author Comment

by:jthralow
ID: 20300327
Thanks,
I am on it.  I will see if that solves the issue.
0
 

Author Closing Comment

by:jthralow
ID: 31409351
That did it grblades.
It was a DNS issue that held the letters back from the Major ISPs.
They are all going through now.
Thanks!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Are you having trouble connecting or getting your iPhone / Samsung device(s) to sync with Microsoft Exchange Server?   What have you tried?   What haven't you tried?
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now