Solved

Bogus helo hallmark.com?

Posted on 2009-07-09
9
703 Views
Last Modified: 2013-11-30
We are unable to send email to domains hosted by GoDaddy. The bounce notice we receive is below.

Following this thread, the FQDN is now "mail.lamarcalandry.com" http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23613515.html

Following this thread, I believe our PTR record is correct. Mail.lamarcalandry.com (64.199.233.178) is our mail server. http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_24473082.html

Another user had the same bounce message trying to send to another domain. What else could be the problem?
Your message did not reach some or all of the intended recipients.
 

      Subject:	RE: xxx

      Sent:	7/8/2009 7:25 AM
 

The following recipient(s) cannot be reached:
 

      xxx@ip-assure.com on 7/8/2009 7:25 AM

            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.

            <lamarcalandry.com #5.5.0 smtp;553 Bogus helo hallmark.com. <http://unblock.secureserver.net/?ip=64.199.233.178>>

Open in new window

0
Comment
Question by:pixelchef
  • 4
  • 3
  • 2
9 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
Comment Utility
There is nothing wrong with the DNS setup that I can see.
Have you been through their unblock process?

Simon.
0
 

Author Comment

by:pixelchef
Comment Utility
When I googled this error, some people thought it was a suspicious webpage. Should I go ahead and fill out the form?
0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
SecureServer is GoDaddy's email system. If you nslookup the server then you will get the IP address, if you whois the IP address you will find it belongs to GoDaddy. The web page is coming off their NDR. I don't know why people think it is suspicious.

Simon.
0
 

Author Comment

by:pixelchef
Comment Utility
I submitted the unblock request.

It seemed suspicious to me because going to secureserver.net gives a 404, GoDaddy's name does not appear on the site, it asks for my contact info (which is legitimate for this type of form, but could be equally bad for a spammer's form).
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 1

Expert Comment

by:nck534
Comment Utility
Do not fill out this form, it is most likely run by spammers or a malicious person / system.   I have had the same issues with this before.  Contact godaddy about the issue, also sign your domain up with MxTool Box you will be able to see if your domain has been black listed and setup alerts as to your domains status, you will also be able to do lookups on MX Records.    http://www.mxtoolbox.com
0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
nck534 - you are wrong. The form is not run by spammers. It is hosted on GoDaddy's servers to facilitate the removal of an IP address from their internal blacklist. It is the address given out by the NDR from their own email servers.

Simon.
0
 

Author Comment

by:pixelchef
Comment Utility
Too late... already submitted the form...

I already monitor our domain with mxtoolbox, and we have a clean bill of health there.

I guess time will tell what happens. :/
0
 
LVL 1

Expert Comment

by:nck534
Comment Utility
Never go about unblocking your domain online if at all possible.  U should do this over the phone or with direct messaging or e-mail to the reputible hosts or providers technical staff.  Do not give out your networks information, that will make you a target.  This site could very well be from godaddy but it could also be something else.  ether way I would never just give my info to a site ever.
0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
Its very easy to verify if the site is genuine or not. Furthermore a lot of companies will not talk to you unless you are a customer - they will tell you to use the form because it is an automated process.

You don't need to add network information to be a target, most IP addresses are scanned regularly. Spammers maintain their own lists of hosts that have email servers.

I am more suspicious of open relay testing sites than these sorts of sites.

Simon.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now