How should I ask for help in getting my emails to stop bouncing?

For several months, people have been telling me that emails they sent to me have been bouncing back, marked as undeliverable. The bounce message would contain portions like this:

Final-Recipient: rfc822;XXX@sonic.net
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp;550 5.7.1 <XXX@sonic.net>... Recipient declines email from 
69.64.159.2, <spamhaus-xbl>, Ref: http://www.spamhaus.org/query/bl?ip=69.64.159.2

Clicking the link on the last line, the destination page told me that "this IP address is infected with/emitting spamware/spamtrojan traffic and needs to be fixed."

I could temporarily de-list this node by clicking a link on that page, but it would get back on the list and more emails to me to bounce.

I own a domain, innerpaths.net, and I normally use XXX@innerpaths.net for my email. I have my domain registrar, namecheap.com, forward all email from innerpaths.net to the email account XXX@sonic.net. (BTW, I had this same problem at a former registrar. I changed registrars, hoping that would fix the problem. It didn't.)

Trying to isolate the problem, I asked namecheap.com what I should do. Their answer, though substantial, left me scratching my head:

 We have received feedback from our upstream provider which informed us that the mail server
 that you are trying to email subscribes to a 3rd party blacklist service which they appear
 to be listed on at the present time and is causing destination mail server to reject 
 the messages. Being blocked with one of these services can happen to anyone for many reasons
 and is something that is beyond our control.

 3rd party blacklist services require companies whose mail servers they have blacklisted,
 pay fees in order to be removed from their lists. As we cannot pay fees to blacklist
 services which require them for removal, you should contact your email provider and
 have them whitelist our mail server IP address: 69.64.157.73.

My best guess is that I should email my ISP, sonic.net, tell them what is going on and ask them to whitelist the IP address 69.64.157.73. (If not, please let me know.)

But I want to know what is going on and how email works. I understand that there's a device at location 69.64.159.2 that is doing something bad that causes the "destination mail server [sonic.net's, I assume --gw] to reject the messages." I know that email is sent through multiple devices in a way that eventually gets it to its destination. Beyond that, here are my questions:

1) I thought the Internet "routed around damage." Why does email starting at namecheap.com always (or is it 'sometimes'?) go through 69.64.159.2?

2) Who is the "upstream provider" that the namecheap.com representative mentions, and what is their role?

3) How does having sonic.net's whitelisting namecheap.com's mail server prevent my email being bounced by 69.64.159.2?

I've searched the Internet for answers but have found nothing useful. Thanks for whatever answers you can provide.

Gregg Williams

Posted 2012-12-13T02:09:48.313

Reputation: 123

Answers

Gregg,

My honest, real answer is that you need to buy two books. One on the CompTia Network+ certification, and one on the Security+ certification. Your questions are valid but would take pages of response to make sense. Also, there would have to be research done to confirm some of the things you are asking. An example, what exactly is at 69.64.159.2? Is that a firewall, a router, what company owns it, etc...

These are not short answer questions.

An example: I thought the Internet "routed around damage." Why does email starting at namecheap.com always (or is it 'sometimes'?) go through 69.64.159.2?

The internet does route around damage. The problem is there is a route to a device that is receiving the file and doing a job of processing it. This is not considered damage.

Routing may sometimes go through the IP you are asking about. The Internet is not made up of static routes (most of the time). Most routing is done dynamically (in case something breaks). There is a lot that goes into dynamic routing design.

Again, read the two books, get a feel for Networking and Security, and it will help this make a LOT more sense.

Everett

Posted 2012-12-13T02:09:48.313

Reputation: 5 425

thanks for the referrals. I love to learn, but I didn't even know where to start! – Gregg Williams – 2012-12-14T20:55:01.187

The only thing you can do is change your email provider.

In the future, make sure that you don't send unsolicited mail. If you do, you will again get blacklisted.

bearcat

Posted 2012-12-13T02:09:48.313

Reputation: 21

Odd coincidence. I am not the OP but have been getting similar occasional bounced emails or not receiving all emails. A user sent me one of the bounces and then I even discovered I had a similar bounce to one of my gmail accounts that was forwarding based on a filter.

In both cases the bounced emails had the 69.64.159.2 IP address and flag'ed by spamhaus. Like the OP I am using namecheap to forward my emails from my personal domain they host to my email provider (just like the OP but different names of course).

At first I thought the problem was my email provider bouncing the emails but now it seems like it is more a problem with the namecheap IP address. Since much of the namecheap email works is it that most of the time there is no problem but that occasionally this namecheap IP address gets flagged into the spamhaus listing (then our email bounces) but then it gets removed from spamhaus listing (and then no bounces for a while)?

The first answer above seems to imply "make sure that you don't send unsolicited mail. If you do, you will again get blacklisted." as if the OP is sending spam email and thus causing the problem. But I am thinking what is happening is that there are many people like the OP, like me, like others (google namecheap and forwarding emails) who are wanting to use namecheap who is hosting their domain name and forwarding emails to their domain name to their real email provider but unfortunately there are some spammers who also are using namecheap in this way and thus as trying to prevent the spammer activity sometimes the namecheap IP gets flagged (which affects the spammer but also everyone else who isn't spamming and relies on the email forwarding for real reasons). I believe when this happens the IP fairly quickly gets removed from the blacklist but for the amount of time it is on the list any emails get bounced.

It is my feeling that if this above scenario is what is happening that anyone using the namecheap email forwarding of their domainname email will always be at risk of this problem some portion of the time and thus have unreliable emails occasionally. For my case I am considering not using the namecheap forwarding mechanism but instead working with my email provider to have the domain name email sent to them in a more direct fashion and not via the forwarding; I dont remember the lingo but it involves a higher level of service (more money per year) from my email provider to utilize this methiod. It is because of this higher cost and which most email providers don't even offer that many try/prefer the namecheap forwarding technique.

I apologize I have the background probably for this thread but felt the coincidence with the IP and finding this thread via google not to add my two cents.

Thanks, Tom

Tom

Posted 2012-12-13T02:09:48.313

Reputation: 1

1Note that "above" has no context in answers, since they can be sorted in multiple ways. – ale – 2012-12-13T14:44:07.270

Many thanks for your well-written information and well-informed guesses. But...what's an OP? Thanks. – Gregg Williams – 2012-12-14T20:58:43.810