ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Godaddy mail hostname = spam errors and possible security issue?

  • To: "ga@xxxxxxxxxxxxxx >> GA" <ga@xxxxxxxxxxxxxx>
  • Subject: Re: [ga] Godaddy mail hostname = spam errors and possible security issue?
  • From: Andy Gardner <andy@xxxxxxxxxxxxxxx>
  • Date: Sat, 1 May 2010 11:02:44 -0500


Mail from a Registrar to a Registrant, rejected due to errors in the 
Registrar's mail system is "tough luck" and not a potential security problem 
for Registrants?

And a Registrar spoofiing someone else's hostname is cool with you guys?

Sheesh.


On May 1, 2010, at 10:07 AM, Hugh Dierker wrote:

> So this sure looks like an error without a problem.
> 
> --- On Fri, 4/30/10, Hugo Monteiro <hugo.monteiro@xxxxxxxxxx> wrote:
> 
> From: Hugo Monteiro <hugo.monteiro@xxxxxxxxxx>
> Subject: Re: [ga] Godaddy mail hostname = spam errors and possible security 
> issue?
> To: "Andy Gardner" <andy@xxxxxxxxxxxxxxx>
> Cc: "ga@xxxxxxxxxxxxxx >> GA" <ga@xxxxxxxxxxxxxx>
> Date: Friday, April 30, 2010, 3:25 PM
> 
> On 04/30/2010 10:04 PM, Andy Gardner wrote:
>> Godaddy appears to use "made up" hostnames for SMTP HELO entries...
>>   
>> 
> 
> Hello Andy,
> 
> That is in fact a shame, since the sending hostname DOES have a proper DNS 
> setup. Even so, RFC5321 does not mandate that the correct HELO is to be 
> provided. From section 4.1.1.1 we can extract:
> 
> "(...) The argument clause contains the fully-qualified domain name of the 
> SMTP client, if one is available. In situations in which the SMTP client 
> system does not have a meaningful domain name (e.g., when its address is 
> dynamically allocated and no reverse mapping record is available), the client 
> SHOULD send an address literal (...)"
> 
> 
>> Received:    from unknown (HELO gdmailer03.dc1.corp.gd) (208.109.14.188) by 
>> m1relayapp01-01.prod.mesa1.secureserver.net with SMTP
>> 
>> I can see a couple of problems with this.
>> 
>> 1. Many antiSPAM measure reject mail from unknown hosts.
>>   
>> 
> 
> 
> True, but that's actually their own problem. If their mail gets rejected, 
> tough luck.
> 
> 
>> 2. corp.gd is a legitimate domain name owned by someone else than than 
>> Godaddy.
>> 
>> Domain Name:               corp.gd
>> 
>> Registrant, Technical Contact, Billing Contact, Admin. Contact
>>   SRA, MII
>>   Private Registration, b-dul Unirii 80, Bacau, , , , 
>> ramsmith59@xxxxxxxxx
>> 
>>   Romania
>>   E-mail:                  
>> domainmailfwd@xxxxxxxxx
>> 
>>   Phone:                   1.44.7833722420
>>   Fax:                     1.40.72729289
>> 
>> Resource Records (2):
>>                            ns      ns1.register.com        
>>                            ns      ns2.register.com        
>> 
>> 
>> One wonders how a major ICANN approved registrar can make such basic 
>> technical errors, and leave them in place for YEARS?
>> 
>> 
>>   
>> 
> 
> 
> One possibility is that they have contracted a mailing service from a company 
> (corp.gd), which happens to be Godaddy client for a conectivity package, in 
> Godaddys own ip netblock.
> 
> 
> R's,
> 
> Hugo Monteiro.
> -- 
> fct.unl.pt:~# cat .signature
> 
> Hugo Monteiro
> Email  : 
> hugo.monteiro@xxxxxxxxxx
> 
> Telefone : +351 212948300 Ext.15307
> Web      : 
> http://hmonteiro.net
> 
> 
> Divisão de Informática
> Faculdade de Ciências e Tecnologia da
>                  Universidade Nova de Lisboa
> Quinta da Torre   2829-516 Caparica   Portugal
> Telefone: +351 212948596   Fax: +351 212948548
> 
> www.fct.unl.pt                apoio@xxxxxxxxxx
> 
> 
> fct.unl.pt:~# _
> 
> 





<<< Chronological Index >>>    <<< Thread Index >>>