Email address from @sonic.net NOT forwarding specific email(s)!?

General discussions and other topics.
4 posts Page 1 of 1
by orm » Sat Jan 11, 2020 6:13 pm
Was transferring a domain today. It was set up to have as the admin contact an email box at sonic.net that luckily kept the messages. For some reason, the notification of unlocked emails, authorization codes, and all emails after the transfer was initiated were forwarded from the sonic inbox, but NOT the repeat emails requesting a transfer initiation. This was so bizarre I didn't even log-in to check on this until the last step as I had such confidence in sonic of all the other services involved.

Transferring from Godaddy (they have messed with transfer requests in the past, so I was looking for that), to Namesilo (their like the sonic of domain name registrars, everyone should use them), with the admin contact on a non-private (public, since it's .us and privacy is not allowed) whois listing as a sonic.net email address, forwarding to a hotmail account.

All channels were working surrounding these emails and everything fired perfectly as intended to get around DNS/NS/Godaddy etc. problems by setting things up this way based on past experience and obvious best practices for example not using your admin contact as the email address you are attempting to transfer a domain with attached to that domain...

How/Why did this happen? Do I have to change what I thought was a pretty bullet proof system again? I've grabbed the header of these emails and I don't see a reason they weren't forwarded, here it is:

Code: Select all

Return-Path: <bounce+a72a9e.7bbab-MYSONICINBOXUSER=sonic.net@namesilo.com>
X-Spam-Checker-Version: SpamAssassin 3.4.3 (2019-12-06) on h.spam.sonic.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
    HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_NONE,SNF4SA,SPF_HELO_NONE
    autolearn=disabled version=3.4.3
X-Spam-SNF-Result: 0 (Standard White Rules)
X-Spam-MessageSniffer-Scan-Result: 
X-Spam-MessageSniffer-Rules: 
    0-0-0-6044-c
X-Spam-GBUdb-Analysis: 0, 157.131.224.145, Ugly c=1 p=-0.513545 Source Normal
Received: from b.mx.sonic.net (a.spam-proxy.sonic.net [157.131.224.145])
    by b.local-delivery (8.14.7/8.14.7) with ESMTP id 00C1AQ7W022149
    (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
    for <MYSONICINBOXUSER@lds.sonic.net>; Sat, 11 Jan 2020 17:10:26 -0800
Received: from so254-58.mailgun.net (so254-58.mailgun.net [198.61.254.58])
    by b.mx.sonic.net (8.14.7/8.14.7) with ESMTP id 00C1AOZ7077206
    (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
    for <MYSONICINBOXUSER@sonic.net>; Sat, 11 Jan 2020 17:10:25 -0800
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=namesilo.com; q=dns/txt;
    s=krs; t=1578791425; h=Content-Transfer-Encoding: Content-Type:
    Reply-To: From: MIME-Version: Subject: To: Message-Id: Date: Sender;
    bh=eEl7racOOx/1AyGgj/w+8ARfFCoTRjASGFUbCbNeh78=; b=C5E5gN372NB9wtVy3bjGvotlPk+ibObwq/TyeiMi6LEW+WOs8VQ2rC7LOCE0Gcw04LsIdUW6
    OcJOqOc2rhVnk6OHohrxghzl3yJ8XHlDDIDfKIcXpaaoKRC/zk4c6aeeqlOq81/sU0Pvhtze
    AgshM05LcuIMvkAx0ZZaH3PXlvE=
X-Mailgun-Sending-Ip: 198.61.254.58
X-Mailgun-Sid: WyJkNzFjMSIsICJ2b2RkZXJkb21haW5zQHNvbmljLm5ldCIsICI3YmJhYiJd
Sender: support@namesilo.com
Received: from m2.emailowl.com (m2.emailowl.com [198.199.111.6])
    by mxa.mailgun.org with ESMTP id 5e1a71ff.7ff5607a3df8-smtp-out-n01;
    Sun, 12 Jan 2020 01:10:23 -0000 (UTC)
Received: (qmail 2459 invoked by uid 99); 12 Jan 2020 01:10:21 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=namesilo.com; s=dkim;
    t=1578791422; bh=kGyA6jDxfWDeUywbQiD5gTqYhWXFjzfzTkCRrjvx9WM=;
    h=Date:To:Subject:From:Reply-To;
    b=gqPxDuHuSaqyAEIuVUvKuEwByWe9FR4XtqdKoVy5H58Nee4/jiRw2QjoDP13oQ9Oo
    pN6cwXduXWUlPqtfDkDTuQw1bHXUwcDU626v7KwbQKBKQ16k5holQskkwt37U5ikV/
    ieRDRhYaJDZ/HW9RiubOr35kmcOtRCc4eSL38/4c=
Date: 12 Jan 2020 01:10:21 -0000
Message-Id: <20200112011021.2458.qmail@m.emailowl.com>
To: MYSONICINBOXUSER@sonic.net
Subject: Confirm Domain Transfer for MYTRANSFERRINGDOMAIN.us
X-Accept-Language: en-us, en
MIME-Version: 1.0
From: "NameSilo.com" <support@namesilo.com>
Reply-To: support@namesilo.com
X-NSID: ZmtmAmZ0ZmZmZt==q3q167sr1orn56707383n0r30s77r3pp 
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Orthrus: tar=0 grey=no co=US os=Linux/3.11 and newer/1 spf=pass dkim=pass
Would a spam score of 1.1 meet a rule not to forward, but not to fire other actions? That's my best guess...
But, I can't find this in the members panel for the master user of that account.
by dane » Mon Jan 13, 2020 11:45 am
No, it's a spam score of negative 1.1, against a score of positive 5.0 required for the system to flag it as spam.

Must be something else. How are you forwarding? Do you know the receiving site isn't rejecting it? Forwarded messages are often suspect.
Dane Jasper
Sonic
by orm » Thu Feb 20, 2020 3:17 pm
Edit: corrected incorrect IP reading, and added final header

Hi Dane!

I just wanted to follow up on this since you took the time to respond. Also thanks for pointing out the "-" in front of the spam score, I didn't see that!

So here's the chain:
1) Namesilo sends a message to the whois contact based on what Godaddy submits to the database:
a) This is an @sonic.net address
b) This address is setup to automatically forward all mail, and keep a copy in the inbox, in the member settings panel of members.sonic.net.
2) it forwards messages to a user @hotmail.com, with working pop & webmail access. (log in at outlook.com)
a) this address received ALL other communications, from this time period, specifically from Godaddy.
b) the last successfully forwarded message from Namesilo from the sonic user to the hotmail user was the week before for the annual whois contact info update solicitation. This forwarded just fine. I'm attaching the header below for comparison, the main thing I can see, aside from a non-negative spam score of 0.8 (vs -1.1 from the "unforwarded" message, thank you for pointing that out Dane).
c) I was unable to locate any sort of rejection message or notification or place to look for such a reaction BY hotmail/outlook, including Microsoft forums.

My guess is that hotmail rejected this for some reason, but failed to tell me what it was, but just in case, I wanted to help sonic get to the bottom of it, since I couldn't find any message about rejection...

Perhaps an IP somewhere in the chain for the rejected message was temporarily blacklisted in some db that Microsoft consults?

I'm not a networking expert and don't understand exactly how headers are handled for this type of forwarded message, but I can see in the final hotmail version of the successfully forwarded message there is an SPF failure because it's noting that the sonic SMTP server is not registered to Namesilo, but this didn't stop delivery, presumably because there's a way to tell a receiving server a message is forwarded.

Anyway, here's the original (received by sonic) header of the good/successfully forwarded message from Namesilo to a sonic address (it didn't have to do with transferring a domain, but the format of the bottom was nearly identical, just a bunch of text with a link or two, like all of name silos emails, barebones:

Code: Select all

Return-Path: <bh@namesilo.com>
X-Spam-Checker-Version: SpamAssassin 3.4.3 (2019-12-06) on f.spam.sonic.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DCC_CHECK,DKIM_INVALID,
    DKIM_SIGNED,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_LOW,SNF4SA,
    SPF_HELO_NONE autolearn=disabled version=3.4.3
X-Spam-SNF-Result: 0 (Standard White Rules)
X-Spam-MessageSniffer-Scan-Result: 
X-Spam-MessageSniffer-Rules: 
    0-0-0-4225-c
X-Spam-GBUdb-Analysis: 0, 157.131.224.146, Ugly c=1 p=-0.549793 Source Normal
Received: from b.mx.sonic.net (b.spam-proxy.sonic.net [157.131.224.146])
    by a.local-delivery (8.14.7/8.14.7) with ESMTP id 0048W9Zo002784
    (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
    for <MYSONICINBOXUSER@lds.sonic.net>; Sat, 4 Jan 2020 00:32:09 -0800
Received: from m2.emailowl.com (m2.emailowl.com [198.199.111.6])
    by b.mx.sonic.net (8.14.7/8.14.7) with ESMTP id 0048W7Bu141127
    (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
    for <MYSONICINBOXUSER@sonic.net>; Sat, 4 Jan 2020 00:32:09 -0800
Received: (qmail 9713 invoked by uid 99); 4 Jan 2020 08:32:07 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=namesilo.com; s=dkim;
    t=1578126727; bh=/2fZNufyPO+0EYrkPwdC++5mGSx/l5eQywInOxoZMxU=;
    h=Date:To:Subject:From:Reply-To;
    b=IfpR9hIPFy+Ch5BlGXFMKB6FdSrA3XIbLbBYM84iLVkPDKglZ9UJN/+8HlAGmvg+x
    v+QmxvfweFGc7wqexYqzjmVMjBa9maImfj3i4VROlaVtuMwqRNCMjE97zhXB17aym5
    XI1iQDEhUBtmgb7YeU1bIzkyKO6roh5ZRoOzbUyk=
Date: 4 Jan 2020 08:32:07 -0000
Message-Id: <20200104083207.9712.qmail@m.emailowl.com>
To: MYSONICINBOXUSER@sonic.net
Subject: Annual review of WHOIS information
X-Accept-Language: en-us, en
MIME-Version: 1.0
From: "NameSilo.com" <support@namesilo.com>
Reply-To: support@namesilo.com
X-NSCONTACT: ZmpmZQZjZmpmZmZ2s4276375s3p724n3srn9qq4034o03703 
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Orthrus: tar=0 grey=no co=US os=//1 spf=pass dkim=pass


And then for giggles, or if it possibly helps, the header of the that same email once it's passed into the hotmail inbox successfully:



Code: Select all

Annual review of WHOIS information
To: MYSONICINBOXUSER@sonic.net 
Reply-To: support@namesilo.com 
X-Microsoft-Antispam-Mailbox-Delivery: abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ucf:0;jmr:0;ex:0;psp:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(5062000261)(5061607266)(5061608174)(4900115)(58390011)(98390011)(8390131)(8376100)(8375121)(4920090)(6380081)(4950130)(4990090)(9140004);RF:JunkEmail;
X-Ms-Exchange-Transport-Endtoendlatency: 00:00:00.7694154
X-Forefront-Antispam-Report: EFV:NLI;
X-Ms-Exchange-Crosstenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-Nscontact: ZmpmZQZjZmpmZmZ2s4276375s3p724n3srn9qq4034o03703 
X-Ms-Exchange-Organization-Expirationstarttimereason: OriginalSubmit
X-Ms-Exchange-Organization-Authsource: BL2NAM02FT045.eop-nam02.prod.protection.outlook.com
X-Orthrus: tar=0 grey=no co=US os=//1 spf=pass dkim=pass
X-Microsoft-Antispam-Message-Info: GCGN452lWYJSpVJR6irdMyvKULB4M+WlP0btuLqxuT5tN9TLbeLxeHqH+0zRMmRlZx1FOtqtcbhG6xc/NwImA454vMSK9IddLKsCiL9wMU6Yc5wRcjah4tWZibSA1Ws5XyM1KN1riQggu9+gUP6rvvvRA4htHS0GvMLZ6uVr66K0E0P01DTWnz+vLtwl5z5sS8QPXFnUMg6FbqRpvysCLr8GS1Vqbquk2UDweuIR9zCfvuV7DpPr/3UON+ZlZB7xi8WdJuW42kjgOuBeEvVxx3DFMD+Z4fX/HxGl3A5CJklnJXSeQvAEJTFp/P8EvXlFj9le6hXdj29oAVK99Hfwlt5rQnHBPR8bOrWWQJKJbT3y8tgxppkX1phgbJjDbDXGLH+fq/KwhsNydc1amQdkDwrFovd46z12FT5Ru3bhC3MLEMReM1aQ9oeC/VOogjrOCZjecjHIpMMpBwI6iTe/HLYQeWQ+1L3n6m8tKkPp/qJ35v142Q7weqVU/89+OdTgje3ZKn9njInMyOKq23Rp36zLNQlmy8dLIFSfyDcvDvPWdmpt60y21qqtZYuxO4ZNBIXJYdj7AAjGC+dVupSn31iOSsCGfga/PVFF96NIKgsWAtXc/iQBGLxAZM/jtikMOdD8CpogxUr74KyVraqtDDMbfr5Ywdht0whH81XLhJ3ZXzNh8k36IeDAYu2aoN7MHCGhXep+By4cXyDUQJqhFgsGmo39VxCyfDhi0qPvSOy4u3nLtuyTzKuA+lvNpuKQAX2MSgYHbv3QAks2KGrzHQEOa7sNWK3KGz5zRtLk87O6CalVUSG3SUVfdYNOrCcsG1+OJdW45BNcaTV+Cms9p0CtZ0mdaEVL2ArVCFky1V0wdvgNmyR3CsaAFTp0P44YtS9s+x0hEdjV1/CgIT4K5A==
X-Ms-Exchange-Crosstenant-Originalarrivaltime: 04 Jan 2020 08:32:11.0648 (UTC)
X-Ms-Exchange-Crosstenant-Network-Message-Id: 100ddc6b-d8d0-48f1-d5c3-08d790f097f7
X-Ms-Exchange-Organization-Network-Message-Id: 100ddc6b-d8d0-48f1-d5c3-08d790f097f7
Authentication-Results: spf=fail (sender IP is 69.12.221.231) smtp.mailfrom=namesilo.com; hotmail.com; dkim=fail (signature did not verify) header.d=namesilo.com;hotmail.com; dmarc=permerror action=none header.from=namesilo.com;
X-Ms-Exchange-Processed-By-Bccfoldering: 15.20.2602.010
X-Ms-Office365-Filtering-Correlation-Id: 100ddc6b-d8d0-48f1-d5c3-08d790f097f7
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=namesilo.com; s=dkim; t=1578126727; bh=/2fZNufyPO+0EYrkPwdC++5mGSx/l5eQywInOxoZMxU=; h=Date:To:Subject:From:Reply-To; b=IfpR9hIPFy+Ch5BlGXFMKB6FdSrA3XIbLbBYM84iLVkPDKglZ9UJN/+8HlAGmvg+x v+QmxvfweFGc7wqexYqzjmVMjBa9maImfj3i4VROlaVtuMwqRNCMjE97zhXB17aym5 XI1iQDEhUBtmgb7YeU1bIzkyKO6roh5ZRoOzbUyk=
Return-Path: bh@namesilo.com
X-Sender-Ip: 69.12.221.231
Received-Spf: Fail (protection.outlook.com: domain of namesilo.com does not designate 69.12.221.231 as permitted sender) receiver=protection.outlook.com; client-ip=69.12.221.231; helo=a.spam.sonic.net;
X-Ms-Traffictypediagnostic: BL2NAM02HT043:
X-Ms-Exchange-Organization-Expirationstarttime: 04 Jan 2020 08:32:11.2367 (UTC)
X-Ms-Exchange-Organization-Expirationinterval: 1:00:00:00.0000000
X-Ms-Exchange-Crosstenant-Rms-Persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-Accept-Language: en-us, en
Content-Type: text/html; charset=utf-8
X-Eoptenantattributedmessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-Ms-Exchange-Transport-Crosstenantheadersstamped: BL2NAM02HT043
X-Ms-Exchange-Organization-Authas: Anonymous
X-Incomingheadercount: 17
X-Incomingtopheadermarker: OriginalChecksum:AAD1AADF8705A5B6D68D4636D40EFD15E2D178DFE4390F25CA9ECC82E678DE4A;UpperCasedChecksum:3527A93B074A1785E2B00CBE6E1D21ADD6CCBDEF9F516E7A4C90180895A20E5A;SizeAsReceived:1772;Count:17
X-Sid-Pra: SUPPORT@NAMESILO.COM
X-Ms-Userlastlogontime: 1/4/2020 7:24:33 AM
X-Message-Info: qoGN4b5S4yrUgeCiN4COzqyD8uHsXjYHAQgAtQkT7tRv6vUKvkElDYVNJBraCoZ/w42phHegfT1VahOmJj8Nl8nCkXliPF/Cu57+EKRURA/f/NMQzRQQiONWjb7SgJgMFV9t2x3SoHVYP0PRYiFKQO7BmyjoWj8EXtVdKEWQ/7nzxZchaDBvaDjhqehcvgYnWe/aAs1K8fL06XLTOCGT9iL8TldN/HBi
X-Originatororg: outlook.com
X-Ms-Exchange-Crosstenant-Fromentityheader: Internet
X-Ms-Exchange-Organization-Pcl: 2
X-Microsoft-Antispam: BCL:1;
Content-Transfer-Encoding: 7bit
X-Ms-Exchange-Eopdirect: true
X-Ms-Exchange-Organization-Expirationintervalreason: OriginalSubmit
Received: from BL2NAM02HT043.eop-nam02.prod.protection.outlook.com (2603:10b6:3:12b::30) by DM6PR17MB3674.namprd17.prod.outlook.com with HTTPS via DM5PR04CA0044.NAMPRD04.PROD.OUTLOOK.COM; Sat, 4 Jan 2020 08:32:11 +0000
Received: from BL2NAM02FT045.eop-nam02.prod.protection.outlook.com (10.152.76.52) by BL2NAM02HT043.eop-nam02.prod.protection.outlook.com (10.152.76.78) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2602.11; Sat, 4 Jan 2020 08:32:11 +0000
Received: from a.spam.sonic.net (69.12.221.231) by BL2NAM02FT045.mail.protection.outlook.com (10.152.77.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2602.11 via Frontend Transport; Sat, 4 Jan 2020 08:32:11 +0000
Received: from a.local-delivery (a.local-delivery.sonic.net [157.131.224.82]) by a.spam.sonic.net (8.14.4/8.14.4) with ESMTP id 0048WAD1001458 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <naturalinvention@hotmail.com>; Sat, 4 Jan 2020 00:32:10 -0800
Received: from b.mx.sonic.net (b.spam-proxy.sonic.net [157.131.224.146]) by a.local-delivery (8.14.7/8.14.7) with ESMTP id 0048W9Zo002784 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <MYSONICINBOXUSER@lds.sonic.net>; Sat, 4 Jan 2020 00:32:09 -0800
Received: from m2.emailowl.com (m2.emailowl.com [198.199.111.6]) by b.mx.sonic.net (8.14.7/8.14.7) with ESMTP id 0048W7Bu141127 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <MYSONICINBOXUSER@sonic.net>; Sat, 4 Jan 2020 00:32:09 -0800
Received: (qmail 9713 invoked by uid 99); 4 Jan 2020 08:32:07 -0000
X-Eopattributedmessage: 0
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MjtHRD0xO1NDTD02
X-Ms-Exchange-Organization-Messagedirectionality: Incoming
Message-Id: <20200104083207.9712.qmail@m.emailowl.com>
Mime-Version: 1.0
X-Ms-Publictraffictype: Email
X-Sid-Result: FAIL
by kgc » Thu Feb 20, 2020 5:38 pm
I *very* strongly recommend against forwarding mail in any case. It will result in lost mail, particularly into the black holes of the large mail service providers. It's much better to configure these services to retrieve mail from another service provider using IMAP or POP3.
Kelsey Cummings
System Architect, Sonic.net, Inc.
4 posts Page 1 of 1

Who is online

In total there are 35 users online :: 1 registered, 0 hidden and 34 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Google [Bot] and 34 guests