Send Actual SMTP

It’s rare I find mail that violates the SMTP spec (rfc5321 and rfc5322). I’ve even considered removing “send mail from a correctly configured mail server” from my standard Best Practices litany.

But today I got mail asking me to respond to a survey.

This whole email is a mess of problems, and it’s claiming to be from the California Secretary of State.  It’s also discussing the June Primary, which isn’t the election we just had. The from address doesn’t reassure me, they’re claiming to be: VotersChoice.SoS.Ca.Gov@mailservices6.com. The mail is being sent to the address I gave California when I registered as an overseas voter, but those lists are public.

In the course of trying to decide if this was real or was just some way to steal private information, I discovered this particular mail server isn’t actually sending real SMTP.

X-Amavis-Alert: BAD HEADER SECTION, Non-encoded non-ASCII data (and not UTF-8) (char 9C hex): Received: \x{9C}by v1.mailservi

Now, quite honestly, I suspect this is actually legitimate mail. A few google searches and I discover mailservices6.com belongs to California Survey Research Services, Inc. They manage data collection for a lot of different government agencies. Looking at information around them this is exactly the kind of vendor that I expect a government agency to use.

I have to wonder, though, how well their email surveys actually perform. They’re not sending actual SMTP. The non-ASCII character is in their own internal handoff to a server running an obsolete version of Sendmail. While our mail server is somewhat forgiving of non-SMTP mail not all mail servers are. Even if that isn’t enough to tank their delivery, there are multiple similar but not identical domain names in the body of the message. The link to ‘research.net’ doesn’t actually go to research.net, it points to yet another random domain name. Put all this together with the unsolicited nature of the email I’d be amazed if any of their mail was reaching the inbox at the consumer ISPs.

Looks like I’ll be keeping the “and make sure you send SMTP” in the list of recommendations, because there are still groups out there who are not sending valid SMTP. If my mail is to be believed, some of them are being paid by the state of California to do so.

Related Posts

Internet security is national security?

This popped up on my FB feed yesterday.
2016-08-04_16-27-53
What say you? Do we need to create a major effort to improve online security? What challenges do you see to making it work?
Edit: After I published this, I found an article stating that 3.7 million people had their personal health information compromised in a recent attack.

Read More

The history of email

My first access to “the internet” was through a dialup modem on a VAX at the FDA. I was a summer intern there through my college career and then worked full time after graduation and before grad school. My email address ended in .bitnet. I could mail some places but not others. One of the places I couldn’t send mail was to my friends back on campus.
A few of those friends were computer science majors, so one weekend they tried to help me troubleshoot things. . There were text files that they ended up searching through looking up how to send mail from .bitnet to .edu. But it was all a baffling experience. Why couldn’t it just work? I had email, they had email, why could we not talk?
I never did figure out how to send email to campus from .bitnet.
Eventually, the FDA moved from BITNET to the internet and I had a .gov address. I could send mail around just by getting the recipients’s address. But the mystery of why I could mail some .edus and not others still lingers. I wonder what our setup was that we couldn’t send mail. I’ll probably never know. I don’t even have enough details to explain the problem to someone who would know. I suspect the answer will be “bang paths” or “host.txt” files, but I really don’t know.

Read More

Email addiction survey

The great folks over at Zettasphere and Emailmonday have released their Email Addiction Survey. Nothing surprising in the data that I can see, although I suspect one particular data point is going to surprise folks.

Read More