apa67
join:2001-06-28
Washington, DC
| New Verizon e-mail policy...yuck
Dear Verizon Online Customer:
Our records indicate that you are sending e-mail from a domain that
is something other than:
@banet.net
@bellatlantic.net
@verizon.net
@gte.net
As such, we want to alert you to a change in our e-mail systems that
will affect your ability to send mail from your current domain.
Effective July 12, 2001, Verizon Online is implementing "domain
verification". As a result of this change, you will not be able to
send e-mail from that domain after July 12, 2001.
We recommend that you immediately check your e-mail settings and
change your domain back to one of the three supported domains before
July 12, 2001. For information on how to check and change you're
e-mail domain, visit our Online Help.
»https://support.bellatlantic.net/members···?EMAILQ1
We apologize for the inconvenience, however, this change will allow
us to limit the number of domains that can access our e-mail servers
to aid in the reduction of SPAM.
If you require further assistance, you may visit Online Help at
»https://support.bellatlantic.net/members···?EMAILQ1.
We value your business and appreciate your assistance.
Sincerely,
Verizon Online
_______________________________________________________
Bottom line, if you use them for carriage, and use an aliased email, you are hosed. As a two+ year VZ DSL customer, this sucks. I will be changing before the 12th. Any recommendations for the DC area? |
|
seaquake
Premium,MVM
join:2001-03-23
Millersville, MD
clubs:  
 ·Verizon FIOS
| This helps them keep people from routing spam and other non-paid for services through their mail server. It does hurt some of the paying customers, but hey, "they don't support non-Verizon stuff", remember.
I'm about 35 miles from DC and use Comcast@home. Very happy with them. I believe Cox@home would be a local provide for you. Someone will pipe-up and say something about them. If not, check out the @home forum and you'll get some feedback there.
--
Do Morticians get an employee discount? |
|
tschmidt
Premium,MVM
join:2000-11-12
Milford, NH
 ·Hollis Hosting
 ·Verizon Online DSL
·Fairpoint Communic..
| reply to apa67
What does sending domain mean? Does this mean you have to be connected to their network to access outgoing mail servers? That is a pretty common anti spam provision.
Or are they referring to mail return address info? If that is the case how do they intend to support customers with multiple mail accounts? Given the horror stories about Verizon mail I had pretty much decided not to use it at all except for outgoing SMTP.
I've have not signed up with Verizon. If they are requiring case two this is a show stopper for me. The support page is password protected so I could not get any addition info. |
|
rchandra
Stargate S G-1 And Atlantis Fan
Premium
join:2000-11-09
14225-2105
clubs:
| reply to apa67
Presumably this affects you only if you relay all your email through Verizon's servers. Just deliver it yourself, and hope that all your recipients never find your address on any of the spam reduction sites (e.g. dialups.mail-abuse.org). I've never seen it myself, but I've heard about some DSL address ranges showing up on that or other lists, even though they're not really dialling up.
To deliver mail autonomously, Sendmail users should remove anything on the same line after DS in their cf file, and optionally restart their daemon (may be necessary if you are configured for one of the deferred modes). To be honest, I've never looked at sendmail.m4; there's probably a FEATURE or something that can be removed there, then you rebuild your cf.
[text was edited by author 2001-06-28 13:30:51] |
|
rchandra
Stargate S G-1 And Atlantis Fan
Premium
join:2000-11-09
14225-2105
clubs:
| reply to tschmidt
Unless I'm mistaken, they will be configuring their servers so that
•your source IP address must be in their network (or maybe not, but likely)
•your MAIL FROM: line during your [E]SMTP session must have one of the listed strings in it (of course in the right place with the right syntax for the rest of the line)
|
|
tschmidt
Premium,MVM
join:2000-11-12
Milford, NH
·Hollis Hosting
·Verizon Online DSL
·Fairpoint Communic..
| rchandra, thanks. Item 1 is pretty common anti spam measure.
Item 2 is stupid and extremely onerous. So Verizon is preventing customers from using non Verizon mail accounts. For example; I log into my corporate mail account from home. I can deal with outgoing mail relay problem but it sounds like Verizon will only allow me to send mail with a Verizon FROM: address. So if I respond from home Verizon will refuse it at the SMTP gateway because it does not originate from a Verizon domain. If I change the FROM field to a Verizon account it is delivered by the SMTP gateway. If the recipient responds to that message it is now delivered to my Verizon mail account, that is intolerable.
Do you know if Verizon blocks access to foreign SMTP mail gateways? I ran into that when I used MCI for dialup. You had to use their gateway because they blocked access to all external SMTP mail servers. If they block access I assume it is by port number so I could try and get my mail provider to accept SMTP mail on a different port, hopefully that would get by the outgoing restriction.
What a pain. I just want them to deliver the bits. They are incapable of doing anything else, and I'm willing to work with other suppliers as needed. |
|
Anon | reply to apa67
This totally blows! Why can't they just do like everyone else and make it so it'll only deliver mail if your IP is coming from Verizon? In other words, the same as they're making it except don't disallow other domain names in the from line.
I have my own domain which I send/recieve mail from and now I won't be able to send mail from it because I don't have an SMTP server running on my domain.
Verizon Online usernames are so rediculious in the first place. I don't want to have to use the stupid name they gave me. |
|
Anon
|  reply to apa67
What this new policy means is that if your out-going mail does not have a verizon email address in the return address - verizon won't send the mail.
Imagine if the post office wouldn't take mail from a business traveler because the return address was not located in their serving area.
What ever Verizon 3rd line manager got promoted over this bright idea is an idiot. (When I called Verizon today - I referred to him as a Moron.)
I have e-mail addresses that I have used for more than 12 years and aliases that route the mail to the #%$^$% Verizon account. According to this new policy I cannot use any of them after July 12, 2001 as my return address.
If they implement that policy they just lost a customer.
Don Cox,
Princeton, NJ |
|
Anon | reply to tschmidt
I'm in the same boat.
I have my own hosted domain. I don't use Verizon mail "services". They consider what I am doing as relaying, but according to their spam policy I am allowed to use a third party server if I have permission.
"Moreover, any email relayed from a third party's mail servers without the permission of that third party, or any email that hides or obscures, or attempts to hide or obscure, the source of an email also constitutes an unauthorized use of the Verizon Online network."
Am I reading this correctly? |
|
tschmidt
Premium,MVM
join:2000-11-12
Milford, NH
·Hollis Hosting
·Verizon Online DSL
·Fairpoint Communic..
| So at least they are not blocking access to third party SMTP server. That is good news.
How are you authenticated? When I had Vitts SDSL I had a static IP so my domain hosting service accepted mail from that address. Verizon is dynamic so that hack will not work. I've spoken to them about requiring authentication for outoing mail but they have not do that yet.
I'm beginning to hate Verizon already and I don't even have service from them yet. |
|
rchandra
Stargate S G-1 And Atlantis Fan
Premium
join:2000-11-09
14225-2105
clubs:
| reply to tschmidt
You may think it's dumb, but it's a simple premise: if it didn't either come from here or is going to here, there is no reason I should be delivering mail on your behalf, at least not in this spam-filled world. It's merely how they wish to determine the "from here" part that we think sucks. It's their stance that if you mean to be someone else, you should be using that entity's servers, network, etc. anyway. It also makes it (trivially) easier to track spam because of what the Received: header(s) will say.
All is not lost though. This can possibly be only cosmetic. You should keep in mind that the envelope address (that which is done during the MAIL FROM: ) can be different from the message headers (From:, Reply-To:, Sender:, maybe others). Most MUAs (at least those with which I'm familiar) rarely pay any attention to the envelope address and always work with the address(es) in the headers (display, reply, etc.) unless explicitly told otherwise (toggling header weeding/hiding in Mutt for example).
The only problem I've ever had delivering [E]SMTP mail autonomously with any provider (including VIS) was when I was dialling into a Sprintlink POP that was being leased by Verio. The addresses handed out there are in dialups.mail-abuse.org, so some [E]SMTP servers denied my traffic. (That, and I couldn't relay through Verio's own relay(s) before they in essence told me I'd have to run my fetchmail as a daemon so it would periodically authenticate via IMAP, thus implementing the SMTP after (POP or whatever) hack.) No tcp/25 redirection or filtering has taken place to my knowledge (don't you just love forced Web proxies? and how they mess up some Web servers' operation?). |
|
rchandra
Stargate S G-1 And Atlantis Fan
Premium
join:2000-11-09
14225-2105
clubs:
| reply to tschmidt
Some [E]SMTP servers have a hack in them in which the same server or cluster of servers is also the POP3 and/or IMAP server (or has some other coordination), and for some small, probably configurable, time (5-15 min. is typical), the IP address from which that fetching or checking mail request came is eligible to make a successful [E]SMTP connection. If you've never done so, or it's been too long since your last check/fetch, you're denied. |
|
Anon | reply to Anon
Same here. If my "from" field has to be Verizon, I'm gone! Who do you even call to complain about this? The first string tech support people have never even heard of Eudora. |
|
tschmidt
Premium,MVM
join:2000-11-12
Milford, NH
·Hollis Hosting
·Verizon Online DSL
·Fairpoint Communic..
| reply to rchandra
said by rchandra:
You may think it's dumb, but it's a simple premise: if it didn't either come from here or is going to here, there is no reason I should be delivering mail on your behalf, at least not in this spam-filled world. It's merely how they wish to determine the "from here" part that we think sucks. It's their stance that if you mean to be someone else, you should be using that entity's servers, network, etc. anyway. It also makes it (trivially) easier to track spam because of what the Received: header(s) will say.
rchandra, I agree with you. I have no problem with Verizon authenticating where mail originates from. In fact I encourage them to do so as a way to reduce spam. What I don't understand is why they are doing it the way they are.
Typical ISP solution to this problem
-------------------------------------
Most ISP require that you are coming from one of their IP address to relay mail. That is in common use and is pretty effective. It is a nuisance if you connect different ways, say with a laptop but there are workarounds for that.
Verizon solution (I hesitate to call it that)
---------------------------------------------------
Require users to enter Verizon specific information in all mail messages. So if I want to use Verizon for bulk email I simply enter the correct domain name, don't even need a valid account (I think). I fail to see how this helps with the spam problem while causing huge problems for those of us with more then one mail account.
The problem with mail relaying is that SMTP authentication is still not commonly deployed. Verizon's unilateral move against spam leaves some up us up the creek without a paddle. |
|
tschmidt
Premium,MVM
join:2000-11-12
Milford, NH
·Hollis Hosting
·Verizon Online DSL
·Fairpoint Communic..
| reply to rchandra
said by rchandra:
Some [E]SMTP servers have a hack in them in which the same server or cluster of servers is also the POP3 and/or IMAP server (or has some other coordination), and for some small, probably configurable, time (5-15 min. is typical), the IP address from which that fetching or checking mail request came is eligible to make a successful [E]SMTP connection. If you've never done so, or it's been too long since your last check/fetch, you're denied.
rchandra, I've used that method to access my hosted mail account. What we ran into is that occasionally it would refuse to work. Neither I or the hosting service were ever able to diagnose the root cause. It would work well for days/weeks at a time, then fail for no apparent reason and refuse to work for a day or so. That is why we opted for the static IP configuration.
IMO the best long term solution is to require authentication to the relay server just like the POP server. Widespread use of authentication ought cut down forged spam and solve a lot of these forwarding issues. |
|
rchandra
Stargate S G-1 And Atlantis Fan
Premium
join:2000-11-09
14225-2105
clubs:
| reply to Anon
The USPS and similar are fundamentally different. It is the sender who bears the primary cost of mail transport. Comparatively, email recipients bear the majority of transport costs. I wanted to run a SIG/club in this area, but relatively few of my target audience had email. That means either spending a LOT on USPS postage, spending a LOT of time phoning people, or restricting primary communication for this SIG to my arguably cheapest alternative, email. I can't agree to that post office analogy. You'd likely have even less junk mail than you do already if there weren't special bulk rates, if those mail advertisers had to pay the same onesy-twosey per-piece rate that you and I have to pay.
As for your email routing, that's not really Verizon's problem. They've cautioned in their ToS about not properly identifying yourself in email (or other media such as Net News; basically "forging headers"). Heck, I'm even a little nervous running my nearly autonomous server and identifying myself as joe - a - t - philippsfamily.org (sorry, a little anti-automated spam measure there), as this is not my Verizon logname. Yet it's 100% legitimate, and all I really need is the IP pipe. At any time, they could follow the trail through DNS to lead them right to my computer, which they would discover is in their netblock.
There are various services I've heard about around the Internet that will act as a mail server for you (some of them free, some of them for varying fees, usually under the name of "backup MX"). Whether they are willing to accept your outbound email, I'm not sure, but it's worth a shot.
It's unfortunate that it has come to this sort of thing with email servers, but I guess this means you won't be a Verizon customer for too much longer. |
|
kjv
join:2001-05-07
Buffalo, NY
| reply to apa67
I can understand the misguided notion that the engineers at Verizon have. Yes, it's not good for those with multiple e-mail addresses, but I do find that I get NO SPAM on my Verizon account.
So, the logical alternative is to have someone else do mail relaying for you instead of Verizon. For those with just Windows you're going to have to make sure that the SMTP server you use will relay for you. Which is usually done by looking at the reverse DNS (IP to hostname lookup). Since you are obviously a dynamic IP address this will cause problems.
--begin clarification--
VPN is a Virtual Private Network. It's a way of establishing a PPP connection over the internet. It can also encrypt and/or compress the packets traveling over it. There are several methods of establishing a VPN. PPTP (PPP over TCP/IP - most common), L2TP, and straight IP_GRE and IP/IP encapsulation. The terms VPN (used by windows wannabe's) or TUNNEL (used by seasoned network engineers) are references to these methods.
--end clarification-
If your relay supports VPN connections you may be in luck!The SMTP server at the other end of the VPN connection can be configured to relay for you and other VPN connections. All you have to do is tell your e-mail client (presumably Outlook) that you access e-mail through the VPN connection.
For those of us with slightly more robust connections with NT (cringe) or Linux (cheer!) you can set up your own SMTP server for local relay (meaning only hosts in the LAN), and it can pass the message on to the "Smart" SMTP relay host through a TUNNELed connection. Which of course eliminates the need to tell your e-mail client anything about a VPN connection. You just tell your e-mail client to use the SMTP server on the front end box.
Now, before the newbie network admins say to just make the SMTP server on the front end deliver directly I have this to say. Some (not all, but MOST large organizations) configure their SMTP server so that even on local deliveries the reverse DNS must match what the SMTP server identified itself as in order to deliver the e-mail.
Some SMTP servers out there also require that not only the reverse DNS match what the SMTP server identified itself as, but that a DNS MX record must also exist. AND!!! Some even go so far as to require that the MX record be the same.
Doubt me? Go and get a hotmail account and configure your front end system to deliver directly. Then TRY to send e-mail to that account... NOT!!! bounce bounce bounce... Oh yeah... Those trying to deliver to users @ aol may not even get a bounce notice... AOL is kind of funny that way. So easy to use, no wonder it's blunder 1. |
|
rchandra
Stargate S G-1 And Atlantis Fan
Premium
join:2000-11-09
14225-2105
clubs:
| reply to tschmidt
I'm not sure that solves anything. The number of necessary authentication queries in the current mail paradigm is stunning. What I'm talking about is that in order for my Sendmail to send to e.g. Verio's Exim, I would need to authenticate myself somehow to prove that I am who I claim to be. How can Verio's server verify I am who I say I am? I either need a prior arrangement with them where I can present credentials, or they have to have some secure way of querying some other entity to prove my identity. Unless we start the Draconian practice of port redirection in the network path (where VIS routers in my case rewrite all IP traffic headers from me destined for tcp/25 to have a VIS ESMTP relay as its new destination IP address, regardless of the original destination IP address), we won't easily solve the problem. It's certainly technically possible for the VIS ESMTP server to tie directly into the (presumably) RADIUS server controlling my AC so that my PPPoE PAP identifies me as the one sending the mail. (I provide PAP credentials during PPPoE session startup; later the SMTP server simply asks, for a given IP address, who has last been handed that address by the RADIUS server.)
I suppose if I were really serious about not receiving spam, I could be equally Draconian and refuse to accept or just discard email that didn't have a valid digital signature from a known entity (no trusted public key).
The POP/IMAP login, then ESMTP, paradigm usually works well for identifying/authenticating the mail sender; I'm sorry to hear that you had an extended problem, and that your email peer wasn't adept enough to diagnose what the problem was. I would have thought it would have been a simple matter of watching the appropriate server logs to see what happens when. |
|
Anon | reply to rchandra
Your right the USPS is not an exact fit, but it never can be for e-mail for whole lot of different reasons. But, if verizon wants to monitor SPAM they can, but I send out at most 10 emails a day - some work related, some professional and some personal. I use different email accounts for each - what verizon is proposing is a form of content filtering indicating that I cannot use those other accounts to identify me any more. I should be able to choose where my email goes and my right to send email on a system that I pay for should not be conditioned on whether I use verizon to receive my e-mail.
When I work from home there is no way that I could send work email with anything, but my company's return address. Verizon - now says that's not allowed.
What is frustrating is that Verizon's own web site proposes using your office SMTP server for sending Verizon mail from say the office - they are now denying reciprocity for other systems from their server for a service they suggest you use when not online using Verizon. That's not right.
I have a compuserve account that I have had since 1989. Folks I havn't talked to in years know to contact me there. If I cannot use that e-mail in my return address for old contacts then its like cutting me off from e-mail.
SPAM is a problem, but this form of filitering is too draconian - there are other less obtrusive solutions. Unless I hear otherwise, I think I am going to switch to DirectTV's service as they seem to have the best value for my area.
|
|
MexiCubAZ
join:2000-06-09
Phoenix, AZ
clubs:
| reply to apa67
multi POP3 accounts??
I have about 3 different POP3 accounts.. Verizon and OOL being two of them.
So when I am at the office using Verizon. and wish to send out email from my OOL account.. they will reject it and not allow them to go out.
Also, I like to use a custom domain name for my emails.
Oh well, I guess the days of using Verizon's connection to send out email from my other accounts are coming to an end.
--
Join the DSL Reports SETI@Home Team!
My Suggest Linksys Router Setup |
|
