SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    More email troubles. I believe comcast is at fault this time.
Page 1 2 
Go
New
Find
Notify
Tools
Reply
  
More email troubles. I believe comcast is at fault this time. Login/Join 
W07VH5
Picture of mark123
posted
When I'm connected to the home network (Comcast) my email address quit working a couple days ago. Sometimes I can get incoming but outgoing never leaves the Outbox. If I switch to my phone with WiFi off, it sends fine.

I did some digging and found that Comcast IPs are blacklisted, get this, BY COMCAST unless you run outgoing email through their SMTP.

https://www.spamhaus.org/pbl/query/PBL1523198

That wouldn't be so much of an issue except when I send an email from my domain name through comcast it's automatically flagged as spam since my domain name doesn't match the comcast SMTP.

quote:
Be careful with this message.
Gmail could not verify that it actually came from mydomain.com. Avoid clicking links, downloading attachments, or replying with personal information.


Any suggestions for a next step?
 
Posts: 45679 | Location: Pennsyltucky | Registered: December 05, 2001Reply With QuoteReport This Post
Shall Not Be Infringed
Picture of nhracecraft
posted Hide Post
The message is from Gmail, NOT Comcast, so I assume you're using Gmail here. Are you logged into Gmail using a browser, or the Gmail app. Is this potentially a Gmail 'setting' that's configurable?


____________________________________________________________

If Some is Good, and More is Better.....then Too Much, is Just Enough !!
Trump 2024....Make America Great Again!
"May Almighty God bless the United States of America" - parabellum 7/26/20
Live Free or Die!
 
Posts: 9660 | Location: New Hampshire | Registered: October 29, 2011Reply With QuoteReport This Post
Member
Picture of steve495
posted Hide Post
Could this be solved setting up the SPF record of the domain name to include/validate email sent through Comcast?

My guess is not, unless you have a full-blown business account with them. They want outgoing email from your local client to go through and validate via their SMTP to reduce the chances their email servers get blocked by SpamAssassin and others.

quote:
The message is from Gmail, NOT Comcast, so I assume you're using Gmail here. Are you logged into Gmail using a browser, or the Gmail app. Is this potentially a Gmail 'setting' that's configurable?


That message is what the receiver is seeing when the mail comes into their Gmail/G Suite (or whatever they just renamed it to).


Steve


Small Business Website Design & Maintenance - https://spidercreations.net | OpSpec Training - https://opspectraining.com | Grayguns - https://grayguns.com

Evil exists. You can not negotiate with, bribe or placate evil. You're not going to be able to have it sit down with Dr. Phil for an anger management session either.
 
Posts: 5037 | Location: Windsor Locks, Conn. | Registered: July 18, 2006Reply With QuoteReport This Post
W07VH5
Picture of mark123
posted Hide Post
quote:
Originally posted by nhracecraft:
The message is from Gmail, NOT Comcast, so I assume you're using Gmail here. Are you logged into Gmail using a browser, or the Gmail app. Is this potentially a Gmail 'setting' that's configurable?


That's the message when I use Comcast's SMTP. It's automatically moved to the spam filter. Ignore the Gmail part. The issue is Comcast according to the link in the OP.
 
Posts: 45679 | Location: Pennsyltucky | Registered: December 05, 2001Reply With QuoteReport This Post
W07VH5
Picture of mark123
posted Hide Post
quote:
Originally posted by steve495:
Could this be solved setting up the SPF record of the domain name to include/validate email sent through Comcast?

My guess is not, unless you have a full-blown business account with them. They want outgoing email from your local client to go through and validate via their SMTP to reduce the chances their email servers get blocked by SpamAssassin and others.
That's what I was hoping for. Alas and alack, it's a no go.

I wonder if I can just add Comcast smtp to my DNS record like I do with Gmail smtp for my business email.
 
Posts: 45679 | Location: Pennsyltucky | Registered: December 05, 2001Reply With QuoteReport This Post
Conveniently located directly
above the center of the Earth
Picture of signewt
posted Hide Post
some kind of comcast/xfinity corp changes and email issues here in PNW as well. Conflicting stories from what corp. email we get recently vs what the (ineffective) phone tech tells us.

I've become woozie enough about the veritable hours we spend trying to accommodate various 'improvements' that eventually barely show return to previous service level, that I'm ready to doze all my small clutch of electronic toys into a pile & tune up my old splitting maul.


**************~~~~~~~~~~
"I've been on this rock too long to bother with these liars any more."
~SIGforum advisor~
"When the pain of staying the same outweighs the pain of change, then change will come."~~sigmonkey

 
Posts: 9880 | Location: sunny Orygun | Registered: September 27, 2009Reply With QuoteReport This Post
W07VH5
Picture of mark123
posted Hide Post
quote:
Originally posted by signewt:
some kind of comcast/xfinity corp changes and email issues here in PNW as well. Conflicting stories from what corp. email we get recently vs what the (ineffective) phone tech tells us.

I've become woozie enough about the veritable hours we spend trying to accommodate various 'improvements' that eventually barely show return to previous service level, that I'm ready to doze all my small clutch of electronic toys into a pile & tune up my old splitting maul.
I feel ya, friend. I do.
 
Posts: 45679 | Location: Pennsyltucky | Registered: December 05, 2001Reply With QuoteReport This Post
Optimistic Cynic
Picture of architect
posted Hide Post
Many ISPs block outgoing SMTP to servers other than those they provide, it is not "blacklisting," but TCP port blocking AKA "traffic management" usually configured on a router/firewall not on the mail server itself. I think this is actually considered "best practice" in the ISP community as an anti-spam measure. Sometimes this can be circumvented by using port 465 or port 587 if the SMTP server to which you are sending will accept mail submissions on these ports. This, effectively, means you have to run your own off-site mail server, e.g. on AWS, and send all your mail through it rather than to arbitrary destination servers.

Some ISPs, I don't know if Comcast is one of them, will lift port blocking on a subscriber-by-subscriber basis, but you will probably have to convince them that you do not intend to send out UCE or other mass mailings. It may well be that the external IP address assigned to your Comcast premises router is in a blacklisted netblock as many people originate spam, and thus get into a blocklist. There are sites on the 'net that will show you if your IP is blacklisted.

Unless you are concerned about the Comcast servers intercepting or diverting your messages, there is probably no harm in submitting through their servers. If you do have privacy concerns, you should probably be using end-to-end encryption such as S/MIME or Enigmail anyway on all your messages.

This is also a situation in which a commercial VPN can help as this conceals the origin of your message submission from your ISP. Setting up a private VPN, e.g. to an AWS host, is probably even better as it allows you to manage your SMTP server reputation (commercial VPN provided IP addresses can be blocklisted too).
 
Posts: 6945 | Location: NoVA | Registered: July 22, 2009Reply With QuoteReport This Post
Shall Not Be Infringed
Picture of nhracecraft
posted Hide Post
^^^Impressive post right there! Network Architect? Wink


____________________________________________________________

If Some is Good, and More is Better.....then Too Much, is Just Enough !!
Trump 2024....Make America Great Again!
"May Almighty God bless the United States of America" - parabellum 7/26/20
Live Free or Die!
 
Posts: 9660 | Location: New Hampshire | Registered: October 29, 2011Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
Something is wrong or missing with this story.

When you send email normally, are you sending it via Gmail, using your own domain? Using an email client (I'm guessing Outlook), connecting to smtp.gmail.com?

Comcast's IPs being blocked by Comcast, or anybody else, would normally be blocking SMTP <-> SMTP communications (on port 25) from non-Comcast known email server IP addresses. You shouldn't be using SMTP to communicate with Gmail or anybody else. You should be using "submission," on port 587. (And you should be using STARTTLS [encryption].)

Re: The "Be careful with this message." That is indeed Gmail adding that, for the reason you stated. It probably is SPF detecting that the origination server is not authorized to send email on behalf of your domain.

quote:
Originally posted by architect:
Many ISPs block outgoing SMTP to servers other than those they provide, ...

Some ISPs, I don't know if Comcast is one of them, will lift port blocking on a subscriber-by-subscriber basis, ...

Indeed some do and most will not lift it for residential accounts using dynamic IP address assignment. They don't want "economy" customers running email servers, which is what SMTP is supposed to be for.

Yes, yes: Back in the good ol' days email clients could get away with using SMTP (port 25), unauthenticated, for sending email. Due to email abuse and compromised PCs, those days are pretty much over.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26032 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
W07VH5
Picture of mark123
posted Hide Post
quote:
Originally posted by ensigmatic:
Something is wrong or missing with this story.

When you send email normally, are you sending it via Gmail, using your own domain? Using an email client (I'm guessing Outlook), connecting to smtp.gmail.com?
my domain. Not outlook. Thunderbird or iOS Mail.app
 
Posts: 45679 | Location: Pennsyltucky | Registered: December 05, 2001Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by mark123:
my domain. Not outlook. Thunderbird or iOS Mail.app

Ok, what port are you using? In Thunderbird you want to be using STARTTLS on port 587, normal password. On iOS <looks...> (jebus, Apple makes this a PITA...) Use SSL, Server Port 587, and "Password" authentication.

I have my home email client (we're on a Comcast Business High-Speed Internet connection) connected to:

  • My own email server running at home on the Comcast connection (so that would be a LAN-local connection)
  • My Apple mail account
  • Gmail
  • Two (2) privately-run email servers in a server farm

The only account that ever gives me trouble is Gmail, because they randomly decide connecting to their mail servers with an "unknown" app is a security risk, so I have to log in with a browser and say "Yes, allow this. Again."

For that reason, and the reason that I'm slowly weaning myself off everything Google, I do not have my Gmail account configured into my iPhone or iPad. But Apple mail and the three private servers are. I never have any trouble with any of them from anywhere.

I use the submission port (587) with STARTTLS for sending on all of them, and IMAPS (993) for receiving email.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26032 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
quarter MOA visionary
Picture of smschulz
posted Hide Post
Like what was mentioned above ~ it could be a port issue or a general SMTP policy.
The policy as also mentioned above can be fixed with a conversation with the ISP.
Whenever I setup an email server for a client I generally always have to inform the ISP and have them lift the SMTP block.
This is generally automatic when they purchase a static IP from the ISP but not always.
I would talk to your ISP on the matter to get resolved and unfortunately you will have to wade through the initial low-level techs that know nothing to get to a level that can help you. Frown

Note: what I mentioned was primarily for on premise email servers.
I was assuming this is the case.
If not and the server is located elsewhere then this does not apply.
If the email is hosted elsewhere then also what has been mentioned previously applies to their server setup and policies.
They need to the conventional policies ~ SPF, etc as to get everyone to accept their emails.

You still may need to talk to your ISP or the email service provider to resolve.
 
Posts: 23418 | Location: Houston, TX | Registered: June 11, 2006Reply With QuoteReport This Post
W07VH5
Picture of mark123
posted Hide Post
quote:
Originally posted by ensigmatic:
quote:
Originally posted by mark123:
my domain. Not outlook. Thunderbird or iOS Mail.app

Ok, what port are you using? In Thunderbird you want to be using STARTTLS on port 587, normal password. On iOS Use SSL, Server Port 587, and "Password" authentication. ...
yep, that's how it's set. It's not on my end.

quote:
Outbound Email Policy of Comcast for this IP range:

Email sent by Comcast subscribers using a mail program such as Outlook Express are required to send the email through Comcast. To insure your mail program is properly configured, please visit http://www.comcast.net/help/fa....jsp?faq=Email117481. If you are a Comcast Commercial Services customer and need support, please contact support_biz@cable.comcast.com


Removal Procedure

Removal of IP addresses within this range from the PBL is not allowed by the netblock owner's policy. I read that to mean that it's Comcast'a policy to blacklist these IPs for outbound email.


About The PBL

The Spamhaus Policy Block List ("PBL") is an international anti-spam system maintained by The Spamhaus Project in conjunction with Internet Service Providers and is used by Internet networks to enforce inbound email policies. The PBL database lists end-user IP address ranges which should not be delivering unauthenticated email to any mail server except those provided for specifically for that customer's use. The PBL lists only IP addresses (not domains or email addresses).


I asked in the past about running an email server from home. The consensus was that it's not worth the hassle. I'm thinking it just may be.
 
Posts: 45679 | Location: Pennsyltucky | Registered: December 05, 2001Reply With QuoteReport This Post
quarter MOA visionary
Picture of smschulz
posted Hide Post
quote:
Originally posted by mark123:

I asked in the past about running an email server from home.
The consensus was that it's not worth the hassle.
I'm thinking it just may be.


Like ensigmatic I run my own email server ~ MS Exchange since around the year 2000.

Once set up correctly (MS or another) it runs flawlessly.
You do have to make sure all of the I are dotted and t's crossed otherwise you can have issues.
MS has tools to make sure it will have no issues, I imagine other types do too.
AGAIN you have to get a static IP and get your ISP to let the traffic though.
Once done you are fine.
 
Posts: 23418 | Location: Houston, TX | Registered: June 11, 2006Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by mark123:
quote:
Originally posted by ensigmatic:
quote:
Originally posted by mark123:
my domain. Not outlook. Thunderbird or iOS Mail.app

Ok, what port are you using? In Thunderbird you want to be using STARTTLS on port 587, normal password. On iOS Use SSL, Server Port 587, and "Password" authentication. ...
yep, that's how it's set. It's not on my end.

You're saying Comcast is blocking port 587? That's just plain broken. You need to contact Comcast (if you're a residential customer you have my sympathies--I'd rather slit my wrists). When 1st line customer "support" blows you off (after telling you to reset your modem): Escalate. And keep escalating.

You might also try the Comcast forum at broadbandreports.com. There's a Comcast support forum there with participants from Comcast, itself, that has been very successful at Getting Things Done.

quote:
Originally posted by mark123:
quote:
Outbound Email Policy of Comcast for this IP range:

Email sent by Comcast subscribers using a mail program such as Outlook Express are required to send the email through Comcast.

I've never heard of such a policy being applied by any ISP to using the submission port. That has always been applied to only the SMTP port (25).

quote:
Originally posted by mark123:
I asked in the past about running an email server from home. The consensus was that it's not worth the hassle. I'm thinking it just may be.

The hassle aside: I can guarantee you that you will not be able to run an SMTP server on a Comcast residential account. That is precisely the thing the policy you note above is meant to prohibit.

Come to think of it... I have my next-door-neighbor's WiFi access and he's on a Comcast residential account. Later on I'll wander over there, connect to it, and see if all my email works. (Won't be testing Gmail, though, for the reason already mentioned.)



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26032 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Member
posted Hide Post
quote:
Originally posted by smschulz:
quote:
Originally posted by mark123:

I asked in the past about running an email server from home.
The consensus was that it's not worth the hassle.
I'm thinking it just may be.


Like ensigmatic I run my own email server ~ MS Exchange since around the year 2000.

Once set up correctly (MS or another) it runs flawlessly.
You do have to make sure all of the I are dotted and t's crossed otherwise you can have issues.
MS has tools to make sure it will have no issues, I imagine other types do too.
AGAIN you have to get a static IP and get your ISP to let the traffic though.
Once done you are fine.


with your own email server, are there any email issues while traveling?
 
Posts: 2245 | Registered: October 17, 2013Reply With QuoteReport This Post
W07VH5
Picture of mark123
posted Hide Post
quote:
Originally posted by ensigmatic:
quote:
Originally posted by mark123:
quote:
Originally posted by ensigmatic:
quote:
Originally posted by mark123:
my domain. Not outlook. Thunderbird or iOS Mail.app

Ok, what port are you using? In Thunderbird you want to be using STARTTLS on port 587, normal password. On iOS Use SSL, Server Port 587, and "Password" authentication. ...
yep, that's how it's set. It's not on my end.

You're saying Comcast is blocking port 587? That's just plain broken. You need to contact Comcast (if you're a residential customer you have my sympathies--I'd rather slit my wrists). When 1st line customer "support" blows you off (after telling you to reset your modem): Escalate. And keep escalating.

You might also try the Comcast forum at broadbandreports.com. There's a Comcast support forum there with participants from Comcast, itself, that has been very successful at Getting Things Done.

quote:
Originally posted by mark123:
quote:
Outbound Email Policy of Comcast for this IP range:

Email sent by Comcast subscribers using a mail program such as Outlook Express are required to send the email through Comcast.

I've never heard of such a policy being applied by any ISP to using the submission port. That has always been applied to only the SMTP port (25).

quote:
Originally posted by mark123:
I asked in the past about running an email server from home. The consensus was that it's not worth the hassle. I'm thinking it just may be.

The hassle aside: I can guarantee you that you will not be able to run an SMTP server on a Comcast residential account. That is precisely the thing the policy you note above is meant to prohibit.

Come to think of it... I have my next-door-neighbor's WiFi access and he's on a Comcast residential account. Later on I'll wander over there, connect to it, and see if all my email works. (Won't be testing Gmail, though, for the reason already mentioned.)
I'm not saying Comcast is blocking port 587, but spanhaus is saying they are blacklisting their entire residential ip block unless they go through Comcast's smtp. I would just set to their smtp if it didn't automatically get dumped into the spam box every time.
 
Posts: 45679 | Location: Pennsyltucky | Registered: December 05, 2001Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by airbubba:
with your own email server, are there any email issues while traveling?

Not if you do it right.

But it's not quite as easy as smschulz makes it out to be. It used to be. Thank spammers and scammers.

You need to have a domain name registered with a credible registrar. (I would avoid using any registrar with words like "cheap" in their name, for example.) You have to have a static IP address with forward and reverse (A and PTR) records that point to that server's IP address and they need to be self-consistent.

E.g.: If your server's fully-qualified domain name (FQDN) is host.example.com, then:
$ nslookup host.example.com
...
Name: host.example.com
Address: 127.0.0.1

$ nslookup 127.0.0.1
...
1.0.0.127.in-addr.arpa name = host.example.com.

(N.B.: That trailing "." in the 2nd answer is critical.)

Then it's also wise to have:

  • Signed DNS records (many registrars do no yet support them)
  • SPF records in your DNS zone
  • A DKIM domain key in your DNS zone

if you really want to make sure email from your server is: 1. Accepted and 2. Doesn't end-up automatically marked as possible or likely spam/scam/spoof email.

ETA: And if you want your email connections to be secure, you need SSL certs for your mail server. Luckily, that's a lot easier and cheaper (it's free) with Let's Encrypt, but it does require a minimal web server in order to acquire and renew the certs.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26032 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by mark123:
I'm not saying Comcast is blocking port 587, but spanhaus is saying they are blacklisting their entire residential ip block unless they go through Comcast's smtp.

And again: That's only for SMTP connections from and to port 25, not for connections to port 587 (submission).

When an email client makes and authenticated connection via port 587 it is regarded by the mail server to which the connection is made as a local connection, and is not subjected to DNS blacklists such as spamhaus. Not unless the mail server in question is ineptly configured.

I will say this: Something is awry with Google's email servers today. I cannot get an IMAP connection to succeed for love nor money. It keeps claiming my authentication credentials are incorrect, despite my ability to log into gmail with a browser using those very same credentials. Could be whatever's going on there is what's screwing you.

I'm beginning to down-right hate Google. The end of my relationship with them is very close to hand.

Btw: I went and connected my iPhone to my next-door-neighbor's WiFi. He's on a Comcast residential account. Sent email to my gmail account, from the connection to my home server, and to my home email account, from my Apple email account.

My home and server farm servers all use spamhaus.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26032 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
  Powered by Social Strata Page 1 2  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    More email troubles. I believe comcast is at fault this time.

© SIGforum 2024