Go | New | Find | Notify | Tools | Reply |
W07VH5 |
When I'm connected to the home network (Comcast) my email address quit working a couple days ago. Sometimes I can get incoming but outgoing never leaves the Outbox. If I switch to my phone with WiFi off, it sends fine. I did some digging and found that Comcast IPs are blacklisted, get this, BY COMCAST unless you run outgoing email through their SMTP. https://www.spamhaus.org/pbl/query/PBL1523198 That wouldn't be so much of an issue except when I send an email from my domain name through comcast it's automatically flagged as spam since my domain name doesn't match the comcast SMTP.
Any suggestions for a next step? | ||
|
Shall Not Be Infringed |
The message is from Gmail, NOT Comcast, so I assume you're using Gmail here. Are you logged into Gmail using a browser, or the Gmail app. Is this potentially a Gmail 'setting' that's configurable? ____________________________________________________________ If Some is Good, and More is Better.....then Too Much, is Just Enough !! Trump 2024....Make America Great Again! "May Almighty God bless the United States of America" - parabellum 7/26/20 Live Free or Die! | |||
|
Member |
Could this be solved setting up the SPF record of the domain name to include/validate email sent through Comcast? My guess is not, unless you have a full-blown business account with them. They want outgoing email from your local client to go through and validate via their SMTP to reduce the chances their email servers get blocked by SpamAssassin and others.
That message is what the receiver is seeing when the mail comes into their Gmail/G Suite (or whatever they just renamed it to). Steve Small Business Website Design & Maintenance - https://spidercreations.net | OpSpec Training - https://opspectraining.com | Grayguns - https://grayguns.com Evil exists. You can not negotiate with, bribe or placate evil. You're not going to be able to have it sit down with Dr. Phil for an anger management session either. | |||
|
W07VH5 |
That's the message when I use Comcast's SMTP. It's automatically moved to the spam filter. Ignore the Gmail part. The issue is Comcast according to the link in the OP. | |||
|
W07VH5 |
That's what I was hoping for. Alas and alack, it's a no go. I wonder if I can just add Comcast smtp to my DNS record like I do with Gmail smtp for my business email. | |||
|
Conveniently located directly above the center of the Earth |
some kind of comcast/xfinity corp changes and email issues here in PNW as well. Conflicting stories from what corp. email we get recently vs what the (ineffective) phone tech tells us. I've become woozie enough about the veritable hours we spend trying to accommodate various 'improvements' that eventually barely show return to previous service level, that I'm ready to doze all my small clutch of electronic toys into a pile & tune up my old splitting maul. **************~~~~~~~~~~ "I've been on this rock too long to bother with these liars any more." ~SIGforum advisor~ "When the pain of staying the same outweighs the pain of change, then change will come."~~sigmonkey | |||
|
W07VH5 |
I feel ya, friend. I do. | |||
|
Optimistic Cynic |
Many ISPs block outgoing SMTP to servers other than those they provide, it is not "blacklisting," but TCP port blocking AKA "traffic management" usually configured on a router/firewall not on the mail server itself. I think this is actually considered "best practice" in the ISP community as an anti-spam measure. Sometimes this can be circumvented by using port 465 or port 587 if the SMTP server to which you are sending will accept mail submissions on these ports. This, effectively, means you have to run your own off-site mail server, e.g. on AWS, and send all your mail through it rather than to arbitrary destination servers. Some ISPs, I don't know if Comcast is one of them, will lift port blocking on a subscriber-by-subscriber basis, but you will probably have to convince them that you do not intend to send out UCE or other mass mailings. It may well be that the external IP address assigned to your Comcast premises router is in a blacklisted netblock as many people originate spam, and thus get into a blocklist. There are sites on the 'net that will show you if your IP is blacklisted. Unless you are concerned about the Comcast servers intercepting or diverting your messages, there is probably no harm in submitting through their servers. If you do have privacy concerns, you should probably be using end-to-end encryption such as S/MIME or Enigmail anyway on all your messages. This is also a situation in which a commercial VPN can help as this conceals the origin of your message submission from your ISP. Setting up a private VPN, e.g. to an AWS host, is probably even better as it allows you to manage your SMTP server reputation (commercial VPN provided IP addresses can be blocklisted too). | |||
|
Shall Not Be Infringed |
^^^Impressive post right there! Network Architect? ____________________________________________________________ If Some is Good, and More is Better.....then Too Much, is Just Enough !! Trump 2024....Make America Great Again! "May Almighty God bless the United States of America" - parabellum 7/26/20 Live Free or Die! | |||
|
Nullus Anxietas |
Something is wrong or missing with this story. When you send email normally, are you sending it via Gmail, using your own domain? Using an email client (I'm guessing Outlook), connecting to smtp.gmail.com? Comcast's IPs being blocked by Comcast, or anybody else, would normally be blocking SMTP <-> SMTP communications (on port 25) from non-Comcast known email server IP addresses. You shouldn't be using SMTP to communicate with Gmail or anybody else. You should be using "submission," on port 587. (And you should be using STARTTLS [encryption].) Re: The "Be careful with this message." That is indeed Gmail adding that, for the reason you stated. It probably is SPF detecting that the origination server is not authorized to send email on behalf of your domain.
Indeed some do and most will not lift it for residential accounts using dynamic IP address assignment. They don't want "economy" customers running email servers, which is what SMTP is supposed to be for. Yes, yes: Back in the good ol' days email clients could get away with using SMTP (port 25), unauthenticated, for sending email. Due to email abuse and compromised PCs, those days are pretty much over. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
W07VH5 |
my domain. Not outlook. Thunderbird or iOS Mail.app | |||
|
Nullus Anxietas |
Ok, what port are you using? In Thunderbird you want to be using STARTTLS on port 587, normal password. On iOS <looks...> (jebus, Apple makes this a PITA...) Use SSL, Server Port 587, and "Password" authentication. I have my home email client (we're on a Comcast Business High-Speed Internet connection) connected to:
The only account that ever gives me trouble is Gmail, because they randomly decide connecting to their mail servers with an "unknown" app is a security risk, so I have to log in with a browser and say "Yes, allow this. Again." For that reason, and the reason that I'm slowly weaning myself off everything Google, I do not have my Gmail account configured into my iPhone or iPad. But Apple mail and the three private servers are. I never have any trouble with any of them from anywhere. I use the submission port (587) with STARTTLS for sending on all of them, and IMAPS (993) for receiving email. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
quarter MOA visionary |
Like what was mentioned above ~ it could be a port issue or a general SMTP policy. The policy as also mentioned above can be fixed with a conversation with the ISP. Whenever I setup an email server for a client I generally always have to inform the ISP and have them lift the SMTP block. This is generally automatic when they purchase a static IP from the ISP but not always. I would talk to your ISP on the matter to get resolved and unfortunately you will have to wade through the initial low-level techs that know nothing to get to a level that can help you. Note: what I mentioned was primarily for on premise email servers. I was assuming this is the case. If not and the server is located elsewhere then this does not apply. If the email is hosted elsewhere then also what has been mentioned previously applies to their server setup and policies. They need to the conventional policies ~ SPF, etc as to get everyone to accept their emails. You still may need to talk to your ISP or the email service provider to resolve. | |||
|
W07VH5 |
yep, that's how it's set. It's not on my end.
I asked in the past about running an email server from home. The consensus was that it's not worth the hassle. I'm thinking it just may be. | |||
|
quarter MOA visionary |
Like ensigmatic I run my own email server ~ MS Exchange since around the year 2000. Once set up correctly (MS or another) it runs flawlessly. You do have to make sure all of the I are dotted and t's crossed otherwise you can have issues. MS has tools to make sure it will have no issues, I imagine other types do too. AGAIN you have to get a static IP and get your ISP to let the traffic though. Once done you are fine. | |||
|
Nullus Anxietas |
You're saying Comcast is blocking port 587? That's just plain broken. You need to contact Comcast (if you're a residential customer you have my sympathies--I'd rather slit my wrists). When 1st line customer "support" blows you off (after telling you to reset your modem): Escalate. And keep escalating. You might also try the Comcast forum at broadbandreports.com. There's a Comcast support forum there with participants from Comcast, itself, that has been very successful at Getting Things Done.
I've never heard of such a policy being applied by any ISP to using the submission port. That has always been applied to only the SMTP port (25).
The hassle aside: I can guarantee you that you will not be able to run an SMTP server on a Comcast residential account. That is precisely the thing the policy you note above is meant to prohibit. Come to think of it... I have my next-door-neighbor's WiFi access and he's on a Comcast residential account. Later on I'll wander over there, connect to it, and see if all my email works. (Won't be testing Gmail, though, for the reason already mentioned.) "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Member |
with your own email server, are there any email issues while traveling? | |||
|
W07VH5 |
I'm not saying Comcast is blocking port 587, but spanhaus is saying they are blacklisting their entire residential ip block unless they go through Comcast's smtp. I would just set to their smtp if it didn't automatically get dumped into the spam box every time. | |||
|
Nullus Anxietas |
Not if you do it right. But it's not quite as easy as smschulz makes it out to be. It used to be. Thank spammers and scammers. You need to have a domain name registered with a credible registrar. (I would avoid using any registrar with words like "cheap" in their name, for example.) You have to have a static IP address with forward and reverse (A and PTR) records that point to that server's IP address and they need to be self-consistent. E.g.: If your server's fully-qualified domain name (FQDN) is host.example.com, then: $ nslookup host.example.com ... Name: host.example.com Address: 127.0.0.1 $ nslookup 127.0.0.1 ... 1.0.0.127.in-addr.arpa name = host.example.com. (N.B.: That trailing "." in the 2nd answer is critical.) Then it's also wise to have:
if you really want to make sure email from your server is: 1. Accepted and 2. Doesn't end-up automatically marked as possible or likely spam/scam/spoof email. ETA: And if you want your email connections to be secure, you need SSL certs for your mail server. Luckily, that's a lot easier and cheaper (it's free) with Let's Encrypt, but it does require a minimal web server in order to acquire and renew the certs. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Nullus Anxietas |
And again: That's only for SMTP connections from and to port 25, not for connections to port 587 (submission). When an email client makes and authenticated connection via port 587 it is regarded by the mail server to which the connection is made as a local connection, and is not subjected to DNS blacklists such as spamhaus. Not unless the mail server in question is ineptly configured. I will say this: Something is awry with Google's email servers today. I cannot get an IMAP connection to succeed for love nor money. It keeps claiming my authentication credentials are incorrect, despite my ability to log into gmail with a browser using those very same credentials. Could be whatever's going on there is what's screwing you. I'm beginning to down-right hate Google. The end of my relationship with them is very close to hand. Btw: I went and connected my iPhone to my next-door-neighbor's WiFi. He's on a Comcast residential account. Sent email to my gmail account, from the connection to my home server, and to my home email account, from my Apple email account. My home and server farm servers all use spamhaus. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Powered by Social Strata | Page 1 2 |
Please Wait. Your request is being processed... |