Gc Revealing Users Email Addresses!

[+hedberg]

It has happen us a few times the last 14 days, that we have sent email thru GC, and got a return mail that it couldn't be delivered and there is the email address to the user stated!

 

This might not be a big problem, but some people don't want to get their email going public..

 

I add unfortunally delete all those messages including one that I saved to show here, but it was looking something like:

 

Message from GC

There has been a problem while processing your message to

<email@domain.com> (and the reasons why it couldn't be relayed to that mail account)

 

(and I think it was a copy of the message below also)

[Jeremy]

If the mail is being rejected, doesn't that mean that the emaik address is no longer valid?

[+Perrin]

or maybe the person entered their e-mail address wrong when filling out their sign up info for GC.com.

 

Have you been able to e-mail that particular person through the site before? Or is this a new problem?

[+planetrobert]

If the mail is being rejected, doesn't that mean that the emaik address is no longer valid?

it could also mean that their inbox is full and the mail is rejected for that reason.

 

there are a couple other reasons that are valid even tho the email address still exists. forget what they are right now.

 

as I see it it is not a GC problem.

 

IF it becames a HOT issue TPTB could make the send my email address nat an option anymore. that would make those emails bounce to them ather than to you.

[+planetrobert]

or maybe the person entered their e-mail address wrong when filling out their sign up info for GC.com.

That couldn't really be an otion since you have to validate your email address to sign up here.

[+Perrin]

or maybe the person entered their e-mail address wrong when filling out their sign up info for GC.com.

That couldn't really be an otion since you have to validate your email address to sign up here.

Oops, I stand corrected. Actually forgot about that part

[+hedberg]

It's valid addresses, and if I send let's say 10 messages to this person, is one rejected suddenly, then it works again.

 

I don't know if it has to do with the servers being overloaded at GC, or the mailservers at the users ISP, but from my point of view is it not so good that the return message are sent to the user who sent the mail.

 

Some users do mail us and don't want their email to be public, therefor must we go thru G to mail back to them.. And suddenly do GC state what mailaddress they have...

 

Next time it happens will I save a copy for you, it has happen let's say 4-5 times in 14 days to different users with different ISPs. Since we are hosting the Bugrace have we sent a few mail out to different bugowners in the race, and it was then we saw this problem.

[+hedberg]

Here is a copy of a mail I tried to send thru GC a couple of minutes ago. I will change the correct email address to XXX.XX... All IP has been X:d... Here is the copy of the email. If anyone at GC.com wants the copy of the email, do we have it saved in our computer for you... But it revealed the email of the user I mailed....

 

Date: Sat, 28 Feb 2004 08:45:40 -0800 (PST)

From: MAILER-DAEMON@signal.Groundspeak.com (Mail Delivery System)

Subject: Undelivered Mail Returned to Sender

 

This is the Postfix program at host signal.Groundspeak.com.

 

I'm sorry to have to inform you that the message returned

below could not be delivered to one or more destinations.

 

For further assistance, please send mail to <postmaster>

 

If you do so, please include this problem report. You can

delete your own text from the message returned below.

 

The Postfix program

 

<xxx@xxxx.com>: host mail.xxxx.com[66.33.xxx.xxx] said: 550 5.0.0

<myemail@xxx.se>... Mail rejected due to possible SPAM (in reply to

MAIL FROM command)

 

Reporting-MTA: dns; signal.Groundspeak.com

Arrival-Date: Sat, 28 Feb 2004 08:45:28 -0800 (PST)

 

Final-Recipient: rfc822; xxx@xxxx.com

Action: failed

Status: 5.0.0

Diagnostic-Code: X-Postfix; host mail.xxxx.com[66.33.xxx.xxx] said: 550 5.0.0

<myemail@xxx.se>... Mail rejected due to possible SPAM (in reply to

MAIL FROM command)

 

Received: from hal.Groundspeak.com (hal.Groundspeak.com [63.251.163.175])

by signal.Groundspeak.com (Postfix) with ESMTP id EB543132CDE

for <info@xxxx.com>; Sat, 28 Feb 2004 08:45:28 -0800 (PST)

Received: from mail pickup service by hal.Groundspeak.com with Microsoft SMTPSVC;

Sat, 28 Feb 2004 08:45:30 -0800

X-Originating-IP: [82.182.xxx.xxx]

Thread-Topic: [GEO] hedberg contacting you from Geocaching.com

X-Mailer: Groundspeak Mailer Bot

thread-index: AcP+GkZOtiK/udnuSuaENJZjLB54eg==

From: <myemail@xxx.se>

To: <info@xxxx.com>

Subject: [GEO] hedberg contacting you from Geocaching.com

Date: Sat, 28 Feb 2004 08:45:29 -0800

Message-ID: <041601c3fe1a$46507a70$a8a3fb3f@hal>

MIME-Version: 1.0

Content-Class: urn:content-classes:message

Importance: normal

Priority: normal

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0

X-OriginalArrivalTime: 28 Feb 2004 16:45:30.0083 (UTC) FILETIME=[466F9B30:01C3FE1A]

Content-Type: text/plain; x-avg-checked=avg-ok-657D5224; charset=iso-8859-1

Content-Transfer-Encoding: 7bit

 

--This message was sent through the Geocaching.com web site--

 

(and my message)

 

------------------------------------------------------------

Forward abuse complaints to: contact@geocaching.com

[+Pyewacket]

The recipient of the email may possibly have a filter set through his or her server, which will only allow through emails he has approved, and might not have gc.com allowed. There are also anti-spam programs that actually change the email protocol, where email is, essentially, bounced to the recipient only after being verified by the program. There are several variables in the above situations, and if email from gc.com hasn't been recognized as safe, or spam-free, you, as the sender, may get a bounce-back. Slim are the chances that anyone's email address is being disclosed in such a way that it can be gleaned for other spammers.

[+Lone Duck]

I'm using a program called Mailwasher which is spam filtering program. By default, it's set to reject all email unless the sender is allowed to pass through the filter. One of the touted features of Mailwasher is that it bounces back the rejected messages, which is suppossed to get your address removed from the spammer's lists.

 

It could be that the person you sent the email to is using Mailwasher and didn't spot your message when it scanned the headers.

 

Personally, I don't have a problem with users of this stie contacting me because that's part of purpose of being here.

[+woo2]

This is actually a simple issue that is complex to resolve. Its root is how e-mail works.

 

GC.com isn't actually giving out the e-mail addresses, the recipient's mail server is. It happens when the mail server has some sort of problem (i.e. mailbox full) and it is reporting the problem to the sender. The sender is the address listed in the FROM field of the e-mail. But whose address should GC.com put in the FROM field?

 

If GC.com lists itself as the sender, then you won't get those error messages that reveal the e-mail address. Also if the recipient hits "reply", it will go to GC.com and not the actual person who sent it. That's no good.

 

If GC.com lists the sender's actual e-mail address in the FROM field (which is what is done), hitting the "reply" button will work fine but you also have the rare issue that you're describing.

 

If GC.com lists the GC User ID in the FROM field, the recipient's e-mail will have no clue what that means since it is not an internet e-mail address.

 

The only way GC.com can get around this is if they set up a GC.com mail server with a mail ID for each and every user. If that user gets mail sent to [iD]@GC.com, then it is forwarded to the actual e-mail address for that user id. However it is a bit drastic to avoid this rare issue by implimenting an entire mail system from scratch. Don't expect the situation to change unless it becomes a BIG issue, it is just too much time/money/resources needed to impliment the only solution that will prevent this problem.

[MOCKBA]

If the mail is being rejected, doesn't that mean that the emaik address is no longer valid?

My sockpuppet's account bounces mail whenever the sender's address is on some obsolete molded blacklist of spammers (e.g. my employer's domain had an open relay goof-up two years ago, and any mail from there kept bouncing until very recently), and also when the mailbox is over the limit.

[+GeoBlank]

If the from alias was always set to some non-monitored GC account instead of from the person filling out the form, then wouldn't bounced mails just return to the GC account?

 

GC's form decides who the from is set to...

 

If a person click on the box to include my alias, it coud be included in the body and not on the from field.

 

Maybe I am missing something...

[+bons]

If the from alias was always set to some non-monitored GC account instead of from the person filling out the form, then wouldn't bounced mails just return to the GC account?

 

GC's form decides who the from is set to...

 

If a person click on the box to include my alias, it coud be included in the body and not on the from field.

 

Maybe I am missing something...

Yes. You're missing the fact that people tend to hit reply without looking at the "from field" and will therefore reply to the dead account.

 

Experience has shown me that doing it the way you suggest results in a lot of dead letters.

 

I'm sorry, but GC.com isn't revealing anything unusual. It's transmission went from GC to the server just like it was supposed to. If the target's server is configured to bounce a message to the "from" field, that's their server's fault. It's the one sending the e-mail address to you, not gc.com.

 

One of the touted features of Mailwasher is that it bounces back the rejected messages, which is suppossed to get your address removed from the spammer's lists.

If it's bouncing it back to an almost always forged "from field", how is this going to get your address removed? Spammers don't tend to include THEIR address in the from field and therefore have no reason to know that it bounced. (Assuming they cared in the first place.)