Monday, March 30, 2009

Gmail Spamming Network Solutions

I have a gmail email address and a business email address that I have used to email Network Solutions in the past. Someone has bombarded Network Solutions with spam from my email addresses - both of them - so my email addresses got blocked by Network Solutions. The person at Network Solutions said the emails contained Viagra spam among other things.

The most annoying thing is that Network Solutions will not give me any of the mail headers so I can see who is doing it. The second most annoying thing is that I have set up TLS communication between myself and Network Solutions SSL. They had to email me the attachment via GMail - which is obviously not very secure.

I have contended for a long time that someone has been messing with my email and this pretty much confirms it. Coinicidence that it was both my gmail account and my business account? I doubt it.

So is it a problem with Gmail that someone can spoof my address to Network Solutions? Is this a problem with Gmail SPF records or lack thereof? Or is the problem that Network Solutions systems are not correctly checking SPF records and cannot tell the difference between spam and real emails that are actually from me?

The other problem with this whole scenario is the Network Solutions person said they were getting my emails, and replying to them. How is it that if my email address was blacklisted due to spam, they can still RECEIVE my emails (potentially spam) but not SEND emails to me? This doesn't really make sense to me. Don't you usually block spam? When they send to me they get no errors - so they didn't know they couldn't get emails to me until I called them and complained that someone really needs to fix this.

Additionally, they at first did not want to add the week onto my certificate for the time I have spent trying to get this to work - when the problem was not my fault. I cannot control their mail servers and know they are trying to email me but they cannot. This whole thing is very odd.

The other interesting thing is that they say they are sending these emails from the UK. This cannot be true because I have a block on emails from the UK. And it is also quite coincidental that one of my customers has been complaining suddenly that he cannot send emails to/from the UK -- but when he sent me the email header in question -- it was coming out of Texas.

Really, what is going on here? When is anyone going to believe that our email systems are really hacked and messed up and everyone needs to start using TLS (if that even works but it seems to be better due to authentication on both sides of the equation).