Wednesday, March 18, 2009

Postini Didn't Block Specified IP

Yesterday a customer complained about not getting email from one of his customers. I thought maybe the customer was in an IP range blocked by Postini so I asked him for a mail header if he could provide one.

For some reason an email was able to get through at some point and we haven't made any changes on our Postini account recently (unless Postini and Google Apps are making these changes related to the string of problems noted in my blogs since November on those Postini/Google Apps problems).

The thing I don't understand is that the IP address should have been blocked according to our mail configuration settings in the first place. This particular IP address that should have been blocked was coming through Microsoft's Hotmail service. The last IP in the email address was the Microsoft hotmail product. The originating IP address was in the UK in a range we had blocked.

Apparently, Postini must be only blocking the last mail server in the header but not the originating IP address, which could be problematic obviously. Hackers and spammers can simply go through a "good" mail server you don't want to block no matter what their particular originating IP address is and you cannot block them.

It would be better if Postini could somehow look at that originating IP address (if that's not what it's doing).

Maybe the issue here is that maybe different email headers have different formats and it can be tricky to parse out the originating IP. What if email headers had to conform to an XML standard with a schema to validate them. Would that help drill down to the correct IP address? Maybe backwards compatibility could be provided to parse out old headers and stuff them into XML - but if they don't work the mail gets rejected - with a message telling the person to upgrade their mail server to an XML header compliant system.

Additionally mail headers could have details encrypted in transit except for what is required to get the mail from end to end with some sort of hash to make sure the message was not altered in transit.

Just dreaming here on a better way to solve mail problems...