@BeenOnHoldForev -- Shaw is doing some verification of E-mail IDs.
Example of an E-mail session, from a command-prompt on my Windows computer:
$ telnet mail.shaw.ca smtp
220 shw-obgw-4004a.ext.cloudfilter.net cmsmtp ESMTP server ready
helo shaw.ca
mail from:<example@uvic.ca>
rcpt to:<XXXxxxXXX@shaw.ca>
DATA
250 shw-obgw-4004a.ext.cloudfilter.net hello [96.54.225.124], pleased to meet you
250 <example@uvic.ca> sender ok
250 <XXXxxxXXX@shaw.ca> recipient ok
354 OK
Date:
Date: July 7, 2021
From: example <example@uvic.ca>
Subject: example <example@uvic.ca>
TEST: example <example@uvic.ca>
.
250 zkbHlAtJz3DJAzkbIlMWiW mail accepted for delivery
quit
221 shw-obgw-4004a.ext.cloudfilter.net cmsmtp closing connection
Connection to host lost.
In this session log, I have replaced my actual Shaw E-mail ID by "XXXxxxXXX", to follow this forum's rules about not posting valid E-mail IDs, and to preserve my privacy.
However, if I change one line: mail from:<example@uvic.ca> to read: mail from:<example@telus.net> then the "AUP#BL" message is generated, and the session is aborted.
To me, this implies that Shaw and Telus are cooperating to "cross-check" the validity of an E-mail ID on the other's mail-system, and that there currently is no agreement between Shaw and UVic to "cross-check" against any "spoofing".
I agree that it is unfortunate that those Shaw Agents seemingly are not accepting your reports, and seemingly are not "escalating" your reports to their senior-level system administrators, or that any "escalated" reports are not causing the actions that you desire. Since I have never been employed by Shaw, I have no "back-door" access to any of their employees.
I think that it is unlikely that Shaw is cross-checking anything with Telus, but it is possible. Although validating addresses (using RCPT TO) works with some mail servers it does not work with all and so that is probably not how I would build a system (but money talks). I would guess that they have a blacklist and the addresses that we are using are already on it.
I would like to give Shaw the benefit of the doubt, but I do not think that it is just a matter of escalation. Agents have told me that relaying using their servers is unsupported, and that the SMTP servers should not be used for anything except @shaw.ca addresses. I have spoken with so many agents and tried every possible route that I could think of. They will not lift a finger for this sort of request.
I think that we can agree that spoofing is possible to a certain extent. For businesses that host email for other businesses and want to spoof their customer's addresses, Shaw has suddenly decided to start dictating that this is no longer acceptable practice.
@BeenOnHoldForev -- I think that it is unlikely that Shaw is cross-checking anything with Telus, but it is possible.
Not only "possible", but Shaw is actually doing so. Log-file:
$ telnet smtp.shaw.ca smtp
220 shw-obgw-4002a.ext.cloudfilter.net cmsmtp ESMTP server ready
helo shaw.ca
mail from:<a.very.long.e.mail.id@telus.net>
rcpt to:<YYYY.MM.DD@shaw.ca>
DATA
250 shw-obgw-4002a.ext.cloudfilter.net hello [96.54.225.1], pleased to meet you
550 <a.very.long.e.mail.id@telus.net> sender rejected. AUP#BL
So, CloudFilter (Shaw recently out-sourced E-mail processing to this company) is taking notice of TELUS E-mail IDs. In my previous post, I showed that CloudFilter is _not_ taking notice of "@uvic.ca" IDs.
[Yes, "YYYY.MM.DD" is an edit to what I actually used, namely my actual ID, to preserve my privacy in this forum.]
> SMTP servers should not be used for anything except @shaw.ca addresses.
Interesting wording, in that they did not say "cannot be used".
By cross-checking I assume that you mean that they are connecting to Telus' server's to check the email address, but I am saying that all that they are checking is their blacklist which I do not consider "cross-checking".
I believe that the wording is accurate because they are saying that it is unsupported...they are too lazy to assist.
@BeenOnHoldForev -- By cross-checking I assume that you mean that they are connecting to Telus' server's to check the email address
Yes, they are checking, but I do not know "how" they are communicating with "telus.net" to cross-check.
I do know that if I repeat the above "test" session, with the only change being using "telus.com" in the MAIL FROM field, instead of "telus.net", then the "DNS#BL" message is *NOT* produced.
> checking their blacklist
I see a difference when the MAIL FROM field contains a *VALID* ID on "telus.net" as compared to when that field contains an *INVALID* ID. I do not consider checking the validity of the ID to be using a "blacklist". I doubt that TELUS would release a list of 100% of the valid IDs of TELUS customers to Shaw, so that Shaw could build a "whitelist".
You are making some fairly large assumptions. I have explained above how Shaw could connect to telus' mail server and use RCPT TO to validate email addresses (which again does not always work), but if you look at the error message it says that it is blacklisted (BL) not that the account is invalid. You are assuming that your logs are showing that the account is invalid but it is actually showing that the account is blacklisted. It makes a lot more sense to me that the mail server is just checking a file on their local system, not really quickly connecting to Telus to validate.
The blacklist does not exist on Telus' server but on Shaws.
@BeenOnHoldForev -- It makes a lot more sense to me that the mail server is just checking a file on their local system, not really quickly connecting to Telus to validate.
I disagree. To me, it makes no sense for TELUS to give SHAW an up-to-date list of the E-mail IDs of all TELUS customers, either in a "business" sense -- never give a list of your clients to your competitor -- and in a "privacy" sense -- it violates the privacy of the TELUS customers to have their IDs released to a third-party.
Plus, how often does the TELUS "list" change as TELUS customers come-and-go? Daily? Hourly? How often does TELUS send the "current" list to their competitor?
P.S. During my testing, I do notice a few-second "pause" in the middle of the E-mail transaction, as if Shaw's mail-server is "quickly connecting to Telus to validate".
I never said that Telus is giving any such list to Shaw, or publishing a list. Why would an admin serve up a list of valid email addresses? That would be a security concern. It makes no sense, and that is your assumption not mine.
Re-read my messages and you will see that I keep trying to tell you that the blacklist is on Shaw's server and they are the ones that are lazy because they will not remove an address from THEIR systems. Even if they are using a list from another company their daemon would download it on initialization, not adhoc.
I have a valid concern and you keep disagreeing but you do not even work for Shaw and I do not think that you have ever been a Systems Admin. You are not really following my concern. This is a change that Shaw made not Telus. What you said originally might have made sense when you said it but now it is FALSE, and your repeated attempts to defend your outrageous assumptions just shows how little you know about how us Systems Admins build real infrastructure in real organizations. We use logic, and you are not using it if you cannot consider that Shaw maintains a blacklist then I guess that we are done.
It would seem that this issue with Shaw continues. I have two bulk email lists for a residential association, only the 18 Shaw.ca emails are blocked. Even when I send to my own Shaw address from the residents association email address (I'm the secretary of the association) as part of a bulk email message, it gets blocked. However a one-to-one email does get through instantly. And, yes, the call centre rep, with whom I spoke for 15 minutes yesterday, was either unaware of this or refused to acknowledge the issue.
I recommend checking to see whether there may be an email blacklist placed on your IP address. This tends to happen most often with bulk email lists - a service like Spamhaus may potentially add the location or email address to a blacklist which can limit how many emails you can send at a time. This isn't done by us, but we can help you investigate whether you may be blacklisted. If you Google "how to check if my email is blacklisted" you should find a number of websites that go into more detail on what it means and how to check, however we can also investigate on your behalf. Just contact our Tech Support team by Live Chat and ask if they can check whether your IP may be on a blacklist.