Contact Us!

16W361 S. Frontage Road
Suite 100
Burr Ridge, IL 60527
US
Phone: +1 312 924 4000
Fax: +1 630 887 8651
team-cymru@cymru.com

Team Cymru is a specialized Internet security research firm dedicated to making the Internet more secure. By researching the 'who' and 'why' of malicious Internet activity worldwide, Team Cymru helps organizations identify and eradicate problems in their networks.

Bogons and E-mail

Introduction

Team Cymru frequently receives complaints from people claiming that we are listing their email servers as spam sources and thus are preventing them from sending email. The reason for this assumption is because they have received a bounced email with a message similar to the following:

Sorry, your email sent from sender@some.site to person@example.org
was identified as spam because your IP was listed in bogons.cymru.com.  
Please contact Team Cymru <team-cymru@cymru.com> for questions.

Team Cymru does not filter email! Furthermore, we have no control over how people configure their mail servers, and we certainly do not authorize anyone to list us as the contact point for problems with their mail servers. Despite what the bounced message says there is very little we can do to help in these situations.

So what's the problem?

Unfortunately it is difficult to answer that question without knowing how the destination mail server is configured. However, our observation has been that most bounces of this nature are caused by one of two reasons:

1. Outdated Bogon Lists

Bogon lists need to be updated frequently as the Internet Assigned Numbers Authority hands out new blocks of IP addresses for assignment several times each year. If a mail administrator does not keep their bogon filters up-to-date then chances are they might be blocking email from IP addresses that are perfectly valid for use. The definitive list of assigned IP addresses may be found on IANA's web site, which is the basis for our own bogon lists. Anything not labeled as 'IANA - Reserved' or 'IANA - Multicast' is valid for use on the Internet. For more information on bogon filtering please visit our bogon reference page.

2. Bogon Addresses in Email Headers

Some people configure their mail servers to block any mail message that contains a bogon IP address anywhere in the message headers. This is not a good practice and Team Cymru recommends against doing this. The problem is that mail headers may contain bogon addresses as part of their delivery path information. The following is an example of typical mail headers:

Delivered-To: person@example.org
Received: by server.example.org (Postfix, from userid 123456)
     id 741C32442; Wed,  7 Sep 2005 08:24:55 -0500 (CDT)
Received: from relay.example.org (64.1.1.1)
     by server.example.org (Postfix) with ESMTP id B37CE243F
     for <person@server.example.org>; Wed,  7 Sep 2005 08:24:51 -0500 (CDT)
Received: from smtp.some.site (70.1.1.1)
     by relay.example.org (Postfix) with ESMTP id 5648EC916
     for <person@example.org>; Wed,  7 Sep 2005 08:24:51 -0500 (CDT)
Received: from workstation.some.site (192.0.2.1) by smtp.some.site (Sendmail)
     id 42F22E990020F370; Wed, 7 Sep 2005 15:24:49 +0200

The IP addresses have been highlighted for clarity. In this example the machine that originally sent the email (workstation.some.site) is using a bogon IP address (192.0.2.1) when communicating to some.site's internal mail server. The mail servers then forward the mail to the destination at example.org over the Internet using a valid IP address (70.1.1.1).

We have observed that some mail servers will block messages like this because 192.0.2.1 is a bogon. However, in our opinion this is not correct. The definition of a bogon address is an IP that is not supposed to be used on the Internet. It is feasible (though definitely not a best practice) to use bogon addresses internally in a company so long as those addresses are not routed on the Internet. In the above example relay.example.org should not block the email unless smtp.some.site was using a bogon IP address to communicate with it.

So what can I do?

The best thing to do in situations like this is to contact the person or persons in charge of the mail servers at the company you are trying to reach. Most companies define an email alias called postmaster (e.g. postmaster@example.org) which goes to their mail administrators. Try forwarding the bounced message that you received to this address and ask for assistance. Note that if all email from your domain is being blocked you may need to forward the message through a separate email account. Be sure to include as much information as you can when forwarding the message, including the full mail headers if possible. The postmaster will need this information in order to troubleshoot your problem.

If you receive no reply from the postmaster then try looking at the public website for the company and see if they have an alternative contact for customer support. You may have to work your way through several people in order to reach the right people in the organization who can help. Make sure to remain calm and friendly, and always mention that you have copies of the bounced emails that will help in troubleshooting.

Unfortunately Team Cymru cannot offer much assistance in these matters. We do not control any mail servers other than our own and do not have any formal contacts with organizations that use our bogon lists. We strongly ask that mail administrators do not list us as a contact point for help in troubleshooting problems with their mail servers.

Problem Sites

We have received reports that the following sites are blocking emails based on outdated or incorrect bogon lists, and that the bounced messages incorrectly instruct senders to contact Team Cymru for further assistance.

earthworksaction.org
mtnl.net.in
tcapdesign.com

If your site is listed here and you believe that you have fixed the problem please contact us and we will remove it from this list. Thank you for your assistance.

Comments and Feedback

We hope that the information on this page is helpful in resolving your email issues. If you have any questions or comments regarding the information on this page please feel free to contact us at team-cymru@cymru.com. However please keep in mind that we do not filter email and do not have any control over sites that do.

Copyright © 2008 Team Cymru, Inc. Site design by SavvyByte LLC.