1. Original Entry + Comments2. Write a Comment3. Preview Comment


January 27, 2013  |  The case of the bouncing emails  |  4940 hit(s)

Here's a way not to make friends and not to influence people: hand out your personal email address everywhere and then discover that the address is merrily bouncing people. Whoops.

I taught a class over the last couple of Saturdays and told folks they could send their homework to me at mike@mikepope.com. On Wednesday I got an email from a student telling me that the email address I had handed out wasn't working. (The student had managed to find me via a different channel, thank goodness.) I tried sending an email to the address I'd distributed, and sure enough, back it came.

The keeper of my domain (mikepope.com) is GoDaddy. As part of registering my domain and getting them to manage it, I'd gotten "free email forwarding" for the domain. When someone sends email to the mikepope.com domain (e.g., mike@mikepope.com), the message is forwarded to my other, "real" email addresses.

Some months ago, I started getting a steady volume of messages to my real email addresses that told me an email had bounced, often with the message "invalid recipient address." The strange thing was that these were bounces for emails that I had never sent. This turns out to be a well-known problem—spammers forge a From address on their spam mail (they don't want you to reply, they just want you to click the link in the email they send). Spammers use many, many different forged From addresses in their attempts to get around spam-detection strategies. Apparently the mike@mikepope address had fallen into the hands of just such a spammer.

I did investigate a bit whether there was anything I could do about this; I didn't want my ISP (Comcast) to think I was originating these spam emails. But nothing can be done, so I stopped worrying about getting these oddball bounces. In any event, the volume of these no-recipient bounce messages had tailed off recently, tho I didn't think much about it at the time. (I think I reckoned that Comcast's spam detection was filtering them.)

Then came the incident with the class and the frustrated students, so I had a look. It turns out that I had misunderstood something about how email was handled for mike@mikepope.com. Yes, I've set up forwarding for that address at GoDaddy. However, I also have—I don't know whether I actually intended this or whether it was a feature of my domain hosting—an email account at GoDaddy. And over the last few months, that email account had been filling up with lots and lots of these bounce messages for spammers. In fact, the mailbox had reached capacity. As a result, when students sent me email, they were in turn getting a legitimate bounce message from mike@mikepope.com, which said:
<mike@mikepope.com>
child status 100...The e-mail message could not be delivered because the user's mailfolder is full.
Because I didn't understand that I had an actual mailbox at GoDaddy, this didn't make sense to me at first. But after hacking around in GoDaddy's wretched dashboard, I eventually got to the actual email mailbox that I didn't really grok that I had. The Inbox had hundreds (thousands?) of the spam-related bounce mails, along with a few legitimate emails. Oh and look, a nice red graphic told me I'd reached 100% of my capacity. (GoDaddy's response to this problem was to offer to sell me more space.)

I bulk-cleared the Inbox and Trash and now it all works again. Who knows how many legitimate emails I've missed because they got bounced from mike@mikepope.com and the sender didn't or couldn't try again. Hopefully not many.

Now I have to figure out what to do to prevent this in future. One way would be to monitor this GoDaddy-hosted mailbox. I might also just get rid of the GoDaddy mailbox (and keep just the email forwarding), since as far as I know I don't need it. I hesitate on this latter only because managing anything via the GoDaddy interface is ... not fun and not easy. And I don't want to break the part of the system that does work, namely forwarding. Ah, well—it wouldn't be a real website unless I had to screw with it all the time. :-)


Interesting Finds: January 28, 2013