cancel
Showing results for 
Search instead for 
Did you mean: 

Virgin Media Customers not receiving O2 emails

ravenstar68
Level 1: Joiner
  • 2 Posts
  • 1 Topics
  • 0 Solutions
Registered:

Hi

 

I'm not an O2 customer myself but I'm writing this on behalf of two Virgin Media email users who are not receiving emails sent by yourselves.  I'm going to see if I can get them to post into this thread.

 

The emails are not turning up in the users accounts, either inbox or spam folder.  A third user who is also an O2 customer did change their email from gmail to their Virgin Media address, in order to test and they too did not receive emails detailing the address change.

 

From the headers provided by the latter.  It looks as if the sending server does not use proper forward and reverse DNS validation:

 

 

Received: from ukmlwmsw004.uk.pri.o2.com ([158.230.100.102])

        by mx.google.com with ESMTPS id h3si13063831wru.429.2021.03.28.01.44.13

 

The reverse DNS lookup for 158.230.100.102 actually resolves to:

 

$ nslookup 158.230.100.102
102.100.230.158.in-addr.arpa name = cellgate.btcellnet.net.

 

I know that Virgin Media has in the past rejected connections based on invalid reverse DNS lookups.

 

I also note that you don't appear to use DKIM authentication,, although you do have SPF and DMARC records set up.

 

I hope to get the two users involved to post into this thread.  I'd be grateful if someone could look at escalating this to whoever manages your outbound emails.

 

Tim

Message 1 of 4
554 Views
3 REPLIES 3

ruggz
Level 1: Joiner
  • 1 Posts
  • 0 Topics
  • 0 Solutions
Registered:

hello,

It seems that since Ravenstar68 has posted here the issues are now resolved for myself at least, i was one of the people ravenstar68 mentioned in the post that were not getting the emails sent from o2 to my virginmedia/blueyonder account, at 11:08 this morning it seems the problem has now been fixed as i recieved the backlog of emails that shouldve been sent yesterday and was also able to reset my password a short time ago. i think ravenstar deserves some big credit for pushing this problem and helping fix a potential issue with respondance through 2 major companies in the UK. This has been/was a issue for some time i believe. 

As a disabled person i was forced to spend several hours on the phone yesterday, after breaking my phone by accident to try and get my details from my account for insurance reasons to replace my broken phone, my account which i couldnt enter because

1.i had no phone

2. i forgot my password and the reset password was not a option as i couldnt recieve emails from o2 @ virginmedia. the details were constantly sent to this email address, even twice when speaking to separate operators from o2 they said they had sent the details i needed which they had, but the emails were not arriving.

in the end after talking with one of your Customer service team i managed to get the details sent to a old hotmail address and this worked straight away. so I was fortunate enough to be able to carry on with the insurance on my phone albeit delayed. 

But for someone in my situation where having a phone could be a life or death matter with my certain disability this sort of thing really shouldnt of been a problem.  im however glad the situation is sorted now and seems to be fixed, appreciate the work ravenstar68 has done to help us with his insight into this problem. i think virgin and o2 should also. thanks 

Stephen

Message 2 of 4
531 Views

madasaf1sh
Level 56: Guvnor
  • 3862 Posts
  • 27 Topics
  • 914 Solutions
Registered:

@ravenstar68

 

From my point of view as an Email Administrator (NOT for o2).

 

Just to clarify email is not guaranteed to be delivered, and Gmail is not a good example as they will accept any emails from any sender and don't check SPF, DKIM or DMARC, and Hotmail also just pass most email without verification.

 

Have you or @ruggz spoken to (or tried to) speak to Virgin Media's Technical Support, for them to do a message trace?

 

Does it get to VirginMedia's mail servers (which are if i recall still Telewests / NTL / BlueYonder in some instances). ?

 

Reverse DNS Checks are a bad idea in the world of email as you will only get the IP address of the external email gateway which passes the email (Cellgate is a gateway).

 

Also to add the EHLO settings dont matter, as it whether the SMTP server is allowed to relay and this is authenticated usually by SPF and less so for DMARC and DKIM

 

Mail Flow using SendGrid as an example:

 

 

You can also try emailing postmaster@telefonica.com and seeing if you get a response.

 

And looking at your thread: 

https://community.virginmedia.com/t5/Email/Not-receiving-emails-from-o2/td-p/4671085/page/4

It looks like the issue is at Virgin Media's end as is usually the case..

 

I would recommend people to stay away from the likes of VM , BT's and Talk Talk and PlusNet mail services as they are just a pile of rubbish to be brutally honest.

Current Phone: Motorola Razr 5g
I also have a Planet Computers Gemini

I work in IT as an Enterprise Messaging and Collaboration Tools Administrator (Office 365, Slack and much much more) and manage hardware both Mobile and Desktop / laptop, my desk is a bit like PC World

--
We are all customers and dont have access to any o2 accounts





Message 3 of 4
515 Views

ravenstar68
  • 2 Posts
  • 1 Topics
  • 0 Solutions
Registered:

@madasaf1sh 

 

Let's get one hing out of the way.  I'm not a reat fan of Virgin Media's email service as i stands, but the problem is that a great many internet users wrongly IMHO equate their internet service provider with being their email service provider too and rarely look at other provisions.

 

With regard to deliverability of emails not being guaranteed - when your email service is sending out password resets  - you need to do your utmost to make sure that those resets are going out, and if they are being blocked, to see if there is anything you can do to prevent this.

 

Looking at RFC5321 - here's an important section from 2.3.5

 

Only resolvable, fully-qualified domain names (FQDNs) are permitted
   when domain names are used in SMTP.  In other words, names that can
   be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed
   in Section 5) are permitted, as are CNAME RRs whose targets can be
   resolved, in turn, to MX or address RRs.  Local nicknames or
   unqualified names MUST NOT be used.

So when we look at the FQDN presented to Virgin Media's mail exchangers.

 

Received: from ukmlwmsw004.uk.pri.o2.com ([158.230.100.102])

        by mx.google.com with ESMTPS id h3si13063831wru.429.2021.03.28.01.44.13

If we do a DIG for an A record

$ dig ukmlwmsw004.uk.pri.o2.com

; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> ukmlwmsw004.uk.pri.o2.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44775
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 868b40baddcc78be6461158360a467d3ded227c976b2a09a (good)
;; QUESTION SECTION:
;ukmlwmsw004.uk.pri.o2.com.     IN      A

;; AUTHORITY SECTION:
o2.com.                 900     IN      SOA     n1.02.net. hostmaster.02.net. 2021050701 10800 3600 604800 3600

;; Query time: 44 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed May 19 02:20:19 BST 2021
;; MSG SIZE  rcvd: 138

We find that 02 violates the RFC in this regard.

 

 

Typically when I've seen email gateways in the past - we see one hostname that feeds into a number of outbound servers:

 

Thus in Virgin Media's case if I use smtp.virginmedia.com - I actually get connected to one of 16 outbound relays - but when it comes to sending mail on to a mail exchanger, each of those relays uses both Forward and reverse confirmed DNS in order to verify the hostname.

 

Received: from know-smtprelay-omc-8.server.virginmedia.net (know-smtprelay-omc-8.server.virginmedia.net [80.0.253.72])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))

smtp.blueyonder.co.uk, smtp.ntlworld.com and smtp.virgin.net also feed into those same 16 servers

 

Bear in mind that we don't even get as far as SPF checking if the mail is rejected at the EHLO stage, and SPF is actually a very weak form of domain authentication, it was recognised from it's inception for example that where mail passes through a forwarding service - SPF gets broken.

 

As an email administrator I should hope that you are aware that it is far easier to chase non receipt errors from the sending side first of all.  After all if a send is rejected prior to sending a MAIL FROM: command, the receiving party won't have sight of the rejected email addresses in their logs.  Therefore it's always best that the sender confirms first of all that the mails were actually accepted by the receiving party - not least as those sending logs will not only contain the date and time of the send, but also the unique SMTP ID of the send.

 

What I've seen from earlier posts in this Forum is that either the emails mysteriously start arriving, or the recipient manages to change their email address and receives the mail that way.  But the cause of the send failure appears to have gone uninvestigated.  This IMHO is bad practice.

 

With regards to delivery starting up, I rather think that VM's security team may have added an exception for o2 here, but again IMHO this doesn't resolve o2 of responsibility for investigating these send failures.  Particularly in light of the fact that there servers are sending out a non existant FQDN.

 

BTW don't get me started on Hotmail - or Outlook.com as they are now.  I could have a serious rant about everything they do wrong ROFL.

 

Tim

Message 4 of 4
494 Views