550 Empty envelope senders not allowed

The refusal by an ISP to accept a bounce message (one with an empty envelope sender) is increasingly rare these days, but occasionally we do see it.

This is always a bad idea:

H=mx01.csx1.net [38.103.192.105] … SMTP error from remote mail server after pipelined DATA: 550 Empty envelope senders not allowed

The sender of the message (their client remember) will never find out that the email has not been delivered. In this case the mail was being forwarded, so it's impossible for us to do any better than accept the mail and then test the recipient address by trying a delivery. We had to delete the bounce message — there was nowhere to send it.

This is NOT How You Use a Spamhaus Blocklist

TFL are rejecting authenticated mail relayed through our servers due to one of the SMTP Received: headers containing an IP address listed at Spamhaus.

In this case, it's the mistaken & inadvertent use of the Spamhaus PBL where the error lies. A majority of e-mail sent from a home broadband connection will contain an IP listed in the PBL. TFL (or is it Capita?) are wrongly using the Spamhaus ZEN blocklist which is an aggregate of all the lists maintained by Spamhaus. This includes the PBL.

Here's the rejection message:

  REDACTED@tflcc.co.uk
    host smtp.tflcc.co.uk [80.82.130.162]
    SMTP error from remote mail server after end of data:
    550 5.7.1 92.40.249.10 listed at zen.spamhaus.org
The IP address TFL take an exception to is [92.40.249.10] which is indeed listed in the PBL. The crucial thing is that this IP has not connected to TFL's servers at all. Instead it has been plucked from the trace headers included in the message.

POP3 SSL Access in Beta Test

  • Posted on
  • by

All our POP3 servers now support access via encrypted connections for e‐mail retrieval.

Your secure connection can use port 995 for SSL access or stick with port 110 and enable STARTTLS.

You will need to accept the SSL certificate presented in order to proceed with your first e‐mail check. Use the "Accept all certificates" option where available.

Remember - No Mail from Dynamic IP Addresses

E‐mail from dynamic IP addresses has long been refused by the wise postmaster, including ourselves. The reason is that both whitelisting & blacklisting are ineffective in this case — two tools that are essential for the world's mail administrators.

Remember also that cloud services use dynamically allocated IP addresses in many cases and are thus also unsuitable for relaying mail for the same reasons given above. Currently we do not block such computing services from sending mail to our servers; they are regarded with additional suspicion by our filters however.