Corporate Blog

Don’t register dot-ca domains, especially from OpenSRS

25 June 2026 06:55:52 +0000

It’s difficult to make recommendations like this, because it’s a recommendation against two very big and rich (although not respected) companies, but I’ve dealt with both for over thirty years, and I think that gives me some significant say in the matter. I made the same recommendation for dot-zm domains sometime ago, and I had very good reasons then, but once we were accepted into the very elite club of domain registrars, we rescinded our recommendation, and now we strongly recommend that you register your dot-zm domains through Preworx, the best and only sane registrar in Zambia.

I’ve had problems with CIRA since about 1 December 2000 (which you’ll recognise as the day they took over dot-ca from John Demco and UBC), and that includes saying one thing and doing another. Some of them are documented (Dot-ca domain registry changes, 12 October 2010), and some I’d have to piece together almost three decades later from documentation I still have on my machine, or can piece together from data I will eventually recover from my back-up provider.

My issue today was that I eventually gave up on waiting for them to reply to an email. I opened a support ticket in the new usual manner at OpenSRS/Tucows — NinerNet’s domain registrar — on 5 June 2026. On 10 June — only five days later — I received my one and only reply from them, asking for a PIN that I could view in my control panel. Sure, no problem, I’ll get that for you. I got it and sent it to them, expecting (after five days) that I’d get an immediate response on the fast-as-the-speed-of-light communication medium that email is, and we’d have my issue sorted out within five minutes. But … nothing. Here I am twenty days later (that’s almost three weeks), and nobody has checked to see if my PIN is correct.

So several days later, on 16 June, after warning OpenSRS/Tucows, that I would do so, I eventually opened another support ticket, this time with CIRA. I eventually, on 19 June (only three days later) received again my one and only reply, to ask for information that I had already given them in the contact form. I replied with that information, and the suggestion that if they ask for information on a contact form, it makes sense for them to use it. Crickets.

So after being kept in suspense by both OpenSRS/Tucows and CIRA for a combined total of 30 days, today I did that radical thing called picking up the phone. After listening to recorded BS for two full minutes, I eventually started talking to Gerard, who apparently has never heard of courtesy and went silent while he was doing stuff instead of being polite enough to say, “One moment, please, while I look up some information.” That very quickly lead to us getting our wires crossed, him talking over me, then me talking over him, then him sarcastically requesting that I let him finish, even though his solution to my problem was to contact the registrar, even though their ignoring me was the very reason I was contact the registry! Eventually he managed to get out that I just need to be patient (!) and wait for their email. So absolutely no solution from the registry, as I still haven’t heard from them the next day. I guess they’re blacklisted.

So in frustration, after that ten-minute phone call, I went back to my OpenSRS/Tucows control panel to try something. The records for two of my domains had, somehow, turned from “records” that stated the data associated with those domains and their status, into “drafts”. That was precisely why I had contacted OpenSRS/Tucows, to get them to explain to me why, and to turn them back into “records” I could work with. What I eventually noticed, is that when I have a “draft” open, the whole screen acts as a sort of modal window/dialogue, and besides the relatively obvious save/submit button(s) in the bottom, right hand corner, there is a “delete draft” link in the bottom, left hand corner! Actually, I did notice this before, but this lead me to contact OpenSRS/Tucows to ask my easily answerable question, because I was concerned that if I deleted my draft I might be deleting the domain too, which was definitely not what I wanted to do!

At my wits’ end now, I decided to throw caution to the wind and click the “delete draft” link. Right away I had the answer to my question: I was not deleting the domain, but just whatever work I had performed a few weeks ago. (I don’t even remember what it was; I don’t care any more.) So now I could do whatever I wanted with the domain, and I renewed it. And then I immediately noted the domain’s “auth code”, and I transferred it to a new registrar. And then I deleted the draft of a second domain, and immediately transferred it as well. There is just no reason for me to stay with OpenSRS/Tucows any more.

That leaves me with 21 domains in my account, which I will transfer out piecemeal over the next few months as they come up for renewal. The vast majority of my domains are elsewhere, but that registrar (RRPproxy) is on borrowed time too.

I did make one mistake; transferring one domain out so soon after I renewed it meant that, although I paid for a year’s renewal at my new registrar, I didn’t get that renewal. I should have known that, as I have encountered this little wrinkle in the domain process before, despite how infuriating it must be to be surprised by this for the first time. No big deal though; whatever it cost me to get away from OpenSRS/Tucows, it was worth it.

Tucows used to be not just a good company; they were an excellent company, and I say that about precious few companies these days. They got the domain business; that’s how they’re the fourth biggest domain registrar in the world. They used to be the third though (and I think the second before that), and with the way they’re going, they’ll be the 33rd next week and then the 133rd the week after that. Elliot Noss specifically got the domain business, but OpenSRS/Tucows seems to have been taken over for quite a few years by bean counters who don’t get the domain business. Before the bean counters came along, OpenSRS was a leader in our business. They held ICANN’s feet to the fire, and they were responsible for so much good in ICANN. And now they’re coasting. I used to be able to whip up a quick email to a particular email address (you know the one), go to bed, and know without fail that I’d have an answer, and maybe even a resolution, in the morning. But no more. They improved their support by requiring us to use a form, and they think that three weeks (and counting) is just fine to wait for them to get up off their fat asses to reply.

OpenSRS joked (when they still had a sense of humour) that the eighties called, and they wanted their control panel back. We’re now almost in the 2030s and the eighties still want their control panel back. That control panel I described earlier is still only half done, and I still have to use the eighties version to get some stuff done. It’s 2026 and it’s not a joke any more.

Elliot, your control panel is a joke.
Your support is a joke.
There are kids today who don’t even realise that you’re responsible for much of the good in ICANN.
I’ve lost patience with you.
I’m done.

As for CIRA, they’re not even worth wasting any ink over. If CIRA, who go on about being a “member-based” organisation as if it actually meant they cared about their members, went out of business today, nobody would notice, but if OpenSRS/Tucows went out of business today, everyone would notice.

Tags: cira, domain registration, domain renewals, domains, dot-ca domains, dot-zm domains, elliot noss, hosting transfer, icann, opensrs, preworx, reputation, rrpproxy, transparency, tucows
Categories: Interest
No Comments »

Invoicing in December

8 January 2026 09:14:55 +0000

I’m sorry.

We are late, yet again, with our December billing. I don’t usually let personal situations get in the way of running NinerNet, but it so happens that I had just moved house (four days previously) on billing day in December (due to the poor availability of moving companies and other constraints), and with all that was involved with moving (which included a rather traumatic change of ISP) I just couldn’t get everything done. I couldn’t even get everything done by the end of December. To make matters worse, I still haven’t completely recovered from an unexplained hard drive loss in June 2025. Sure, I have recovered the most crucial files and use them to invoice you, but there are thousands of files I have collected over the years which consolidate and record previous work and decisions, and not having them (yet!) at my fingertips significantly slows me down.

The invoices issued have a rather fanciful date of 25 December, with an equally fanciful due date of 15 January … just to keep the tax authorities happy. The fact of the matter is, please pay what you can when you can. If you can’t pay before a third-party service (like a domain or SSL certificate) expires, please let us know and we’ll renew those services before they expire.

My invoicing system has also become unwieldy (to say the least) in the last year, especially when it comes to issuing partial refunds, something that has been necessary this month. (See previous comment about having access to past actions.) We’ll see how January goes, but I expect it to go much more smoothly.

Thank-you for your everlasting patience. I have a few days to carry on working on my move (take my underwear out of suitcases), and then it will be time to create January’s invoices.

Tags: accounts receivable, billing, invoices, paying your bill, paying your invoice
Categories: Notices
Comments Off

WHOIS contact form blocked

1 January 2026 03:50:32 +0000

For some time now the main registrar we use has been masking domain ownership in the WHOIS and providing a default email address for all registrants on the domain-contact.org domain. They provide a contact form on that domain as well. However, spammers have been using that form to spam because, apparently, Centralnic doesn’t care to protect registrants from spam and therefore protect it from automated submissions.

So we are adding domain-contact.org to the spam filter. This will send all email from that domain to the quarantine.

If, for some bizarre reason, you count on contact from that form — which, in thirty years, we think nobody ever does or has — please contact us to advise us, or know that you need to check your quarantine on a regular basis.

Tags: contact information, domains, email, spam, whois, whois privacy
Categories: Notices
Comments Off

Some people can’t even run nameservers, Weebly for example

28 December 2025 20:17:13 +0000

One of our clients decided to host their website on Weebly. Our experience has been to let people follow the instructions on the websites of people like Weebly, Wix, WordPress.com, etc., to use their nameservers under a number of understandings:

Such web-building websites claim that they need the ability to change the IP address of the user’s website at short and/or unannounced notice, and giving them control of the nameservers allows them to do this to minimise downtime, and
They give the client control over their nameservers under a control panel, so that the clients can add and manage nameserver records at will.

Unfortunately, as of this month (December 2025), Weebly’s nameserver controls were not working. Nameservers are used for a number of routine and esoteric purposes; you can, for example, create a TXT record that says, “Hello world!”, which does nothing but say hello! 🙂 One of the suppliers of a few of our clients actually does this on one of their domains, if you can believe that:

user@machine:~$ dig +short txt resrequest.co.za
“Hello world!”
user@machine:~$

They don’t even create a TXT record that does anything useful, like direct users to the TXT record of resrequest.COM for useful information about a secondary domain that they use in certain circumstances.

Anyway, one of the more routine reasons to create any kind of record is to show certain information to other users (which include people and machines) for the purposes of authentication, which is why some organisations have you create TXT records like “google-site-verification=y0se7y0r7ygncCNYW0RE09T078989c90nmt89cnsygf”. But if you have no control over your DNS — which was the case with our client — you can’t create such a record, and so you can’t authenticate yourself with Google. In our case the client couldn’t create two CNAME records which are required by the email system to authenticate your domain. The Weebly control panel seems to provide this functionality, but it doesn’t work; the records you create do not exist in the DNS, and they don’t even appear in the control panel. Since the domain was created through the Weebly system, access to configure the domain wasn’t available through the registrar, so we had to transfer it immediately to take control so that we could create the necessary CNAMEs. Now the domain does not use Weebly’s nameservers, which means that their website could be down one day if Weebly chooses to change its IP address, but their email was down for a week or two because they couldn’t create the two necessary CNAMEs.

So it depends what’s more important to you: your website or your email. Weebly has demonstrated their incompetence not only by having a control panel that doesn’t work, but by their support personnel giving our client an absolutely BS excuse that reminded me of another client being told years go that something he was trying to do wouldn’t work because “the Internet was down”! The Internet was down! The whole Internet! My god. In this case the client was told that something completely unrelated (the DNS) was broken because someone sent a plain-text email. I can’t even connect the dots on that one because the dots are all over the place; there is no way that sending a plain-text (or even HTML-formatted email) can affect the DNS, as the two systems are not connected, related or affected by the information in one system affecting the other. Maybe the information was relayed to me incorrectly, but to me this sounds exactly like someone trying to baffle the client with BS.

So, in the future, we will advise clients using Weebly not to use their nameservers, but to use ours, where they have working control over the DNS for their domain.

Tags: authentication, dns, domain name system, domain registration, domain sales, domains, down time, downtime, email, hosting transfer, nameservers, registrar transfers, weebly, wix, wordpress, wordpress.com
Categories: Warnings
Comments Off

Christmas and New Year hours for NinerNet

19 December 2025 06:28:26 +0000

It’s that time of year again. We would like to thank you for your patronage and support again this year. Without you we would not have a reason to exist. Thank-you again for supporting us this year.

Our offices will be closed as usual starting on Saturday, 20 December 2025 and will re-open again at 08:00 on Monday, 5 January 2026. All routine support requests will be dealt with at that time, although we monitor our servers 24/7/365 every day during the holidays.

We wish all of you, your employees, colleagues, families and friends all the best. We thank you for your ongoing patronage, and we look forward to talking to each of you in the New Year.

Tags: service hours, support
Categories: Announcements
Comments Off

We have, once again, blocked all email from a Centralnic domain sold as a ccTLD

19 December 2025 06:25:00 +0000

Previously we blocked sa.com and za.com, but we are now blocking us.com as well. This means that any email from @spammer.us.com will be blocked. We were inundated with spam from us.com sub-domains recently, and we won’t put up with it any more.

Sorry, not sorry.

Tags: centralnic, domains, email, scam, scams, spam
Categories: Announcements
Comments Off

Beware believable phishing scam with NinerNet’s name on it

19 December 2025 06:06:28 +0000

We just received a convincing phishing scam spam, which we’ve screenshotted here. (Click for a closer look.) You’ll note that we’ve become so famous that our name is even mentioned, although with the wrong capitalisation, of course. And, of course, there’s the usual copyright warning; we do not copyright server messages and any messages we send to you! What would be the point?!

Phishing scam email, 2025-12-18.

Phishing scam website, 2025-12-18.

Please note the following:

The “from” address is not on the niner.net domain,
The message was sent to an automated server address, and
The link in the spam is to a site that includes “nc036.ninernet.net” in the URL, but this is not in the server part of the URL, it’s in the file name.

As we’ve said before, please treat every email you receive as spam or a scam — especially over the Christmas season — unless and until you can verify otherwise. (Don’t do the opposite, assume every message is real!) As far as legitimate mass messages from NinerNet are concerned, we post them here on our blog and usually (if not always) include a link in the email to our blog post. It’s that simple. If you’re not sure, simply ask us!

Tags: phishing, scam, scams, spam
Categories: Warnings
Comments Off

Email auto-forwarding: DON’T DO IT!

23 November 2025 12:14:16 +0000

Email is a tough business. Some of our biggest competitors have got out of it. We’re rapidly heading for a time when there will only be one, two, maybe three email providers in this world. I don’t tell you this in the wee hours of a Sunday morning to get your sympathy or to announce a price increase as of Monday morning. One of the more difficult parts of email is the part that many people find the easiest: Forwarding.

Why is it difficult?

As we stated recently, during a certain time frame recently 80% of the mail received by our mail server was spam. 80%! And that was only the messages that were caught by our spam filter! Imagine if 80% of your email was spam. Well, it probably was during that time frame; if it wasn’t, other people were probably above average, meaning that more than 80% of their email was spam. If you we’re getting less than 80%, you are probably following some of the tips we provided in our “Why do I get so much spam?” post last year.

Forwarding has been a major concern of ours for years, and we have advocated against it for almost as long. It’s not just us; our relay provider (SMTP2GO) forbids it in their Terms of Service. This means that if you are “auto-forwarding” your email, you are helping us break the Terms of Service of our agreement with one of our critical suppliers, which will mean that one day none of your email will go out. This is what we have been warning about for years.

What is “auto-forwarding”?

“Auto-forwarding”, a term that was new to me five years ago even though the practice was not, is when you configure your email account to forward all (or almost all) of your email to a third domain, usually a free webmail provider. It might only be “almost all” if you have a filter in place to forward only certain messages, but in all case you are automatically forwarding your email, 24/7, without taking a moment to determine whether or not the message is spam. And if 80% of your messages are spam, then 80% of what you forward is also spam, and you (and we) look like the sender of that spam to the other mail server.

This is not good.

Some of you might have noticed that you’re receiving a lot less email lately. That’s because you have auto-forwarding in place. SMTP2GO will not forward email that is from a sender not authorised/verified in their system. And since spammers/phishers aren’t one of their verified senders, their messages bounce. This is good, right? So why are you writing a long blog post that tells us we’re getting less spam now?

Ah, there’s the rub. Neither are some (most) of your business and personal contacts in their list of verified senders, so their messages bounce too. Now the news is not so good.

The solution

So what’s the solution? Stop forwarding your email! No, seriously, it’s just that simple. There are other ways to achieve what you want to achieve. I’m not going to start listing them all and telling you how to achieve what you believe you are achieving, but if you’re not sure, just ask!

At the risk of signing off in a predictable manner that has become familiar to anyone watching the news these days, “Thank-you for your attention to this matter.” No seriously, thank you. If you’re auto-forwarding your email, we need you to stop doing it for your own benefit, as we’ve been saying for years.

Tags: auto-forwarding, email, email forwarding, forwarding, spam
Categories: Notices, Warnings
Comments Off

Using the mail server control panel to manage your email

28 July 2025 02:21:47 +0000

Back when NinerNet started in this business in 1996, we had to do everything for our clients, and I do mean everything. I’m not going to list “everything” because you’ll stop reading, but one example is creating an email account. This was because control panels hadn’t been invented yet.

Now we have control panels, but because it seems that email “just works”, people don’t take the time to look at their control panels to determine why things “just work”. Let’s leave aside the mail service providers that “just don’t work”, as illustrated in our last post.

One thing that isn’t quite 100% automated yet, because humans are still needed, is reading the minds of email senders. Incoming spam is pretty close to 100% automated thanks to programs like SpamAssassin and blacklists. Handling incoming email is close to 100% automated because the onus is on the senders to do something to ensure that their messages are not seen as spam. It’s not a big secret that, for example, this subject indicates that the message it contains is probably spam: “GET RISH QUICK!!! MILIONS WHILE YOU SLEEP!!!!!” So guess what? You don’t receive messages with that subject because they’re caught and deleted by spam filters. (Yes, those spelling mistakes are intentional.) If you use a bulk mail service provider to send mass emails to your clients, as you should if you do send them, they try to educate you on what markers will trigger spam filters, and they also usually provide some sort of testing platform that will analyse your message to determine whether or not it might be caught by a spam filter.

But two things blow me away:

When clients send emails to themselves, and
When those emails are marked as spam so they never arrive.

Now, it does occur to me that maybe their using our system to test their email to see if it will be considered spam. But really, the examples we’ve seen are definitely not that! Most of the time they’re sending themselves a file that is attached. Why?! They obviously already have the file, so why are they sending it to themselves?!

The problem is that we don’t know if the client knows why they didn’t receive the message they sent themselves. Have they assumed that NinerNet “lost” it? I sure hope not, because we know exactly where it is and why it wasn’t delivered. And if the client logs into their control panel and looks at their “quarantined” messages, they’ll know as well!

Here’s an example of a message that a client has been sending themselves continually for about a week now:

Self-spam.

Here’s the plain-text view:

Content type: Spam
Internal reference code for the message is 01478-17/tLRgpsMsQL9j

First upstream SMTP client IP address: [160.242.61.xxx]:37436

Received trace: ESMTPSA://[160.242.61.xxx]:37436

Return-Path: <xxxx@xxxxxxhydraulics.com>
From: wade <xxxx@xxxxxxhydraulics.com>
The message has been quarantined as: tLRgpsMsQL9j

The message WAS NOT relayed to:
<xxxx@xxxxxxhydraulics.com>:
250 2.7.0 ok, discarded, id=01478-17 - spam

Spam scanner report:
Spam detection software, running on the system "nc036.ninernet.net",
has identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: [...]

Content analysis details: (4.3 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000]
0.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
1.7 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
0.8 MPART_ALT_DIFF BODY: HTML and text parts are different
0.5 MISSING_MID Missing Message-Id: header
1.8 MISSING_SUBJECT Missing Subject: header
2.3 EMPTY_MESSAGE Message appears to have no textual parts
0.0 TO_NO_BRKTS_HTML_IMG To: lacks brackets and HTML and one image

Let’s analyse each of these points on which the email message was scored for spam. Let me say first of all that negative scores are good, so we won’t waste our time with those. I’m also going to focus on only the scores above 1:

1.7 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
* If your message is just an image it probably won’t get through. You need to add text so that the spam filter believes you’re explaining/describing the image.

1.8 MISSING_SUBJECT Missing Subject: header
* Use a freaking subject! If you’re really just sending a message to yourself, mash some keys in the subject line! It doesn’t matter what they are.

2.3 EMPTY_MESSAGE Message appears to have no textual parts
* Again, if only you yourself are going to see the message, mash some random keys in the body of your message.

Messages with a spam score over 3.5 are considered spam, and this message consistently receives the above score of 4.3. If this person would just do one of the things above — mash some keys in either the subject or body (or both!) — he/she would get his or her message. And yet, I get a copy of this spam report every time he/she tries. It’s frustrating, for me and (I assume) for the sender that never receives a copy of their message!

Of course, in line with the subject of this post, the sender can also log into the control panel, navigate to their quarantine, mark the message they sent to themself and “release” it.

Tags: email, spam
Categories: Interest
Comments Off

Continual problems with South African ISPs and mail service providers (Afrihost and Xneelo)

27 July 2025 23:36:22 +0000

I’ve just spent about seven hours writing a long, detailed and evidence-based reply to a client who just receives nothing but BS, delay tactics and obfuscation from a South African mail service provider named Afrihost. (Please see here for the details of the never-ending Xneelo debacle, which is similar.) I am posting this here so that I can at least get some mileage out of this waste of seven hours of my life, on a Sunday.

Names and addresses have been changed or redacted to protect the guilty.

Hi Bob,

Thanks for your email. You only sent one side of a supposed email
exchange with Afrihost; there was no "back-and-forth" so I see no
evidence, namely domains (besides your own domains, which are only one
side of the equation, and hotmail.com), IP addresses, dates, times and
(most importantly) bounce messages. In particular I see no evidence --
no *proof* -- on Afrihost's side that what they are saying is true.
Anybody can say and claim anything they want, but it's pointless if
they don't back it up with evidence.

Unlike in politics, everything I have said in the past about email and
everything I will say in the future (including below) is technical and
backed up by hard evidence. Lying to paying clients is a complete waste
of time and will not end well, but it seems that the support
departments of bigger companies like Afrihost are schooled in BS and
delay tactics, rather than providing actual support or admitting fault
and actually fixing their broken systems.

This email is long (I won't apologise) because email is complicated and
this message is based on the work that Afrihost won't do to address
your one puny complaint because they have a lots of other complaining
customers to BS with their lies. The hours (about six so far today just
to answer your email full of Afrihost lies) of work *I* have to do to
give you a full and honest answer and explanation is something that
doesn't increase their share price, so they won't do it. But my efforts
seem to be worthless because everyone seems to believe BS these days
rather than concrete proof.

Here is my actual evidence / hard proof:

* https://multirbl.valli.org/lookup/ucebox.co.za.html
* This is a domain-based list of mail servers that are in blacklists,
and this is a search based on ucebox.co.za, which shows their domain in
one blacklist.

* https://multirbl.valli.org/lookup/smtp.ucebox.co.za.html
* This is the same as above, but with the alleged name of their sending
(SMTP) server (definitions below) provided in the Afrihost message
below, and the results show that their SMTP server is in the same
blacklist.

* https://multirbl.valli.org/lookup/197.242.159.57.html
* The sub-domain smtp.ucebox.co.za resolves to twelve different IP
addresses. This is a search for one of those IP addresses, and that IP
address is in five blacklists!

* https://multirbl.valli.org/lookup/41.76.215.28.html
* Like the search above, this is a search for another of their twelve
IP addresses -- both this one and the one above are random choices because
I'm not repeating the search twelve times when the results for *two* of
them are bad enough. This IP address is in six blacklists!

A quick glance shows that the blacklists all seem to be the same (which
is not surprising), so they are not in a total of 13 blacklists, just
the greatest number of 6. In comparison, NinerNet's mail server is in
three:

https://multirbl.valli.org/lookup/178.62.195.26.html

The point is not to compare numbers and say that our number is smaller
and so we're better; the point is to say that we're aware of the
problem, and the information we have provided on our blogs (
https://blog.niner.net/tag/email and https://status.niner.net/tag/mail
) goes towards explaining certain things.

In there we explain our presence in two of the blacklists (Ascams and
UCEPROTECT), which cover every single one of the IP addresses owned by
our data centre; it is *not* because our mail server has done anything
to be in that blacklist. The only full remedy to that problem is for us
to move our mail server to another data centre with another company,
which is not something that we can do on a whim and without
considerable forethought and planning, but which we *will* be doing on
the next move. What we do to overcome this problem is to redirect all
email to certain domains through our secondary SMTP server; problem
solved. It's impossible for us to know in advance what those
destination domains are, but as soon as one is reported by one of our
clients we direct all future messages to that domain through our
secondary SMTP server. Problem *immediately* and *fully* solved. (By
the way, hotmail.com is one of those domains, which is why you'll
receive this via our secondary outbound/SMTP mail server.)

The third blacklist (Polspam) is a Polish blacklist. It's a bit more
complicated to determine why we're on that list, but my *educated* (I
emphasise) guess is that we're on it for the exact same reason we're on
the other two blacklists, because all of our data centre's IP addresses
are blacklisted.

Have you asked Afrihost why they are on at least six blacklists and
what they're doing about it? I believe the answer to that question is
"no", and even if you asked you will *not* get an answer, or you will
be told in relatively polite terms that you don't know anything about
email and that they are perfect and NinerNet is the problem ... the
aforementioned BS. This is similar to the issue with another South
African ISP, which we have documented exhaustively at:

status.niner.net/2024/01/19/email-messages-from-xneelo-formerly-hetzner-south-africa-senders-blocked

We don't get into these arguments with non-South African ISPs and mail
service providers, so I'm forced to come to the conclusion that South
African's don't give a damn.

Definitions:

* Blacklist (also "blocklist" for those that want to be politically
correct): A list of servers -- usually based on their IP addresses, not
domains -- that have sent spam or malware in the recent past. The full
definition is broader than that (as I've partially explained above) but
if you want a longer explanation than this already long email I suggest
you use an Internet search engine I refer to below. Blacklists exist to
remove servers from the email system that have shown problematic
behaviour in the *recent* past so that legitimate receiving mail
servers -- such as NinerNet's -- don't have to process "junk" email,
and legitimate email receivers -- such as you -- don't have to read and
process junk email.

* BS: This is about as profane as I will get in communications with a
client, although in situations like this it's getting more and more
difficult not to turn the air blue. It's an adjective, a noun, a verb
and probably various other parts of speech. If you're unclear on the
meaning, that's what Internet search engines are for.

* SMTP: Simple Mail Transfer Protocol. This protocol is how mail
servers communicate with one another, and the term "SMTP" is also used
as an adjective.

* Various other colour lists: They exist, but neither Afrihost's
domains nor IP addresses are in any, so I won't get into what they are
and are not.

I took a look at [YOUR WEBSITE]. I note that
(assuming that's you) you're involved in "Compliance & Business
Solutions", and that, "[You] believe that great businesses are built on
strong systems, clear strategy, and full compliance." Email is all
about "compliance" with "standards" which, as benign as that word
sounds, are actually the non-negotiable "rules" that have to be
followed to get an email message from point A to point B. Afrihost have
made all sorts of claims in the email you forwarded to me, but they
have not told you how you can check on those claims. On the other hand,
NinerNet has shown you all the third-party evidence that backs up the
claims I've made.

I will address some of the things they have said:

* "We’ve confirmed that the messages from [YOUR EXTERNALLY HOSTED EMAIL
ADDRESS] are successfully sent and accepted by the outbound mail relay
(smtp.ucebox.co.za) with a 250 OK response, indicating successful handoff.":

* While I'm willing to accept that someone has made a mistake in their
rush to get to the next complaint from one of their customers and I
don't want to be pedantic, an "outbound mail relay" does not "accept"
email messages (as far as this issue is concerned), it offers/sends
them. The "250 OK response" is what they see in the logs on their mail
server, but since they didn't actually provide the specific lines of
the logs (with dates and times) NinerNet has absolutely no way of
correlating their claims against the corresponding lines in the logs of
our mail server. This is how auditing works, as you would very well
know from the list of qualifications on your website.

* "Additionally, the same emails are being successfully delivered to
[HOTMAIL ADDRESS], which confirms there’s no issue on our end
with sending or authentication (SPF, DKIM, and DMARC all pass":

* Again, NinerNet is not Hotmail and doesn't know how Hotmail servers
work. It does *not* confirm *anything* other than the fact that Hotmail
and NinerNet handle email from blacklisted IP addresses differently. And
they didn't tell you how to confirm that their claims that their "SPF,
DKIM, and DMARC" all pass. I took a quick look at some of their public
DNS records -- did I mention how many hours I've already spent on this
reply? -- and at least one of them are broken. It's not a significant
one, but if they can't get one of them right how and why should I or
you assume that they got the rest of them right?!

* "You may check if there is [sic] any server-side filters or rules
that might be rejecting, flagging, or silently discarding these
messages. if not, you may whitelist the domain at the [YOUR DOMAIN]
side and check again.":

* This is a good idea. I have checked whatever blacklists you might
have in place through the control panel on the mail server and you
don't seem to be blocking anything relevant, but you will have to log
into the webmail to see if there are any filters in place there that
could be causing a problem. I have looked for ucebox.co.za and the IP
addresses that smtp.ucebox.co.za uses in our server-wide blacklists,
and they are not there. That means that if email from their servers to
our server are bouncing -- that hasn't explicitly been stated -- then
they're bouncing because of the blacklists their servers are in. This
means that the blacklists are working as intended and as advertised,
which I consider to be a good thing.

While in the control panel I had a look at the logs of email you've
received at [YOUR DOMAIN], and I note four recent email messages
successfully received from [YOUR EXTERNALLY HOSTED EMAIL ADDRESS]:

* RE: Bank confirmation letter, Lease agreement and Invoices.
* 2025-07-26 11:44:09 CAT

* TEST
* 2025-07-27 12:23:03 CAT

* Last Test
* 2025-07-27 12:23:15 CAT

* test new
* 2025-07-27 17:08:37 CAT

Those were all successfully received, which makes me wonder why I have
spent six hours writing this email. For that reason I will end this
message here and claim, like Afrihost, that there is no problem.

Craig

On Sun, 2025-07-27 at 15:07 +0000, [NINERNET CLIENT] wrote:
> Hi Craig,
>
> Trust you are well? Please see below emails and my back-and-forth
> exchange with Afrihost. None of my emails from my [EXTERNALLY HOSTED DOMAIN]
> domain is being received by our [NINERNET-HOSTED DOMAIN]. are you able to check
> into it please?
>
> Thanks and Regards,
>
> [NINERNET CLIENT]
> [PHONE NUMBER]
>
>
>
> From: Afrihost <hosting@afrihost.com>
> Sent: 27 July 2025 16:59
> To: [NINERNET AND AFRIHOST CLIENT]
> Subject: [#PXQ-982-73116]: blocked emails
>
> Hello there.
>
> Following up on the issue regarding non-delivery of emails to
> [NINERNET CLIENT]:
>
> We’ve confirmed that the messages from [AFRIHOST-HOSTED EMAIL ADDRESS]
> are successfully sent and accepted by the outbound mail relay
> (smtp.ucebox.co.za) with a 250 OK response, indicating successful
> handoff.
>
> Additionally, the same emails are being successfully delivered to
> [CLIENT'S HOTMAIL ADDRESS], which confirms there’s no issue on our end
> with sending or authentication (SPF, DKIM, and DMARC all pass
>
> You may check if there is any server-side filters or rules that might
> be rejecting, flagging, or silently discarding these messages. if not
> , you may whitelist the domain at the [CLIENT'S DOMAIN] side and check
> again.
>
> Regards,
> Sreehari RS
> Check out some of our hosting tutorials by going to the following
> link:
> https://answers.afrihost.com/video-hosting

--
NinerNet Communications | Craig Hartnett
* https://www.niner.net | [EMAIL ADDRESS]
Phone: +1 604 630 1772 | +260 96 209 8871 | 1 855 NINERNET

We do not have these discussions with our clients about ISPs and mail service providers in Europe, North America, South America, Asia or Oceania. Incompetence seems to be concentrated in South Africa.

Tags: afrihost, email, reputation, xneelo
Categories: Warnings
2 Comments »