NinerNet Communications™
Blog

Corporate Blog

Using the mail server control panel to manage your email

28 July 2025 02:21:47 +0000

Back when NinerNet started in this business in 1996, we had to do everything for our clients, and I do mean everything. I’m not going to list “everything” because you’ll stop reading, but one example is creating an email account. This was because control panels hadn’t been invented yet.

Now we have control panels, but because it seems that email “just works”, people don’t take the time to look at their control panels to determine why things “just work”. Let’s leave aside the mail service providers that “just don’t work”, as illustrated in our last post.

One thing that isn’t quite 100% automated yet, because humans are still needed, is reading the minds of email senders. Incoming spam is pretty close to 100% automated thanks to programs like SpamAssassin and blacklists. Handling incoming email is close to 100% automated because the onus is on the senders to do something to ensure that their messages are not seen as spam. It’s not a big secret that, for example, this subject indicates that the message it contains is probably spam: “GET RISH QUICK!!! MILIONS WHILE YOU SLEEP!!!!!” So guess what? You don’t receive messages with that subject because they’re caught and deleted by spam filters. (Yes, those spelling mistakes are intentional.) If you use a bulk mail service provider to send mass emails to your clients, as you should if you do send them, they try to educate you on what markers will trigger spam filters, and they also usually provide some sort of testing platform that will analyse your message to determine whether or not it might be caught by a spam filter.

But two things blow me away:

  • When clients send emails to themselves, and
  • When those emails are marked as spam so they never arrive.

Now, it does occur to me that maybe their using our system to test their email to see if it will be considered spam. But really, the examples we’ve seen are definitely not that! Most of the time they’re sending themselves a file that is attached. Why?! They obviously already have the file, so why are they sending it to themselves?!

The problem is that we don’t know if the client knows why they didn’t receive the message they sent themselves. Have they assumed that NinerNet “lost” it? I sure hope not, because we know exactly where it is and why it wasn’t delivered. And if the client logs into their control panel and looks at their “quarantined” messages, they’ll know as well!

Here’s an example of a message that a client has been sending themselves continually for about a week now:

Self-spam.

Self-spam.

Here’s the plain-text view:

Content type: Spam
Internal reference code for the message is 01478-17/tLRgpsMsQL9j

First upstream SMTP client IP address: [160.242.61.xxx]:37436

Received trace: ESMTPSA://[160.242.61.xxx]:37436

Return-Path: <xxxx@xxxxxxhydraulics.com>
From: wade <xxxx@xxxxxxhydraulics.com>
The message has been quarantined as: tLRgpsMsQL9j

The message WAS NOT relayed to:
<xxxx@xxxxxxhydraulics.com>:
250 2.7.0 ok, discarded, id=01478-17 - spam

Spam scanner report:
Spam detection software, running on the system "nc036.ninernet.net",
has identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: [...]

Content analysis details: (4.3 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000]
0.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
1.7 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
0.8 MPART_ALT_DIFF BODY: HTML and text parts are different
0.5 MISSING_MID Missing Message-Id: header
1.8 MISSING_SUBJECT Missing Subject: header
2.3 EMPTY_MESSAGE Message appears to have no textual parts
0.0 TO_NO_BRKTS_HTML_IMG To: lacks brackets and HTML and one image

Let’s analyse each of these points on which the email message was scored for spam. Let me say first of all that negative scores are good, so we won’t waste our time with those. I’m also going to focus on only the scores above 1:

1.7 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
* If your message is just an image it probably won’t get through. You need to add text so that the spam filter believes you’re explaining/describing the image.

1.8 MISSING_SUBJECT Missing Subject: header
* Use a freaking subject! If you’re really just sending a message to yourself, mash some keys in the subject line! It doesn’t matter what they are.

2.3 EMPTY_MESSAGE Message appears to have no textual parts
* Again, if only you yourself are going to see the message, mash some random keys in the body of your message.

Messages with a spam score over 3.5 are considered spam, and this message consistently receives the above score of 4.3. If this person would just do one of the things above — mash some keys in either the subject or body (or both!) — he/she would get his or her message. And yet, I get a copy of this spam report every time he/she tries. It’s frustrating, for me and (I assume) for the sender that never receives a copy of their message!

Of course, in line with the subject of this post, the sender can also log into the control panel, navigate to their quarantine, mark the message they sent to themself and “release” it.

Continual problems with South African ISPs and mail service providers (Afrihost and Xneelo)

27 July 2025 23:36:22 +0000

I’ve just spent about seven hours writing a long, detailed and evidence-based reply to a client who just receives nothing but BS, delay tactics and obfuscation from a South African mail service provider named Afrihost. (Please see here for the details of the never-ending Xneelo debacle, which is similar.) I am posting this here so that I can at least get some mileage out of this waste of seven hours of my life, on a Sunday.

Names and addresses have been changed or redacted to protect the guilty.

Hi Bob,

Thanks for your email. You only sent one side of a supposed email
exchange with Afrihost; there was no "back-and-forth" so I see no
evidence, namely domains (besides your own domains, which are only one
side of the equation, and hotmail.com), IP addresses, dates, times and
(most importantly) bounce messages. In particular I see no evidence --
no *proof* -- on Afrihost's side that what they are saying is true.
Anybody can say and claim anything they want, but it's pointless if
they don't back it up with evidence.

Unlike in politics, everything I have said in the past about email and
everything I will say in the future (including below) is technical and
backed up by hard evidence. Lying to paying clients is a complete waste
of time and will not end well, but it seems that the support
departments of bigger companies like Afrihost are schooled in BS and
delay tactics, rather than providing actual support or admitting fault
and actually fixing their broken systems.

This email is long (I won't apologise) because email is complicated and
this message is based on the work that Afrihost won't do to address
your one puny complaint because they have a lots of other complaining
customers to BS with their lies. The hours (about six so far today just
to answer your email full of Afrihost lies) of work *I* have to do to
give you a full and honest answer and explanation is something that
doesn't increase their share price, so they won't do it. But my efforts
seem to be worthless because everyone seems to believe BS these days
rather than concrete proof.

Here is my actual evidence / hard proof:

* https://multirbl.valli.org/lookup/ucebox.co.za.html
* This is a domain-based list of mail servers that are in blacklists,
and this is a search based on ucebox.co.za, which shows their domain in
one blacklist.

* https://multirbl.valli.org/lookup/smtp.ucebox.co.za.html
* This is the same as above, but with the alleged name of their sending
(SMTP) server (definitions below) provided in the Afrihost message
below, and the results show that their SMTP server is in the same
blacklist.

* https://multirbl.valli.org/lookup/197.242.159.57.html
* The sub-domain smtp.ucebox.co.za resolves to twelve different IP
addresses. This is a search for one of those IP addresses, and that IP
address is in five blacklists!

* https://multirbl.valli.org/lookup/41.76.215.28.html
* Like the search above, this is a search for another of their twelve
IP addresses -- both this one and the one above are random choices because
I'm not repeating the search twelve times when the results for *two* of
them are bad enough. This IP address is in six blacklists!

A quick glance shows that the blacklists all seem to be the same (which
is not surprising), so they are not in a total of 13 blacklists, just
the greatest number of 6. In comparison, NinerNet's mail server is in
three:

https://multirbl.valli.org/lookup/178.62.195.26.html

The point is not to compare numbers and say that our number is smaller
and so we're better; the point is to say that we're aware of the
problem, and the information we have provided on our blogs (
https://blog.niner.net/tag/email and https://status.niner.net/tag/mail
) goes towards explaining certain things.

In there we explain our presence in two of the blacklists (Ascams and
UCEPROTECT), which cover every single one of the IP addresses owned by
our data centre; it is *not* because our mail server has done anything
to be in that blacklist. The only full remedy to that problem is for us
to move our mail server to another data centre with another company,
which is not something that we can do on a whim and without
considerable forethought and planning, but which we *will* be doing on
the next move. What we do to overcome this problem is to redirect all
email to certain domains through our secondary SMTP server; problem
solved. It's impossible for us to know in advance what those
destination domains are, but as soon as one is reported by one of our
clients we direct all future messages to that domain through our
secondary SMTP server. Problem *immediately* and *fully* solved. (By
the way, hotmail.com is one of those domains, which is why you'll
receive this via our secondary outbound/SMTP mail server.)

The third blacklist (Polspam) is a Polish blacklist. It's a bit more
complicated to determine why we're on that list, but my *educated* (I
emphasise) guess is that we're on it for the exact same reason we're on
the other two blacklists, because all of our data centre's IP addresses
are blacklisted.

Have you asked Afrihost why they are on at least six blacklists and
what they're doing about it? I believe the answer to that question is
"no", and even if you asked you will *not* get an answer, or you will
be told in relatively polite terms that you don't know anything about
email and that they are perfect and NinerNet is the problem ... the
aforementioned BS. This is similar to the issue with another South
African ISP, which we have documented exhaustively at:

status.niner.net/2024/01/19/email-messages-from-xneelo-formerly-hetzner-south-africa-senders-blocked

We don't get into these arguments with non-South African ISPs and mail
service providers, so I'm forced to come to the conclusion that South
African's don't give a damn.

Definitions:

* Blacklist (also "blocklist" for those that want to be politically
correct): A list of servers -- usually based on their IP addresses, not
domains -- that have sent spam or malware in the recent past. The full
definition is broader than that (as I've partially explained above) but
if you want a longer explanation than this already long email I suggest
you use an Internet search engine I refer to below. Blacklists exist to
remove servers from the email system that have shown problematic
behaviour in the *recent* past so that legitimate receiving mail
servers -- such as NinerNet's -- don't have to process "junk" email,
and legitimate email receivers -- such as you -- don't have to read and
process junk email.

* BS: This is about as profane as I will get in communications with a
client, although in situations like this it's getting more and more
difficult not to turn the air blue. It's an adjective, a noun, a verb
and probably various other parts of speech. If you're unclear on the
meaning, that's what Internet search engines are for.

* SMTP: Simple Mail Transfer Protocol. This protocol is how mail
servers communicate with one another, and the term "SMTP" is also used
as an adjective.

* Various other colour lists: They exist, but neither Afrihost's
domains nor IP addresses are in any, so I won't get into what they are
and are not.

I took a look at [YOUR WEBSITE]. I note that
(assuming that's you) you're involved in "Compliance & Business
Solutions", and that, "[You] believe that great businesses are built on
strong systems, clear strategy, and full compliance." Email is all
about "compliance" with "standards" which, as benign as that word
sounds, are actually the non-negotiable "rules" that have to be
followed to get an email message from point A to point B. Afrihost have
made all sorts of claims in the email you forwarded to me, but they
have not told you how you can check on those claims. On the other hand,
NinerNet has shown you all the third-party evidence that backs up the
claims I've made.

I will address some of the things they have said:

* "We’ve confirmed that the messages from [YOUR EXTERNALLY HOSTED EMAIL
ADDRESS] are successfully sent and accepted by the outbound mail relay
(smtp.ucebox.co.za) with a 250 OK response, indicating successful handoff.":

* While I'm willing to accept that someone has made a mistake in their
rush to get to the next complaint from one of their customers and I
don't want to be pedantic, an "outbound mail relay" does not "accept"
email messages (as far as this issue is concerned), it offers/sends
them. The "250 OK response" is what they see in the logs on their mail
server, but since they didn't actually provide the specific lines of
the logs (with dates and times) NinerNet has absolutely no way of
correlating their claims against the corresponding lines in the logs of
our mail server. This is how auditing works, as you would very well
know from the list of qualifications on your website.

* "Additionally, the same emails are being successfully delivered to
[HOTMAIL ADDRESS], which confirms there’s no issue on our end
with sending or authentication (SPF, DKIM, and DMARC all pass":

* Again, NinerNet is not Hotmail and doesn't know how Hotmail servers
work. It does *not* confirm *anything* other than the fact that Hotmail
and NinerNet handle email from blacklisted IP addresses differently. And
they didn't tell you how to confirm that their claims that their "SPF,
DKIM, and DMARC" all pass. I took a quick look at some of their public
DNS records -- did I mention how many hours I've already spent on this
reply? -- and at least one of them are broken. It's not a significant
one, but if they can't get one of them right how and why should I or
you assume that they got the rest of them right?!

* "You may check if there is [sic] any server-side filters or rules
that might be rejecting, flagging, or silently discarding these
messages. if not, you may whitelist the domain at the [YOUR DOMAIN]
side and check again.":

* This is a good idea. I have checked whatever blacklists you might
have in place through the control panel on the mail server and you
don't seem to be blocking anything relevant, but you will have to log
into the webmail to see if there are any filters in place there that
could be causing a problem. I have looked for ucebox.co.za and the IP
addresses that smtp.ucebox.co.za uses in our server-wide blacklists,
and they are not there. That means that if email from their servers to
our server are bouncing -- that hasn't explicitly been stated -- then
they're bouncing because of the blacklists their servers are in. This
means that the blacklists are working as intended and as advertised,
which I consider to be a good thing.

While in the control panel I had a look at the logs of email you've
received at [YOUR DOMAIN], and I note four recent email messages
successfully received from [YOUR EXTERNALLY HOSTED EMAIL ADDRESS]:

* RE: Bank confirmation letter, Lease agreement and Invoices.
* 2025-07-26 11:44:09 CAT

* TEST
* 2025-07-27 12:23:03 CAT

* Last Test
* 2025-07-27 12:23:15 CAT

* test new
* 2025-07-27 17:08:37 CAT

Those were all successfully received, which makes me wonder why I have
spent six hours writing this email. For that reason I will end this
message here and claim, like Afrihost, that there is no problem.

Craig

On Sun, 2025-07-27 at 15:07 +0000, [NINERNET CLIENT] wrote:
> Hi Craig,
>
> Trust you are well? Please see below emails and my back-and-forth
> exchange with Afrihost. None of my emails from my [EXTERNALLY HOSTED DOMAIN]
> domain is being received by our [NINERNET-HOSTED DOMAIN]. are you able to check
> into it please?
>
> Thanks and Regards,
>
> [NINERNET CLIENT]
> [PHONE NUMBER]
>
>
>
> From: Afrihost <hosting@afrihost.com>
> Sent: 27 July 2025 16:59
> To: [NINERNET AND AFRIHOST CLIENT]
> Subject: [#PXQ-982-73116]: blocked emails
>
> Hello there.
>
> Following up on the issue regarding non-delivery of emails to
> [NINERNET CLIENT]:
>
> We’ve confirmed that the messages from [AFRIHOST-HOSTED EMAIL ADDRESS]
> are successfully sent and accepted by the outbound mail relay
> (smtp.ucebox.co.za) with a 250 OK response, indicating successful
> handoff.
>
> Additionally, the same emails are being successfully delivered to
> [CLIENT'S HOTMAIL ADDRESS], which confirms there’s no issue on our end
> with sending or authentication (SPF, DKIM, and DMARC all pass
>
> You may check if there is any server-side filters or rules that might
> be rejecting, flagging, or silently discarding these messages. if not
> , you may whitelist the domain at the [CLIENT'S DOMAIN] side and check
> again.
>
> Regards,
> Sreehari RS
> Check out some of our hosting tutorials by going to the following
> link:
> https://answers.afrihost.com/video-hosting

--
NinerNet Communications | Craig Hartnett
* https://www.niner.net | [EMAIL ADDRESS]
Phone: +1 604 630 1772 | +260 96 209 8871 | 1 855 NINERNET

We do not have these discussions with our clients about ISPs and mail service providers in Europe, North America, South America, Asia or Oceania. Incompetence seems to be concentrated in South Africa.

The lost month

9 July 2025 03:53:53 +0000

If you’re following our status blog (which we hope you are), you’ll note that we had planned to send our June invoices a few weeks late. Well, we’ve decided to reset the clock. June is a lost month in more ways than one for us, so we’re giving up on sending June invoices and just going to send July invoices.

For most clients, who are invoiced quarterly, this just means that your June invoice will be a month late, and your September invoice will appear to arrive two months early … although it will still be sent in September, but that will be two months after July instead of three months after June! Confused yet? Sorry. For our resellers you’ll essentially be billed for two months in July, but we’re assuming that you are not as disorganised and have not suffered the technical problems our office has in June, and so you’ve been invoicing normally all along.

As always though, please keep in mind the actual expiry dates of your products and services contracted with third parties: domains and certificates. Under normal circumstances we invoice clients 30-60 days in advance of expiry, but if you were scheduled to be invoiced in June you’re now going to be invoiced 0 to 30 days before expiry. For anyone whose service expires very soon after 15 July we will contact you proactively, but if we have left you too little time to make your payment for your domain or certificate, but you intend to renew it, please contact NinerNet to let us know. We will renew services in advance of your payment so that you stay online. We will continue to send scheduled reminder notices; it’s not that we’re uncaring expletives who don’t realise that our invoices have been sent late, but we’re just doing our job of making sure that you’re aware of dates and what you need to do. Just reach out to us and yell at us as needed; we can take it.

This is a less-than-optimal situation (to put it in words that any PR agent worth his or her salt would envy), we get it. (A disaster, I’d put it, more explicitly.) June was (and July continues to be) a nightmare for us in the office, but we’re just thankful that our servers have managed to run smoothly, except for the issue on the mail server that kicked off the turmoil in combination with failures of technology in the office on the very same day. The nightmare continues, to be frank, but things are finally coming together and there is light at the end of the tunnel, so it will hopefully be over soon.

NinerNet home page

Subscriptions:

RSS icon. RSS

General Information:

This is the corporate blog of NinerNet Communications. It's where we post announcements, inform and educate our clients, and discuss issues related to the Internet (web and email) hosting business and all it entails. This includes concomitant industries and activities such as domain registration, SSL/TLS certificates, online back-up, virtual private servers (VPS), cloud hosting, etc. Please visit our main website for more information about us.

Search:

 

Recent Posts:

Archives:

Categories:

Tags:

accounts receivable apple billing branding cira contact information domain registration domain registry of canada domain renewals domains domain sales dot-ca domains dot-zm domains down time droc email encryption facebook google happy hosting customers hosting transfer icann invoices iphone kwacha maintenance paying your bill paying your invoice quarterly kwacha rate review rates registrar transfers reputation scams search engine optimisation search engine optimization security seo service hours spam ssl ssl/tls support transparency wordpress zamnet

Resources:

On NinerNet: