Why are people so bloody clueless about email? I received this in snail mail from my bank today:
Account Number xxxxxxxx Sort Code xx-xx-xx
Your statement for the above account, is ready to view by logging in to online banking at www.natwest.com.
Unfortunately, we have been unable to deliver this alert to you by email. This may be because the email address we hold for you (DAVID@WOODHOU.SE) is incorrect.
That has to be almost the most clueless bug report I've ever seen. It should have included at least some of:
- Precise date and time of the latest delivery attempt
- Sender's email address
- Sending server IP address
- Which MX host was being delivered to
- The rejection message from the MX host
If I hadn't been running my own mail server, I'd have had no way to work out what happened — no ISP is going to go trawling through their logs looking for a needle in a haystack based on virtually nothing.
Since I do run my own, I was able to log into all the MX hosts for that domain, look through the historical mail logs on each of them and I happened to find their failed message among all the lots of other people trying to fake mail from NatWest:
2009-04-21 00:38:20 +0000 1Lw40C-0002sE-3D H=mailhost7a.rbs.com [220.127.116.11] F=<OnlineBanking@Information.natwest.com> rejected after DATA: Your message lacks a Date: header, which RFC5322 says it MUST have.
Upon calling them to tell them of their problem, I was asked "who says our mails lack a Date: header?" and "who says that they should?".
After dealing with that, I left the first-line support person with three items to pass on to Nat West's technical team:
- The lack of Date: header on their outbound mail
- The uselessness of the letter they send when they can't deliver email
- The fact that they are converting email addresses to upper case, when localparts may well be case-sensitive
Maybe I should have added "you're sending outbound mail without GPG-signing it" as a fourth item? :)