So, ran into an interesting issue yesterday.
A client that uses Hostgator Email was not receiving any emails from Godaddy, like transfer requests, whois verifications, ect. His email otherwise worked, he gets a ton of it everyday, but emails to Godaddy were not being received.
We contacted Godaddy and the rep emailed my client, but his test email bounced with the error code below:
Remote Server returned '550-Verification failed for <***@godaddy.com> 550-Unrouteable address 550 Sender verify failed'
From the bounce message, it was obvious that the email was reaching the Hostgator email server, but it was being rejected. So, I contacted Hostgator support to find out what was going on, thinking it was a spam filter or something.
It turns out, a user at Hostgator had added godaddy.com as a domain there…I would imagine through their Cpanel/WHM account.
So, as far as Hostgator’s email server was concerned, Godaddy.com’s email was being hosted by Hostgator and the email address was in fact invalid. Hostgator’s support quickly identified the issue and said they were working to make sure someone didn’t/couldn’t do that again.
This is an interesting pitfall of allowing users to add domains and to be honest a difficult attack vector to protect against as a hosting company. Without doing some sort of Domain verification, like adding a DNS record or something, there are probably a lot of urls a bad user could add that would cause problems. It is easy to block the big name ones, like Google, Godaddy, Microsoft, and so forth.
Add a Comment