On Monday, October 3, 2022 at 2:58:00 AM UTC-6, vallor wrote:
.
What on Earth happened in here?
I have to downscore "batman" (Darlene) in my score file now, the group is unusable without a Score file or killfile.
Which means it's unusable from Google Groups. Was that Darlene's mission
all along?
--
-v
i have intent to identify the anon(s) whom have been harassing my family and myself since 2008.
That’s the only reason I post .
Their emails came in fast a furious too
the primary addresses were
katchim@hotmail.com
muscleman@hotmail.com
I was also using hotmail.
hense @phx.gbl in the header data..
then I went to any and all online websites to ask questions about the odd domain in the header data
Here are some of the reports I made and the trail I left as an anon.
Network Protocols: Where does phx.gbl in all Microsoft e-mail headers derive from?
Jomi Schell
Works at Microsoft (company)Upvoted by
Martin Handwerker
, former Principal Development Manager, Outlook.com, Hotmail and Calendar Front End at Microsoft (2009-2015) and
Anjor Hemant
, Software Engineer at MicrosoftUpdated 10y
Originally Answered: Where does phx.gbl in all Microsoft e-mail headers derive from?
phx.gbl is an internal Active Directory domain that Microsoft uses to manage datacenter machines. It gets added to message headers as a way to trace what machines actually saw a message when Microsoft needs to diagnose specific problems. The name is
equivalent to a *.local domain some organizations use for AD management. It is by design that these machines are not addressable from the internet as part of Microsoft's defense in depth security planning.
Is phx.gbl a real domain? Are messages that appear to be from it legitimate?
I checked the header data for a suspicious email that claimed to be a newsletter purportedly sent from Microsoft. The actual sender domain was @phx.gbl. A couple of WHOIS searches failed to find such a domain (not even just ".gbl"). I did notice in the
results of a Google search that many newslist posts have this domain, but could find no specific discussion of its meaning. Should I be concerned when I find this domain in the sender address? I have not opened the main body of the message.
I don't submit many questions because I am not clear on the rules or expectations. This seems like a question a network expert would know the answer to, so I have rated it as easy. If I am wrong about this, please give feedback and I'll be more generous
in the future. Thanks.
Mark H
NetworkingDN
if WHOIS does not list them, it was probably a randomly generated spoof. You'll often find this with Spam and Virus emails. I'm sure alot of people asked the same questions, that's why it appeared in a google search. I'm not sure if this was your
computer or for a work computer. If it is for an enterprise, I would recommend using a Spam filter such as GFI.
If this sender appears alot in the header, then you are receiving SPAM emails. If you receive a bunch of random senders that do not have any registered Domains in WHOIS, you can pretty much assume it to be junk. Just don't open any attachments on the
email (and some not the email if you don't know the sender). I'm not sure what to tell you specifically about your situation (personal vs work, if you receive a bunch of random junk mail, etc). If you need more details, let me know.
Discussion:
does domain phx.gbl exist?
(too old to reply)
Beemer Biker 16 years ago
Permalink I have been seeing phx.gbl show up, usually in usenet postings, and was
wondering if it is real. A google of "what is phx.gbl" shows a (cached) ExpertExchange discussion here
http://tinyurl.com/rntzg (look at very bottom for answer).
quoting the answer:
Accepted Answer from The--Captain
Date: 07/06/2005 11:24PM PDT
Grade: A
Accepted Answer
Here's the definitive method to determine a domain's existence:
dig @198.41.0.4 <domain>
or in your case:
dig @198.41.0.4 phx.gbl
198.41.0.4 happens to be one of the IP addresses of
a.root-servers.net, which is one of the DNS servers that contains all the relevant information for all root domains - the 'dig' command reveals that there are no authoritative servers for the .gbl root domain, and as such the domain is completely bogus.
Cheers,
-Jon
--------end of quote----
i do not have "dig" in system32 commands, maybe dig is linux?? Sam Spade
has "dig" but it is grayed out on my win2k system. Is that something
useful?
So I gather that phx.gbl is not a valid domain. If an nntp posting ip had ***@phx.gbl then it is forged???
--
=======================================================================
Beemer Biker joestateson at grandecom dot net
http://TipsForTheComputingImpaired.com
http://ResearchRiders.org Ask about my 99'R1100RT =======================================================================
exp-player-logo
Read More
Munger Joe 16 years ago
Permalink
This post might be inappropriate. Click to display it.
Ant 16 years ago
Permalink
Post by Beemer Biker
I have been seeing phx.gbl show up, usually in usenet postings, and was wondering if it is real.
Look at posts in the microsoft.public.* hierarchy on the news sever msnews.microsoft.com and you will see it in the path. You will also
see it in message-IDs for posts originating from that server.
Post by Beemer Biker
i do not have "dig" in system32 commands, maybe dig is linux?? Sam Spade
has "dig" but it is grayed out on my win2k system. Is that something
useful?
Dig is a unix DNS lookup utility. Versions have been ported to Win32.
You can get equivalent info from nslookup by setting one of the debug
options.
Post by Beemer Biker
So I gather that phx.gbl is not a valid domain.
Looks like a Microsoft thing.
Probably not.
Mike Easter 16 years ago
Permalink
Post by Beemer Biker
I have been seeing phx.gbl show up, usually in usenet postings, and
was wondering if it is real.
That 'extender' is the way the MS newsserver msnews.microsoft.com stamps
its message id/s.
Message-ID: <uE8rz$***@TK2MSFTNGP04.phx.gbl>
It has nothing to do with a domainname.
It also shows in the Path that way. Here's a path from the ms news
server to itself:
Path: TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
Post by Beemer Biker
i do not have "dig" in system32 commands, maybe dig is linux?? Sam
Spade has "dig" but it is grayed out on my win2k system.
That seems strange. SSwin performs one kind of 'dig' on an IP and
another kind of dig on a domainname.
--
Mike Easter
Vanguard 16 years ago
Permalink
Post by Beemer Biker
I have been seeing phx.gbl show up, usually in usenet postings, and was wondering if it is real.
<snip>
According to RFC 1036 "Standard for Interchange of USENET Messages"
(which refers to RFC 822), the Message-ID is supposed to contain the
domain name. It says, "In order to conform to RFC-822, the Message-ID
must have the format: ***@full_domain_name". Microsoft is known for
not complying to RFCs.
Beemer Biker 16 years ago
Permalink
Post by Vanguard
Post by Beemer Biker
I have been seeing phx.gbl show up, usually in usenet postings, and was wondering if it is real.
<snip>
According to RFC 1036 "Standard for Interchange of USENET Messages"
(which refers to RFC 822), the Message-ID is supposed to contain the
domain name. It says, "In order to conform to RFC-822, the Message-ID
not complying to RFCs.
Yea, but if everyone fully complied with every little RFC, wouldnt it be a really dull little world? I mean, imagine if every post in this news group
was rational and sane.
--
=======================================================================
Beemer Biker joestateson at grandecom dot net
http://TipsForTheComputingImpaired.com
http://ResearchRiders.org Ask about my 99'R1100RT =======================================================================
Vanguard 16 years ago
Permalink
...
The RFCs do not dicate the content of Usenet posts. How could you use a
web browser, any web browser, if they didn't follow enough of the
standards so they could actually transfer traffic to and from another
host? Your NNTP client couldn't thread together the separate posts to
put them together for ease in following a conversation without
standards. You couldn't attach files to e-mail without standards. You
couldn't e-mail without standards. You couldn't even speak without
standards (no one cares about some babbling idiot that no one but
themself understands). Nothing of what you use for Internet access and communication would exist without standards. Some are highly critical.
Some are recommended or suggested. And some are just de facto
standards. I see nothing recommended, suggested, or optional regarding
the syntax for the Message-ID field.
Morely Dotes 16 years ago
Permalink
Post by Beemer Biker
Yea, but if everyone fully complied with every little RFC, wouldnt it
be a really dull little world? I mean, imagine if every post in this
news group was rational and sane.
If everyone complied with every little RFC, there wouldn't be any posts in
this newsgroup - because there wouldn't be any spam, and therefor no reason
for alt.spam
--
Tired of spam in your mailbox? Come to
http://www.spamblocked.com
Who is Brad Jesness?
http://www.wilhelp.com/bj_faq/
Look for the big white box that says "Maximum Evil" in pink letters. "Sufficiently advanced incompetence is indistinguishable from malice."
anon 16 years ago
Permalink Can you put that in layman's terms, Mr. "Dotes"?
Post by Morely Dotes
Post by Beemer Biker
Yea, but if everyone fully complied with every little RFC, wouldnt it
be a really dull little world? I mean, imagine if every post in this
news group was rational and sane.
If everyone complied with every little RFC, there wouldn't be any
posts in this newsgroup - because there wouldn't be any spam, and
therefor no reason for alt.spam
--
Rich Tietjens IS "Morely Dotes", spamblocked.com 'CEO',
PUNK kicked OFF decent host:
http://tinyurl.com/9mmgy &
http://tinyurl.com/7zfzc Joe Jared IS "Taylor Jimenez" More:
http://tinyurl.com/a7h88 http://tinyurl.com/6ukk4 Abusers:
http://tinyurl.com/lhw7b ; MUST Read:
http://tinyurl.com/fo8he
Munger Joe 16 years ago
Permalink
Post by Morely Dotes
If everyone complied with every little RFC, there wouldn't be any posts in
this newsgroup - because there wouldn't be any spam, and therefor no reason
for alt.spam
Little slab of meat
In a wash of clear jelly
Now I heat the pan
--
Joe
Ant 16 years ago
Permalink
Post by Munger Joe
Post by Morely Dotes
If everyone complied with every little RFC, there wouldn't be any posts in
this newsgroup - because there wouldn't be any spam, and therefor no reason
for alt.spam
Little slab of meat
In a wash of clear jelly
Now I heat the pan
Yea, what is that stuff
That doth jiggle in the breeze
For your newsgroups file
Munger Joe 16 years ago
Permalink
Post by Ant
Post by Munger Joe
Little slab of meat
In a wash of clear jelly
Now I heat the pan
Yea, what is that stuff
That doth jiggle in the breeze
For your newsgroups file
Spam is not Jello
That yields to nature's whispers.
Bwad... killfile... jiggle
--
Joe
11 Replies
7 Views
Permalink to this page
Disable enhanced parsing
Thread Navigation
Beemer Biker 16 years ago
Munger Joe 16 years ago
Ant 16 years ago
Mike Easter 16 years ago
Vanguard 16 years ago
Beemer Biker 16 years ago
Vanguard 16 years ago
Morely Dotes 16 years ago
anon 16 years ago
Munger Joe 16 years ago
Ant 16 years ago
Munger Joe 16 years ago
Question : Is phx.gbl a real domain? Are messages that appear to be from it legitimate?
I checked the header data for a suspicious email that claimed to be a newsletter purportedly sent from Microsoft. The actual sender domain was @phx.gbl. A couple of WHOIS searches failed to find such a domain (not even just ".gbl"). I did notice in the
results of a Google search that many newslist posts have this domain, but could find no specific discussion of its meaning. Should I be concerned when I find this domain in the sender address? I have not opened the main body of the message.
I don't submit many questions because I am not clear on the rules or expectations. This seems like a question a network expert would know the answer to, so I have rated it as easy. If I am wrong about this, please give feedback and I'll be more generous
in the future. Thanks.
Mark H
Answer : Is phx.gbl a real domain? Are messages that appear to be from it legitimate?
Here's the definitive method to determine a domain's existence:
dig @198.41.0.4
or in your case:
dig @198.41.0.4 phx.gbl
198.41.0.4 happens to be one of the IP addresses of a.root-servers.net, which is one of the DNS servers that contains all the relevant information for all root domains - the 'dig' command reveals that there are no authoritative servers for the .gbl root
domain, and as such the domain is completely bogus.
Cheers,
-Jon
Stay in touch wirelessly
The Technical Zone... The Geeky forum... Use this forum to discuss technical aspects of email, from authentication protocols to encryption.
Reply
Thread Tools
Old 25 Aug 2011, 01:09 PM #1
ADret
Junior Member
Join Date: Aug 2011
Posts: 3
Post message-ID format for the phx.gbl domain
in particular, is it possible to extract the date from the message-ID?
As working examples, I provide the following two message-IDs:
<
COL102-W586B1988DB342B6A9A6163B9EB0@phx.gbl> <
BLU140-W2196F531CD117CA133B883F5110@phx.gbl>
Your help would be extremely valuable.
Thanks
ADret is offline Reply With Quote
Old 25 Aug 2011, 04:37 PM #2
janusz
The "e" in e-mail
Join Date: Feb 2006
Location: EU
Posts: 4,880
Quote:
Originally Posted by ADret View Post
is it possible to extract the date from the message-ID?
No.
But the time stamp should be somewhere in the header, in plain text. Something like Date: Wed, 24 Aug 2011 13:55:51 -0700
janusz is offline Reply With Quote
Old 25 Aug 2011, 10:13 PM #3
ADret
Junior Member
Join Date: Aug 2011
Posts: 3
Quote:
Originally Posted by janusz View Post
No.
But the time stamp should be somewhere in the header, in plain text. Something like Date: Wed, 24 Aug 2011 13:55:51 -0700
Thank you for your reply.
Please allow me expand a bit - the issue is of great personal importance as you may imagine.
The thing is that I am looking for the date of a *forwarded* e-mail, whose text (including the date) has possibly been altered. I understand that this date does not appear in the header, correct? Therefore, I was trying to extract the date from message
ID in the references. As I understand it - that's the only piece of info that I have for the original e-mail that was forwarded.
The message ID is usually produced by algorithms that take the data as an input. In the examples that I found on-line, the time information is contained in the N first digits, where N can vary depending on the coding. So, I could possible back convert
these message ID digits to a readable date.
Where could I find how hotmail from where the original message originates generates message-IDs?
Your help would be extremely valuable.
Thank you again.
ADret is offline Reply With Quote
Old 25 Aug 2011, 11:47 PM #4
janusz
The "e" in e-mail
Join Date: Feb 2006
Location: EU
Posts: 4,880
The only technical requirement is that the message-id is unique (no two messages with the same id). Usually, but not always, the msg. id. includes a human-readable time stamp. but again, this is optional.
Hotmail is free to generate ids in any way it likes, and I don't think the algorithm is published anywhere (why should it be?).
janusz is offline Reply With Quote
Old 26 Aug 2011, 02:51 AM #5
ADret
Junior Member
Join Date: Aug 2011
Posts: 3
Thanks, I see your point.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)