Jump to content

Amazon SES (amazonses.com)

Xen Akula

By Xen Akula,
in General Discussion Forum

 Share
You are about to reply to a thread that has been inactive for 3827 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Xen Akula

Xen Akula

Posted
Posted

I had an issue with Linden Labs billing system. In the investigation that ensued from that I decided to look at the raw original email data from all of the email receipts I have received from Linden Labs over that last few months. That included all purchases from the Marketplace, as well as all Linden Dollar purchases. I noticed that every one of them was from amazonses.com. Amazon SES (Simple Email Service), is a company owned and operated by the big Amazon.com company. It's an email service that sends out those no reply type emails, such as receipts from onine purchases.

Ok, so far so good. However, LL is informing me that one of mine is a fake. The one they're claiming is fake is the one that misreported the actual amount their system billed me. The system did in fact bill and charge me the correct amount, it just didn't state the correct amount on the reciept. The system also didn't properly change my new membership due date after the payment was made. A LL rep had to manually change it to the correct new due date. They're claiming that the one email out of the many from amazonses that is fake, just happens to be the one that stated an incorrect amount. Please also note that I didn't receive two email receipts, one that stated the correct amount, and one that stated the incorrect amount. I only received one, and it stated the incorrect amount. I've always received only one.

So, why I am I posting about this? Two main reasons . . .

1. Has anyone else noticed after checking the raw original email data from their receipts noticed that any come from amazonses.com?

2. Has anyone else had any issues with the auto-billing system?

Just curious . . .

Link to comment
Share on other sites
Xen Akula

Xen Akula

Posted
  • Author
Posted

Um, you had better recheck that.

amazonses.com . . .

If you simply copy and paste that into Google Chrome, it takes you to . . .

http://aws.amazon.com/ses/

Try a simple whois as well.

Also, did you even bother to check any of your raw email data from any Marketplace purchases? If not, try it now. Buy a freebie that costs nothing. Then check the raw data from the email receipt. Does it originate from amazonses.com?

Do the work before you dispute anything I have posted.

Edited to correct some misspelling.

Link to comment
Share on other sites
Perrie Juran

Perrie Juran

Posted
Posted

Xen Akula wrote:

I had an issue with Linden Labs billing system. In the investigation that ensued from that I decided to look at the raw original email data from all of the email receipts I have received from Linden Labs over that last few months. That included all purchases from the Marketplace, as well as all Linden Dollar purchases. I noticed that every one of them was from amazonses.com. Amazon SES (Simple Email Service), is a company owned and operated by the big Amazon.com company. It's an email service that sends out those no reply type emails, such as receipts from onine purchases.

Ok, so far so good. However, LL is informing me that one of mine is a fake. The one they're claiming is fake is the one that misreported the actual amount their system billed me. The system did in fact bill and charge me the correct amount, it just didn't state the correct amount on the reciept. The system also didn't properly change my new membership due date after the payment was made. A LL rep had to manually change it to the correct new due date. They're claiming that the one email out of the many from amazonses that is fake, just happens to be the one that stated an incorrect amount. Please also note that I didn't receive two email receipts, one that stated the correct amount, and one that stated the incorrect amount. I only received one, and it stated the incorrect amount. I've always received only one.

So, why I am I posting about this? Two main reasons . . .

1. Has anyone else noticed after checking the raw original email data from their receipts noticed that any come from amazonses.com?

2. Has anyone else had any issues with the auto-billing system?

Just curious . . .

There has been one current thread where someone said they had a problem.

She did not appear to take kindly to the suggestion it might have been user error instead of the claim that LL's servers got hacked....

All she is stating now is that she got it resolved and that it was a "billing issue." 

Presently, everything with my billing looks ok.

Link to comment
Share on other sites
Xen Akula

Xen Akula

Posted
  • Author
Posted

I'm not taking kindly of the claim that instead of it being a billing issue, that it's afake email. meaning that my machine was compromised. Yes, I know, it happens all the time. However, I am all but certain that in this case it was a billing issue. Their system incorrectly stated an amount, as well as failed to change a due date for membership fees. They're not disputing that part, they had to manually change it.

Link to comment
Share on other sites
KarenMichelle Lane

KarenMichelle Lane

Posted
Posted

To answer you 2nd question 1st, Yes - Amazon Simple Email Service (Amazon SES) - has been used by many businesses as well as Linden Lab to host SMTP services for automated processes. Basically Linden Lab is leasing it's SMTP services from someone with dedicated server farms for lease for just this purpose.

Regarding question #1  yes, you will see that reference on yout Mail Header Message ID:

Message-ID: <00000141bf0453d7-1657d941-8956-4b0f-aacb-47454c048614-000000@email.amazonses.com>

It looks like Linden Lab started using this SMTP service in February of 2013.

 

As for a LL staffer saying you provided a fake email message, the original header information will make or break that claim.

 

 

Link to comment
Share on other sites
Xen Akula

Xen Akula

Posted
  • Author
Posted

I'm aware of what the company does.

Thanks for letting me know that I'm not the only one that receives receipts from them. Until now I didn't know for certain whether it was only me or not.

LL at first stated that they didn't even use them. What's troubling about that is one hand doesn't know what the other is doing, so to speak.

Link to comment
Share on other sites
Xen Akula

Xen Akula

Posted
  • Author
Posted

"As for a LL staffer saying you provided a fake email message, the original header information will make or break that claim."

You tell me . . .

"Received: by 10.114.11.69 with SMTP id o5csp285325ldb;

Tue, 22 Oct 2013 23:19:31 -0700 (PDT)
X-Received: by 10.224.43.84 with SMTP id v20mr1721525qae.45.1382509171207;
Tue, 22 Oct 2013 23:19:31 -0700 (PDT)
Return-Path: <00000141e3f7ce58-e6f43989-0d13-42da-b92f-04db39a57246-000000@amazonses.com>
Received: from a10-46.smtp-out.amazonses.com (a10-46.smtp-out.amazonses.com. [54.240.10.46])"

Link to comment
Share on other sites
KarenMichelle Lane

KarenMichelle Lane

Posted
Posted

Copy and Paste the complete header into this web Mail Header analyzer and it will detail the path the message took and the validity of each handoffs.

http://mxtoolbox.com/EmailHeaders.aspx

The DKIM-Signature should verify as service@mail.secondlife.com if it is valid.

You can't spoof these SMTP servers without having SecondLife's Amazon Enterprise VPN login into the Amazon Services Network.

Link to comment
Share on other sites
Qie Niangao

Qie Niangao

Posted
Posted

They're claiming that one email "is a fake", but what do they mean by that? Evidently they're saying that they sent some other email, but you have a different message containing different text. Are they implying that you (or somebody, or something) doctored the message to have the contents you're seeing now? (And, really, who other than you would want to "fake" such a mail in such a way? So... basically they're accusing you of tampering with the text, right?)

I mean, we've been focusing on the headers and whether the message came from a valid source, but it's actually the content that's in dispute, right? I guess you can know what's in your gmail inbox; I'm not sure there's a way to share that content back to the Lab as irrefutably intact without getting somebody from Google involved (presumably with a court order). Is there? Or am I misunderstanding the whole problem here?

[ETA: In case it helps, I see similar results to what you showed when I use that site to analyze headers of a recent Marketplace confirmation. Different specific server and IP addresses, but same idea... also via gmail, of course. But I'm not entirely sure what that header analyzer is doing, really.]

Link to comment
Share on other sites
Kenbro Utu

Kenbro Utu

Posted
Posted

When coming to the forums with an issue/problem (as you did), and asking for help in understanding what happened (as you did), it is common courtesy to post what the actual problem and resolution were so that if someone else comes to the forums looking for help (someone like you), then maybe your situation will help them to get their problem resolved or answer their questions.  Unless you are someone who only cares about their own problems, unlike those who responsded to your thread trying to help you, then posting the resolution might be very helpful to the next person who experiences such a problem and comes here looking for answers.

 

If you are not willing to help others who come looking for answers, then I would not expect much help yourself from the forums next time you are looking for answers; it might not be forthcoming. 

Regardless, your response to Perrie was certainly uncalled for.  

Link to comment
Share on other sites
Xen Akula

Xen Akula

Posted
  • Author
Posted

Yeah, good and valid point.

Basically what they're claiming is that they never sent me a message stating an incorrect amount being charged. Funny thing about that is, it was the exact same amount the payment page showed as well on their website. So, I suppose, according to them, that was a fake website as well.

I'm no babe in the woods. I know that if anyone would lie about this, then they would probably also tamper with and delete any data to prove their errors before it ever reached the point of any official legal investigation. Please note that I am not claiming that anyone lied about anything. I'm just saying that if anyone would, then they would probably also be willing to do other things to cover it up.

All I want to do is prove that it was a valid email, which proves it was an error made by them.

Link to comment
Share on other sites
KarenMichelle Lane

KarenMichelle Lane

Posted
Posted

Xen Akula wrote:

Just out of curiosity, what do you get when you try any of yours from amazonses.com?

Do any of them show similar results like mine?

Look further in the report. Did the DKIM-Signature verify as service@mail.secondlife.com ? If yes this is a valid message from SL.

Link to comment
Share on other sites
KarenMichelle Lane

KarenMichelle Lane

Posted
Posted

Qie Niangao wrote:

They're claiming that one email "is a fake", but what do they mean by that? Evidently they're saying that they sent some other email, but you have a different message containing different text. Are they implying that you (or somebody, or something) doctored the message to have the contents you're seeing now? (And, really, who other than you would want to "fake" such a mail in such a way? So... Basically they're accusing you of tampering with the text, right?)

I mean, we've been focusing on the headers and whether the message came from a valid source, but it's actually the content that's in dispute, right? I guess you can know what's in your gmail inbox; I'm not sure there's a way to share that content back to the Lab as irrefutably intact without getting somebody from Google involved (presumably with a court order). Is there? Or am I misunderstanding the whole problem here?

[ETA: In case it helps, I see similar results to what you showed when I use that site to analyze headers of a recent Marketplace confirmation. Different specific server and IP addresses, but same idea... also via gmail, of course. But I'm not entirely sure what that header analyzer is doing, really.]

It verifies that the Header of the message is indeed valid - In analyzing if this email is a fake the whole message should be forwarded as-is to the LL staffer to read in-context to see if any adultery has occurred. You can't fake the message for forwarding without leaving fingerprints [usually missing details] in the Header. 

 

Link to comment
Share on other sites
Xen Akula

Xen Akula

Posted
  • Author
Posted

That's why I asked if yours were similar, I get the following (email address masked) . . .

 

Hop Delay from by with time (UTC)
1 * a10-46.smtp-out.amazonses.com 54.240.10.46 mx.google.com ESMTP 10/23/2013 6:19:31 AM
2 0 seconds   10.114.11.69 SMTP 10/23/2013 6:19:31 AM

 

Delivered-To #############@gmail.com
X-Received by 10.224.43.84 with SMTP id v20mr1721525qae.45.1382509171207; Tue, 22 Oct 2013 23:19:31 -0700 (PDT)
Return-Path <00000141e3f7ce58-e6f43989-0d13-42da-b92f-04db39a57246-000000@amazonses.com>
Received-SPF pass (google.com: domain of 00000141e3f7ce58-e6f43989-0d13-42da-b92f-04db39a57246-000000@amazonses.com designates 54.240.10.46 as permitted sender) client-ip=54.240.10.46;
Authentication-Results mx.google.com; spf=pass (google.com: domain of 00000141e3f7ce58-e6f43989-0d13-42da-b92f-04db39a57246-000000@amazonses.com designates 54.240.10.46 as permitted sender) smtp.mail=00000141e3f7ce58-e6f43989-0d13-42da-b92f-04db39a57246-000000@amazonses.com; dkim=pass header.i=@secondlife.com
DKIM-Signature v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=fehyg7azojkf2w7ayvidplc2loge6xar; d=secondlife.com; t=1382509170; h=MIME-Version:Subject:To:From:Content-Type:Content-Transfer-Encoding:Message-Id:Date; bh=ge+4WPHlxXLBQH9GG8+x6CP/0CVgtxXiDqsZleDGDXw=; b=AdflLOKWtNtz9m4TVTUcxpwkw+1yuMvefAoIRhPjL4akzCw0We5se76JDV8XvJWm A4tH6ajNkdoUdQrJKGulhX6fp2PhSoazww0SFGybeyqXgri/XU4EtuuzsAyjr4KuxsM kLpw7yRCj+baJBOhAGY/wMZbi70NzDYnspbkAWwU=
MIME-Version 1.0
Subject Second Life: Balance Due Payment Received
To #############@gmail.com
From no-reply@secondlife.com
Content-Type text/plain; charset="utf-8"
Content-Transfer-Encoding quoted-printable
Message-ID <00000141e3f7ce58-e6f43989-0d13-42da-b92f-04db39a57246-000000@email.amazonses.com>
Date Wed, 23 Oct 2013 06:19:30 +0000
X-SES-Outgoing 2013.10.23-54.240.10.46
Link to comment
Share on other sites
KarenMichelle Lane

KarenMichelle Lane

Posted
Posted

Yes - the DKIM analysis verifies that it is from SL.

v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=fehyg7azojkf2w7ayvidplc2loge6xar; d=secondlife.com;

So the whole email message, when forwarded, will be the evidence needed by LL to note that this was a email that originated from one of their servers and mailed via the SMTP services. Never send the message separate from the Header - That always raises suspicions.

Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 3827 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...