Xen Akula Posted October 27, 2013 Share Posted October 27, 2013 I had an issue with Linden Labs billing system. In the investigation that ensued from that I decided to look at the raw original email data from all of the email receipts I have received from Linden Labs over that last few months. That included all purchases from the Marketplace, as well as all Linden Dollar purchases. I noticed that every one of them was from amazonses.com. Amazon SES (Simple Email Service), is a company owned and operated by the big Amazon.com company. It's an email service that sends out those no reply type emails, such as receipts from onine purchases.Ok, so far so good. However, LL is informing me that one of mine is a fake. The one they're claiming is fake is the one that misreported the actual amount their system billed me. The system did in fact bill and charge me the correct amount, it just didn't state the correct amount on the reciept. The system also didn't properly change my new membership due date after the payment was made. A LL rep had to manually change it to the correct new due date. They're claiming that the one email out of the many from amazonses that is fake, just happens to be the one that stated an incorrect amount. Please also note that I didn't receive two email receipts, one that stated the correct amount, and one that stated the incorrect amount. I only received one, and it stated the incorrect amount. I've always received only one.So, why I am I posting about this? Two main reasons . . .1. Has anyone else noticed after checking the raw original email data from their receipts noticed that any come from amazonses.com?2. Has anyone else had any issues with the auto-billing system?Just curious . . . Link to comment Share on other sites More sharing options...
Carl Thibodeaux Posted October 27, 2013 Share Posted October 27, 2013 1. The website you posted is wrong. A simple google search shows a completely different website. You can check that yourself. 2. Havn't had any issues yet. Link to comment Share on other sites More sharing options...
Xen Akula Posted October 27, 2013 Author Share Posted October 27, 2013 Um, you had better recheck that. amazonses.com . . . If you simply copy and paste that into Google Chrome, it takes you to . . . http://aws.amazon.com/ses/ Try a simple whois as well. Also, did you even bother to check any of your raw email data from any Marketplace purchases? If not, try it now. Buy a freebie that costs nothing. Then check the raw data from the email receipt. Does it originate from amazonses.com? Do the work before you dispute anything I have posted. Edited to correct some misspelling. Link to comment Share on other sites More sharing options...
Perrie Juran Posted October 27, 2013 Share Posted October 27, 2013 Xen Akula wrote: I had an issue with Linden Labs billing system. In the investigation that ensued from that I decided to look at the raw original email data from all of the email receipts I have received from Linden Labs over that last few months. That included all purchases from the Marketplace, as well as all Linden Dollar purchases. I noticed that every one of them was from amazonses.com. Amazon SES (Simple Email Service), is a company owned and operated by the big Amazon.com company. It's an email service that sends out those no reply type emails, such as receipts from onine purchases. Ok, so far so good. However, LL is informing me that one of mine is a fake. The one they're claiming is fake is the one that misreported the actual amount their system billed me. The system did in fact bill and charge me the correct amount, it just didn't state the correct amount on the reciept. The system also didn't properly change my new membership due date after the payment was made. A LL rep had to manually change it to the correct new due date. They're claiming that the one email out of the many from amazonses that is fake, just happens to be the one that stated an incorrect amount. Please also note that I didn't receive two email receipts, one that stated the correct amount, and one that stated the incorrect amount. I only received one, and it stated the incorrect amount. I've always received only one. So, why I am I posting about this? Two main reasons . . . 1. Has anyone else noticed after checking the raw original email data from their receipts noticed that any come from amazonses.com? 2. Has anyone else had any issues with the auto-billing system? Just curious . . . There has been one current thread where someone said they had a problem. She did not appear to take kindly to the suggestion it might have been user error instead of the claim that LL's servers got hacked.... All she is stating now is that she got it resolved and that it was a "billing issue." Presently, everything with my billing looks ok. Link to comment Share on other sites More sharing options...
Xen Akula Posted October 27, 2013 Author Share Posted October 27, 2013 I'm not taking kindly of the claim that instead of it being a billing issue, that it's afake email. meaning that my machine was compromised. Yes, I know, it happens all the time. However, I am all but certain that in this case it was a billing issue. Their system incorrectly stated an amount, as well as failed to change a due date for membership fees. They're not disputing that part, they had to manually change it. Link to comment Share on other sites More sharing options...
KarenMichelle Lane Posted October 27, 2013 Share Posted October 27, 2013 To answer you 2nd question 1st, Yes - Amazon Simple Email Service (Amazon SES) - has been used by many businesses as well as Linden Lab to host SMTP services for automated processes. Basically Linden Lab is leasing it's SMTP services from someone with dedicated server farms for lease for just this purpose. Regarding question #1 yes, you will see that reference on yout Mail Header Message ID: Message-ID: <00000141bf0453d7-1657d941-8956-4b0f-aacb-47454c048614-000000@email.amazonses.com> It looks like Linden Lab started using this SMTP service in February of 2013. As for a LL staffer saying you provided a fake email message, the original header information will make or break that claim. Link to comment Share on other sites More sharing options...
Xen Akula Posted October 27, 2013 Author Share Posted October 27, 2013 I'm aware of what the company does. Thanks for letting me know that I'm not the only one that receives receipts from them. Until now I didn't know for certain whether it was only me or not. LL at first stated that they didn't even use them. What's troubling about that is one hand doesn't know what the other is doing, so to speak. Link to comment Share on other sites More sharing options...
Xen Akula Posted October 27, 2013 Author Share Posted October 27, 2013 "As for a LL staffer saying you provided a fake email message, the original header information will make or break that claim." You tell me . . . "Received: by 10.114.11.69 with SMTP id o5csp285325ldb; Tue, 22 Oct 2013 23:19:31 -0700 (PDT)X-Received: by 10.224.43.84 with SMTP id v20mr1721525qae.45.1382509171207;Tue, 22 Oct 2013 23:19:31 -0700 (PDT)Return-Path: <00000141e3f7ce58-e6f43989-0d13-42da-b92f-04db39a57246-000000@amazonses.com>Received: from a10-46.smtp-out.amazonses.com (a10-46.smtp-out.amazonses.com. [54.240.10.46])" Link to comment Share on other sites More sharing options...
KarenMichelle Lane Posted October 27, 2013 Share Posted October 27, 2013 Copy and Paste the complete header into this web Mail Header analyzer and it will detail the path the message took and the validity of each handoffs. http://mxtoolbox.com/EmailHeaders.aspx The DKIM-Signature should verify as service@mail.secondlife.com if it is valid. You can't spoof these SMTP servers without having SecondLife's Amazon Enterprise VPN login into the Amazon Services Network. Link to comment Share on other sites More sharing options...
Xen Akula Posted October 27, 2013 Author Share Posted October 27, 2013 This is what I get . . . 1. * , a10-46.smtp-out.amazonses.com 54.240.10.46, mx.google.com, ESMTP, 10/23/2013 6:19:31 AM 2. 0 seconds, 10.114.11.69, SMTP, 10/23/2013 6:19:31 AM Link to comment Share on other sites More sharing options...
Xen Akula Posted October 27, 2013 Author Share Posted October 27, 2013 Just out of curiosity, what do you get when you try any of yours from amazonses.com? Do any of them show similar results like mine? Link to comment Share on other sites More sharing options...
HarleiQuinn Posted October 27, 2013 Share Posted October 27, 2013 I stated it for what got resolved NOT that its ANY of your bidness anyway TROLL.I did not owe you an explanation at all. MY issue with LL was RESOLOVED to my satisfaction and funds debited. Gobble down a dozen donuts and get over yourself Link to comment Share on other sites More sharing options...
Qie Niangao Posted October 27, 2013 Share Posted October 27, 2013 They're claiming that one email "is a fake", but what do they mean by that? Evidently they're saying that they sent some other email, but you have a different message containing different text. Are they implying that you (or somebody, or something) doctored the message to have the contents you're seeing now? (And, really, who other than you would want to "fake" such a mail in such a way? So... basically they're accusing you of tampering with the text, right?) I mean, we've been focusing on the headers and whether the message came from a valid source, but it's actually the content that's in dispute, right? I guess you can know what's in your gmail inbox; I'm not sure there's a way to share that content back to the Lab as irrefutably intact without getting somebody from Google involved (presumably with a court order). Is there? Or am I misunderstanding the whole problem here? [ETA: In case it helps, I see similar results to what you showed when I use that site to analyze headers of a recent Marketplace confirmation. Different specific server and IP addresses, but same idea... also via gmail, of course. But I'm not entirely sure what that header analyzer is doing, really.] Link to comment Share on other sites More sharing options...
Kenbro Utu Posted October 27, 2013 Share Posted October 27, 2013 When coming to the forums with an issue/problem (as you did), and asking for help in understanding what happened (as you did), it is common courtesy to post what the actual problem and resolution were so that if someone else comes to the forums looking for help (someone like you), then maybe your situation will help them to get their problem resolved or answer their questions. Unless you are someone who only cares about their own problems, unlike those who responsded to your thread trying to help you, then posting the resolution might be very helpful to the next person who experiences such a problem and comes here looking for answers. If you are not willing to help others who come looking for answers, then I would not expect much help yourself from the forums next time you are looking for answers; it might not be forthcoming. Regardless, your response to Perrie was certainly uncalled for. Link to comment Share on other sites More sharing options...
Xen Akula Posted October 27, 2013 Author Share Posted October 27, 2013 Yeah, good and valid point. Basically what they're claiming is that they never sent me a message stating an incorrect amount being charged. Funny thing about that is, it was the exact same amount the payment page showed as well on their website. So, I suppose, according to them, that was a fake website as well. I'm no babe in the woods. I know that if anyone would lie about this, then they would probably also tamper with and delete any data to prove their errors before it ever reached the point of any official legal investigation. Please note that I am not claiming that anyone lied about anything. I'm just saying that if anyone would, then they would probably also be willing to do other things to cover it up. All I want to do is prove that it was a valid email, which proves it was an error made by them. Link to comment Share on other sites More sharing options...
HarleiQuinn Posted October 27, 2013 Share Posted October 27, 2013 She wanted to get smarmy she got some back in return. I shared the results as per the outcome contrary to your retort. As to what i said well thats just too damn bad if you did not lime it.Who are YOU to tell anyone what to say. Link to comment Share on other sites More sharing options...
KarenMichelle Lane Posted October 27, 2013 Share Posted October 27, 2013 Xen Akula wrote: Just out of curiosity, what do you get when you try any of yours from amazonses.com? Do any of them show similar results like mine? Look further in the report. Did the DKIM-Signature verify as service@mail.secondlife.com ? If yes this is a valid message from SL. Link to comment Share on other sites More sharing options...
KarenMichelle Lane Posted October 27, 2013 Share Posted October 27, 2013 Qie Niangao wrote: They're claiming that one email "is a fake", but what do they mean by that? Evidently they're saying that they sent some other email, but you have a different message containing different text. Are they implying that you (or somebody, or something) doctored the message to have the contents you're seeing now? (And, really, who other than you would want to "fake" such a mail in such a way? So... Basically they're accusing you of tampering with the text, right?) I mean, we've been focusing on the headers and whether the message came from a valid source, but it's actually the content that's in dispute, right? I guess you can know what's in your gmail inbox; I'm not sure there's a way to share that content back to the Lab as irrefutably intact without getting somebody from Google involved (presumably with a court order). Is there? Or am I misunderstanding the whole problem here? [ETA: In case it helps, I see similar results to what you showed when I use that site to analyze headers of a recent Marketplace confirmation. Different specific server and IP addresses, but same idea... also via gmail, of course. But I'm not entirely sure what that header analyzer is doing, really.] It verifies that the Header of the message is indeed valid - In analyzing if this email is a fake the whole message should be forwarded as-is to the LL staffer to read in-context to see if any adultery has occurred. You can't fake the message for forwarding without leaving fingerprints [usually missing details] in the Header. Link to comment Share on other sites More sharing options...
Kenbro Utu Posted October 27, 2013 Share Posted October 27, 2013 Your reading comprehension seems to be poor. I never told you what to say. I simply said it was a common courtesy to do so, which you clearly seem to be lacking in. Link to comment Share on other sites More sharing options...
Xen Akula Posted October 27, 2013 Author Share Posted October 27, 2013 That's why I asked if yours were similar, I get the following (email address masked) . . . Hop Delay from by with time (UTC) 1 * a10-46.smtp-out.amazonses.com 54.240.10.46 mx.google.com ESMTP 10/23/2013 6:19:31 AM 2 0 seconds 10.114.11.69 SMTP 10/23/2013 6:19:31 AM Delivered-To #############@gmail.com X-Received by 10.224.43.84 with SMTP id v20mr1721525qae.45.1382509171207; Tue, 22 Oct 2013 23:19:31 -0700 (PDT) Return-Path <00000141e3f7ce58-e6f43989-0d13-42da-b92f-04db39a57246-000000@amazonses.com> Received-SPF pass (google.com: domain of 00000141e3f7ce58-e6f43989-0d13-42da-b92f-04db39a57246-000000@amazonses.com designates 54.240.10.46 as permitted sender) client-ip=54.240.10.46; Authentication-Results mx.google.com; spf=pass (google.com: domain of 00000141e3f7ce58-e6f43989-0d13-42da-b92f-04db39a57246-000000@amazonses.com designates 54.240.10.46 as permitted sender) smtp.mail=00000141e3f7ce58-e6f43989-0d13-42da-b92f-04db39a57246-000000@amazonses.com; dkim=pass header.i=@secondlife.com DKIM-Signature v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=fehyg7azojkf2w7ayvidplc2loge6xar; d=secondlife.com; t=1382509170; h=MIME-Version:Subject:To:From:Content-Type:Content-Transfer-Encoding:Message-Id:Date; bh=ge+4WPHlxXLBQH9GG8+x6CP/0CVgtxXiDqsZleDGDXw=; b=AdflLOKWtNtz9m4TVTUcxpwkw+1yuMvefAoIRhPjL4akzCw0We5se76JDV8XvJWm A4tH6ajNkdoUdQrJKGulhX6fp2PhSoazww0SFGybeyqXgri/XU4EtuuzsAyjr4KuxsM kLpw7yRCj+baJBOhAGY/wMZbi70NzDYnspbkAWwU= MIME-Version 1.0 Subject Second Life: Balance Due Payment Received To #############@gmail.com From no-reply@secondlife.com Content-Type text/plain; charset="utf-8" Content-Transfer-Encoding quoted-printable Message-ID <00000141e3f7ce58-e6f43989-0d13-42da-b92f-04db39a57246-000000@email.amazonses.com> Date Wed, 23 Oct 2013 06:19:30 +0000 X-SES-Outgoing 2013.10.23-54.240.10.46 Link to comment Share on other sites More sharing options...
Xen Akula Posted October 27, 2013 Author Share Posted October 27, 2013 Does yours, or anyone elses DKIM look similar from any email receipts from Marketplace purchases or Linden Dollar purchases? Link to comment Share on other sites More sharing options...
HarleiQuinn Posted October 27, 2013 Share Posted October 27, 2013 Unbunch your Man panties Link to comment Share on other sites More sharing options...
KarenMichelle Lane Posted October 27, 2013 Share Posted October 27, 2013 Yes - the DKIM analysis verifies that it is from SL. v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=fehyg7azojkf2w7ayvidplc2loge6xar; d=secondlife.com; So the whole email message, when forwarded, will be the evidence needed by LL to note that this was a email that originated from one of their servers and mailed via the SMTP services. Never send the message separate from the Header - That always raises suspicions. Link to comment Share on other sites More sharing options...
Xen Akula Posted October 27, 2013 Author Share Posted October 27, 2013 Thank you, KarenMichelle. If it never goes any further than right here, I feel validated. Will you marry me? . . . jk Link to comment Share on other sites More sharing options...
Dillon Levenque Posted October 28, 2013 Share Posted October 28, 2013 Gee, I was worried about necro-posting after responding recently to your big ol' hacker thread, but seeing as how you've stuck your nose into this one I guess I'm current after all. Kenbro, in my opinion, treated you with a lot more courtesy than you deserved. Link to comment Share on other sites More sharing options...
Recommended Posts
Please take a moment to consider if this thread is worth bumping.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now