Emails are usually delivered more or less instantly after they have been sent, but occasionally there are delays - sometimes even for a few hours. This applies to the ICG's egroup messages just as much as to personal and business emails generally. The result may be that an egroup member receives a reply to an egroup post before receiving the original post. Or a member may have posted a message to the group but finds it hasn't appeared an hour or more later, thinks a mistake must have been made in sending it, and sends it again; then the original appears, either before or after the second one is received back.
What is the explanation for these strange happenings?
Messages are routed through one or more servers (computers which act as post offices, reading where a message is to be sent, and sending it onwards), in order to reach the recipient's computer. The routes taken may vary considerably, even between two people who often email each other. If a server has a big backlog of unprocessed mail, or has temporarily ceased to function, messages may be routed to other servers. The recipient's ISP's servers may become overloaded by the volume of emails received; it may take a while to clear the backlog, and the server may even temporarily refuse to receive any more emails till the backlog has disappeared.
At any of the routing points, delays may occur. As far as the ICG egroup is concerned, there could be a delay of minutes or even hours before a message reaches Yahoo from the sender; then Yahoo has to send out the post to all egroup members. The post takes unique routes to different members. This means that one member may receive the post within seconds while another member waits a few hours - perhaps because the latter's ISP has badly overloaded servers.
It is possible to track down the causes of delay to an email. A discussion of this and related matters has been written for ICG by member Steve Taylor, as follows.
Email Delays and Non-Delivery on ICG egroup
How to dig further into the emails to get answers Steve Taylor, Inputech - 2006
In the “era of email” we are very much used to emails arriving instantly once they have been sent from another party. However, there are problems that go hand in hand with this speedy method of communicating.
Sometimes, when corresponding with very large organisations, there is a delay, as long queues of email leave or enter through one central email server.
In addition to our expectations regarding delivery times, we also have the dreaded “Spam Messages” to deal with.
This short article aims to explain some of the anatomy of an email message. By understanding some of this, you may be able to have a better knowledge of why you've missed a particular email to the ICG eGroup, or where exactly that email offering Rolex wristwatches at a fraction of the retail cost really came from.
Mail Headers
Key to understanding all of this, is a very basic understanding of “Mail Headers”. Web-based email, such as Hotmail, Yahoo! And GMAIL all offer facilities to see the headers.
How to find the headers: In Outlook, one can right click on the message in a folder and select “Options”, which brings up the headers in a panel. In Outlook Express, open the email message, then go to the File menu and select Properties; click on the Details tab; this will display "Internet Headers for this message".
Do not be put off by the ugly text before you! The information held within the header is incredibly valuable in finding out:
(a) Where the email ACTUALLY came from (the “from” field is not always reliable!) (b) How long it took to get to you (c) Many other things, more of interest to us I.T. “Pointy Heads”
Let's look at these things in turn.
(a) Where The Mail Came From-
Here I'm using an email from Guy Consterdine to me, as an example. The mail headers were as follows:
Return-path: guy@consterdine.com
Envelope-to: st@inputech.co.uk
Delivery-date: Mon, 10 Apr 2006 17:26:47 +0100
Received: from blaster.systems.pipex.net ([62.241.163.7])
by mx3.mail.uk.clara.net with esmtp (Exim 4.52)
i d 1FSzDz-000DTW-Eq
for st@inputech.co.uk; Mon, 10 Apr 2006 17:26:47 +0100
Received: from DESKTOP (85-210-161-163.dsl.pipex.com [85.210.161.163])
by blaster.systems.pipex.net (Postfix) with ESMTP id 65638E000306
for <st@inputech.co.uk> Mon, 10 Apr 2006 17:26:43 +0100 (BST)
From: "Guy Consterdine" guy@consterdine.com
To: <st@inputech.co.uk>
Subject: ICG egroup - answering members' queries
Date: Mon, 10 Apr 2006 17:26:41 +0100
Message-ID: 002e01c65cbb$8cbb6950$0202a8c0@DESKTOP
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_002F_01C65CC3.EE7FD150"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
X-Envelope-To: st@inputech.co.uk
X-claradeliver-Version: 4.22.20
X-UIDL: 1144686407.51809.aether.uk.clara.net
X-RCPT: postmaster
Status: U
</st@inputech.co.uk></st@inputech.co.uk>
<st@inputech.co.uk><st@inputech.co.uk>
Here we can see the “Return Path:” on the first line, and the “From:” field about a third of the way down.
Both of these fields can be set in your email program and are easily modified or spoofed. You can claim to be who you like in these fields and supply any return email address. Try for yourself with some other email address- Just remember to change it back afterwards!
In the case of identifying Spam email senders the more useful fields are the “Received:” fields. They may not always tell you the name of the server, but in this case they do (“blaster.systems.pipex.net”). Guy's ISP is Pipex, so I can easily tell (should the content appear spurious!) whether it's genuine or not.
Another check would be to take the numeric IP address (“[62.241.163.7])”) and run a check on this, using a page such as this one at Demon :
www.demon.net/toolkit/internettools/
Which will let me perform something called a “Generic WHOIS”. By doing this, I can clearly see that this server is operated by Pipex. Although not totally impossible to spoof, I can now be almost 100% sure that this is a genuine email.
(b) How Long It Took To Get To You
Again, using the email above, I can tell from the “Received:” fields, where any delay was. In general, most mail servers report their times with a plus or minus time in relation to BST/GMT. We can see that the “Delivery-date:” field says “Mon, 10 Apr 2006 17:26:47 +0100”. This corresponds with the final received field.
However, this is only half the story, and, in the case of some spam may only form 10% of the story. The real detail lies in the second “Received:” field.
Here we see the “Delivery-date:” field is “Mon, 10 Apr 2006 17:26:43 +0100 (BST)”. Reading through that section we can see that this is the time that Guy sent the email initially from his computer to Pipex's servers. We can also see the email only took 4 seconds to arrive.
In the case of this legitimate email, the route is short. With some spam emails, they may bounce through 10 email servers before reaching you. The object of this exercise is one of concealment. Hackers and Spammers will search the Internet for servers that will allow this bouncing. In the case of our ICG emails there would normally be 3-4 stops on the email journey, all clearly auditable through the headers.
The great thing about this is that when you finally receive a delayed email you've been expecting, armed with the knowledge of headers, you can snoop down where the delay occurred. The causes for the delay can be all manner of issues, but these are two of the most common now:
1. Server failure - Most large email providers and ISPs will have emergency servers to take the place of any failed ones. Quite often, the reserve server will take a while to settle in and route correctly, especially if it's only a reserve and not a production server. If there is no fall-back system at your ISP, then the email may rest on the broken server until it's able to be sent again, or it may vanish altogether.
2. SPAM/Mass-Emailing software - A lot of ISPs, and certainly in the case of webmail (Yahoo!, Hotmail and GMAIL) routinely scan incoming emails for both viruses and perform checks on the sender against widely-used blacklists of “bad” senders. You may find yourself on these lists if you mass email many thousands of people, or send malicious emails. Due to the crude nature of some of these systems, email from Hotmail and Yahoo accounts can be screened out. If the check is at the domain level (“@yahoo.com” for example) then one bad sender from Yahoo! can stop all email from Yahoo! getting through. This is nowhere near as bad as it was 3-4 years ago, and fortunately Yahoo! and Hotmail have introduced steps to prevent spammers from signing up for free accounts in addition to aggressively following up those abusing their networks.
Finding that there is a delay of 12 hours from Yahoo! Groups sending the ICG eGroup Email to your ISP passing it on to you may be illuminating, but whether or not you can get your ISP to change their email filtering policy is another matter altogether. Technical departments of ISPs are very dogmatic generally and quite often the best advice would be “to be patient and wait”.
(c) Many Other Things
There's a whole host of other things you can find in the headers. Guy's PC is named “DESKTOP” for example. The email software used at Clara.Net is “EXIM”. He sent it using the “Microsoft Outlook” package. The importance was “Normal” as opposed to urgent. If you ever have to work in I.T. systems then you may even be interested in the “X-Envelope-To:” and the “X-UIDL” tags.
However, the normal user should be warned away from this. It's the thin end of a wedge that starts with tags such as these and ends in Real Ale, Progressive Rock and the works of Tolkein!