Support

Blog

Browsing all articles tagged with government

Some of our clients are experiencing delivery issues to some domains that use Gmail/Google for their email.

I previously covered that here – http://www.computersolutions.cn/blog/2015/04/gmail-and-other-google-hosted-mail-delivery-issues/

The issue is that China is still blocking Gmail/ Google hosted mail, and the recipient domain hasn’t setup their MX records correctly.

This is fine for servers outside of China, where all of googles mail servers (should) work, but breaks things for those inside China, where only a few servers are reachable.

Google hosted mail settings are here: https://support.google.com/a/answer/33915?hl=en

You’ll note that there are 5 different email servers that are listed in priority order.

Priority Mail Server
1 ASPMX.L.GOOGLE.COM.
5 ALT1.ASPMX.L.GOOGLE.COM.
5 ALT2.ASPMX.L.GOOGLE.COM.
10 ALT3.ASPMX.L.GOOGLE.COM.
10 ALT4.ASPMX.L.GOOGLE.COM.

For mail servers, the higher number is more important, so a priority of 1 will be the first server tried, then the next highest number, and so on.

If I try to connect to the servers from China.

telnet ASPMX.L.GOOGLE.COM 25
Trying 74.125.200.27…
(times out)

telnet ALT1.ASPMX.L.GOOGLE.COM 25
Trying 173.194.72.26…
(times out)

telnet ALT2.ASPMX.L.GOOGLE.COM 25
Trying 74.125.25.26…
(times out)

telnet ALT3.ASPMX.L.GOOGLE.COM 25
Trying 64.233.169.26…
Connected to ALT3.ASPMX.L.GOOGLE.COM.
Escape character is ‘^]’.
(yay, we have a winner!)

telnet ALT4.ASPMX.L.GOOGLE.COM 25
Trying 74.125.70.27…
Connected to ALT4.ASPMX.L.GOOGLE.COM.
Escape character is ‘^]’.
(yay, we have a winner!)

So, we can see that alt3, alt4 work, but none of the others do (as of 9th September 2015 from Shanghai)

So, some rudimentary testing shows that some servers work, and some do not.
How does that apply to real world examples.

Lets look at a non-working domain – ihg.com

dig mx ihg.com

;; ANSWER SECTION:
ihg.com. 600 IN MX 100 aspmx3.googlemail.com.
ihg.com. 600 IN MX 50 alt1.aspmx.l.google.com.
ihg.com. 600 IN MX 50 alt2.aspmx.l.google.com.
ihg.com. 600 IN MX 100 aspmx2.googlemail.com.
ihg.com. 600 IN MX 10 aspmx.l.google.com.

You should easily be able to see 2 things.
1 – that the MX records are not as per Google settings.
2 – that the 2 working MX records are not listed.

This means that while their MX records probably work oversea’s, they will not be deliverable from China. They need to amend their MX records to Googles recommended settings.

Lets look at another example.

dig mx rsms-west.com

;; ANSWER SECTION:
rsms-west.com. 6238 IN MX 30 alt2.aspmx.l.google.com.
rsms-west.com. 6238 IN MX 10 aspmx.l.google.com.
rsms-west.com. 6238 IN MX 40 aspmx2.googlemail.com.
rsms-west.com. 6238 IN MX 50 aspmx3.googlemail.com.
rsms-west.com. 6238 IN MX 20 alt1.aspmx.l.google.com.

Once again, we can see that the alt3, and alt4 servers are missing, and unfortunately none of the other listed servers are connectable from China.

Lastly, lets look at a working server

dig mx teamsequel.com

teamsequel.com. 12878 IN MX 1 ASPMX.L.GOOGLE.com.
teamsequel.com. 12878 IN MX 5 ALT1.ASPMX.L.GOOGLE.com.
teamsequel.com. 12878 IN MX 5 ALT2.ASPMX.L.GOOGLE.com.
teamsequel.com. 12878 IN MX 10 ALT3.ASPMX.L.GOOGLE.com.
teamsequel.com. 12878 IN MX 10 ALT4.ASPMX.L.GOOGLE.com.

You can see that they have the correct Gmail settings as per Gmail / Google settings page, and mail to them is deliverable (as alt3, alt4 are currently not being blocked by the beneficent government of China).

Unfortunately as this is an issue that is out of our control (MX records are incorrect, and China is being difficult), we cannot mitigate against it. The affected domains will need to amend their MX records appropriately as per the page here- https://support.google.com/a/answer/33915?hl=en.

Update

Google has added another MX (mail server) for Google Hosted mail – alt4.gmail-smtp-in.l.google.com.

This does not currently appear to be blocked (unlike their other 4 MX servers), so we have removed the forwarding, and mail is transiting normally.


China has completely blocked gmail hosted mail as of today [28th April 2015]

This means that all mails heading to google’s servers is now blocked from Chinese ISP’s like ourselves.

Symptoms will include bounce messages where our server has given up retrying to send out the mail, as the remote server is not accessible over the Chinese internet.

EG –

Hi. This is the qmail-send program at mail.computersolutions.cn.
I’m afraid I wasn’t able to deliver your message to the following addresses.
This is a permanent error; I’ve given up. Sorry it didn’t work out.

:
Sorry, I wasn’t able to establish an SMTP connection. (#4.4.1)
I’m not going to try again; this message has been in the queue too long.

In the interim, we have added forwarding for all gmail addressed mail to transit through our oversea’s mail servers in the USA.

This should solve email delivery issues for gmail addresses – essentially anything addressed to someone @gmail.com

We are looking at solutions for resolving delivery to other google hosted mail clients, this will take some time to come up with a usable solution. In the interim, we can manually add routes on a server by server basis.

Be aware that this specific issue is out of our control, and we can only mitigate against it.

Examples of google hosted mail clients from recent queries/failure notices:

teamsequel.com – Their mail is served by google.

dig mx teamsequel.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> mx teamsequel.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11757 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;teamsequel.com. IN MX ;; ANSWER SECTION: teamsequel.com. 2320 IN MX 5 ALT1.ASPMX.L.GOOGLE.com. teamsequel.com. 2320 IN MX 5 ALT2.ASPMX.L.GOOGLE.com. teamsequel.com. 2320 IN MX 10 ALT3.ASPMX.L.GOOGLE.com. teamsequel.com. 2320 IN MX 10 ALT4.ASPMX.L.GOOGLE.com. teamsequel.com. 2320 IN MX 1 ASPMX.L.GOOGLE.com.

dreamonproductions.com – their mail is served by google.

dig mx dreamonproductions.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> mx dreamonproductions.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35828 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dreamonproductions.com. IN MX ;; ANSWER SECTION: dreamonproductions.com. 3600 IN MX 5 alt1.aspmx.l.google.com. dreamonproductions.com. 3600 IN MX 1 aspmx.l.google.com. dreamonproductions.com. 3600 IN MX 10 aspmx2.googlemail.com. dreamonproductions.com. 3600 IN MX 5 alt2.aspmx.l.google.com. dreamonproductions.com. 3600 IN MX 10 aspmx3.googlemail.com.

Dear Clients,

The government has imposed extended legislation regarding domains and domain hosting in China.  As part of these new requirements, we will be required to keep and maintain a set of registration documents for each domain we host.

We will also need to impose a small service fee (300rmb per client for first domain, 100rmb for subsequent domains) for providing assistance with application submission, so that we can cover our costs.

We are now required to do the following for all .CN domains we administer according to Chinese Law.

  1. Take a color headshot of the contact person of the Applicant Company.This photo must be taken in our office against an official backdrop image.
  2. Provide:
    – A copy of the Certificate of Business License of Legal Entity for the applicant company or a copy of the Certificate of National Organization Code of the applicant company.

    – A copy of the Chinese Resident Identity Card of the contact person of the applicant company.

    Applicants will need to bring the originals to our office so that we can scan them in color in an acceptable format for CNNIC and MII.

  3. Have the applicant sign/ chop a registration form confirming all information is correct.
  4. Ensure that your ICP 备案 is up to date and information is correct.
  5. Verify domain content, and ICP presence on your site.

Note that no personal .CN domain registrations are currently allowed for foreigners.

We are required to submit a valid China business licence, and Chinese ID to the applicable authorities.

If this information cannot be submitted, and your domain url ends in .CN , you will lose your .CN domain..

This information has to be submitted by us to the relevant involved bureau’s (MII, CNNIC, Shanghai Telecom) before the end of October.

We appreciate that this is quite short notice, and urge you to arrange a time to come to our office to fulfil these requirements before the end of October.

We will be updating our ICP and other customer support sites shortly to take into account new requirements.

Mini FAQ

What is a .cn domain?

Any domain that ends in .cn

eg www.computersolutions.cn

www.computersolutions.com.cn

Is this applicable to .com or other domains too?

Yes.

We are required to submit and verify identification information for all domains that we host prior to November 1st.

All clients with domains will need to submit information by coming to our offices with the required information.

Where can I read more about this?

http://www.bakermckenzie.com/RRDomainNameWebsiteRegistration/
http://www.aplf.org/new-regulations-for-registering-domain-names-in-china/
(Note that requirements were extended on October 1st to be applicable for all domains, not just new registrations.)

——-

尊敬的客户,

中国政府发布了关于域名和域名托管的扩展规定。
根据这些最新规定,我们需要为每个托管的域名保留维持一些注册资料。
具体来说,我们需要完成以下所有事务。根据中国法律规定我们管理CN网域。
采集申请公司联系人的彩照一张,照片必须在我们公司使用正式背景图像采集。

-为申请公司提供一份公司法人的营业执照证书复印件或者提供一份申请公司的全国组织结构代码证书复印件。
– 提供一份申请公司联系人的中国居民身份证复印件一份。
-你需带上原始件,以便我们能够彩色扫描为CNNIC 和 MII格式。

申请人需签名确认所有信息的正确性。

请确保ICP备案更新及时,信息准确。
核实网站域名内容和ICP内容。
请注意目前外国客户不允许注册个人CN域名。

我们需向申请局提交合法的中国营业执照和中国居民身份证。
如果此信息不能提交,那么你将失去 CN域名。

该信息需在十月底前由我们提交给相关部门(信息产业部,互联网络信息中心,上海电信)。

我们发布这则简短通知,希望你们安排时间在十月底前来我们办公完成这些要求。

考虑到新规定,我们将会持续更新ICP和其他客户支持站点。

Mini FAQ
什么是cn域名?
任何以.cn结尾的域名
如www.computersolutions.cn
www.computersolutions.com.cn

这个对.com 或其他域名也适用吗?
适用
我们需在11月1日前提交并核实所有托管域名的确认信息。
域名客户需携带所需信息来我们办公室提交。

在哪里能获得更多信息呢?
http://www.bakermckenzie.com/RRDomainNameWebsiteRegistration/
http://www.aplf.org/new-regulations-for-registering-domain-names-in-china/
请注意10月1日新增的要求对所有域名都适用,不只是新注册域名。

Why do I need an ICP licence?

As we often get asked why people need to register an ICP licence, as well as whats required. I thought it would be a good idea to explain what it is, and why its needed.

Essentially, an ICP licence is a permit from the Ministry of Industry and Information Technology (MII) in order to have a website in China.
In Chinese this licence is called a Bei An (ICP备案).

This was made law way back in September 2000, but not enforced until the late parts of this decade – 2007 onwards.
The latest documentation about this, and other requirements (in Chinese) is over here – http://www.miibeian.gov.cn/chaxun/flfg1.jsp?id=12

It is mandatory for any websites hosted in China to have an ICP licence, under penalty of law.
This applies whether the site is a .com, or a .cn or any other kind of domain name.

How do you apply for an ICP licence?

Website ICP licences are applied for at the MII website ( http://www.miibeian.gov.cn ), as this is all in Chinese, we typically assist clients with this process.

What do I need to apply for an ICP licence?

The official requirements are below:

Name of the website owner
Ownership information – ( Is the site is owned by an individual or a company? )
Valid identification documents (e.g., passport, ID card, etc)
Passport ID or Identification ID

Name of website investor
Your Location (in China)
Address (in China)
Operation type

Contact Person
Types of valid identification documents of the contact Person (e.g., passport or ID card, etc)
Passport ID or other Identification ID of the contact person
Office Phone (in China)
Mobile Phone (in China)
Email:

Name of the website
Home page of the website
Domain name of the site
What type of site it is (e.g., blog, forum, etc.)
What is the content of the site?

Although foreigners should be able to apply for an ICP licence, in practice that’s not possible (we haven’t been able to successfully have an ICP licence issued for a foreigner for at least a year).
Effectively this limits us to the following two requirements (we can fill in the rest for you):

Legal Chinese Company Licence Number
Company Name (in Chinese and English)

or

Chinese Name
ID number.

Note that while companies are able to register multiple websites, individuals are only permitted to register a single site.

Where do I put the licence?
The excerpt from the official wording reads as follows: 并在取得经营许可证或备案号后 3 天内放在网站主页下方显著位置.
This basically says that the licence must be placed on the website within 3 days of receiving the licence, and must be placed on the home page at the bottom of the page.

Note that we do check clients sites on a semi regular basis for this, so if you redesign your site and forget to put the ICP licence in, you may find your site closed until this is done.

How long does it take?
Typically licence application takes less than two weeks. We have seen licenses issued in as little as a day though, through to taking 2-3 months!
This all depends on when you apply, and what kind of business you are doing in China.

We recommend that you avoid leaving things until the Chinese Holidays if things are urgent, as the relevant departments are usually understaffed, and about to go on vacation.
In a worst case scenario, we can host sites oversea’s until the licence is issued.

The licence department will ask us to close down acccess to the site when they perform the check though.

We recommend that licenses are applied for well ahead of time, so that you don’t have any downtime.

What does it cost?
Applying for an ICP licence is free. If you are one of our clients, we perform licence application as part of our service.
If you aren’t one of our clients, then why not become one!

What kind of sites can get licenses? / What can we host?
Any site that does not contravene China law can get a license. We cannot assist you with hosting anything that is illegal in China!

China law prohibits the following kinds of websites:

  • Pornographic or promoting immoral behaviour.
  • Sites offensive to the Chinese government or people.
  • Sites that sell online drugs or satellite equipment
  • Sites that promote banned activities or organizations.

Note that certain kinds of content do require additional licensing, in addition to an ICP licence.

An example would be BBS (Forums).
If you require a forum, we recommend that the forum is hosted outside of China until a license can be issued.

Note that BBS licensing requires additional fee’s and documentation due to the amount of work involved.

Archives

Categories

Tags

PHOTOSTREAM