Home > Computer > Decoding MSN “The following message could not be delivered to all recipients” Error Message
Donation Goal
Donate Now Goal amount for this year: 799 USD, Received: 100 USD (13%)
Please donate to help support this website. The funds will be used to purchase owned license of LiteSpeed Web Server Enterprise (2-CPU). It provides superior performance in terms of raw speed, scalability and anti-DDoS capabilities.

Decoding MSN “The following message could not be delivered to all recipients” Error Message

Posted By Raymond In Category: Computer

Mar
11
2010

Few days ago I was trying to help a friend troubleshoot a computer problem using teamviewer. For some weird reasons when I gave him the direct link to download the Teamviewer QuickSupport module, Windows Live Messenger gave me an error “The following message could not be delivered to all recipients” message.

The following message could not be delivered to all recipients

I thought that MSN blocked the link because there was an .EXE extension which can be unsafe so I tried uploading to MediaFire which the download link contains only random letters and numbers without the extension, but it still got blocked. I also remembered very clearly that I tried on Rapidshare but it was blocked too. Finally I had to ask him visit teamviewer.com and click on the “Join a Session” button to download the quick support module.

I googled and found some people also had the problem of MSN blocking Mediafire links. I really thought that this is the case but after doing more research, it appears to be different and MSN doesn’t hate or intentionally block MediaFire links.


I found out from MSN Protocol website that it is possible to use the GCF payload command to request a configuration file Shields.xml that controls blocking of security sensitive items like hyperlinks, Winks and Dynamic Display Pictures from the server. From Wikipedia I also found out that the latest MSNP is now 18 but the GCF link is on 11. Further research tells me that ever since MSNP13, they no longer pushes Shields.xml and the configuration files are now called policies.

Now I have some idea on how it works so I fired up oSpy and attach it to Windows Live Messenger to start sniffing the received data. I search for the word SHIELDS in the packets and found one received packet that has very interesting data. As you can see at the screenshot below, it has tons of base64 encoded strings for imtext value.
MSN censored words

When I decoded one of the strings “cGhvdG8yMzRcLnppcA==” with an online Base64 decoder, it shows a filename “photo234\.zip” which I am pretty sure that’s the blacklisted word because there used to be MSN virus circulating around with similar filenames. I tried sending a test message with any URL together with that filename and BINGO! that message is blocked with the error “The following message could not be delivered to all recipients”.

proof censored word by MSN

Later I discovered that you don’t really need a packet sniffer to get the base64 encoded blocked because Windows Live Messenger has an option to enable connection logging. Open Windows Live Messenger, go to Tools > Options > Connection > Advanced Settings button > check Save a log of my server connections to help troubleshoot connection problems. Now sign in to your MSN account, and again go Tools > Options > Connection > Advanced Settings button > and click the View Log button. Search for the word SHIELDS and at the same line you will find a lot of encrypted imtext value such as aW1nNS0yMDA3XC56aXA=.

I’ve decoded all 91 strings from the current block list which contains censored words and URLs but I still couldn’t find why mediafire links are blocked. Further online research shows that the censored list gets updated, for example, older censored word list used to have “.pif” but now doesn’t and it is still being blocked. Try appending .pif with any links and the instant message surely can’t go through. Finally through online research, I found out that Mediafire links are blocked because “download.php” is in the URL and it is one of the older censored words.

For your convenience, I have compiled a list of blocked words by MSN. It may not be complete but it is currently the biggest list you can find on the Internet.

.pif
168.169.78.19
1717wan.cn
51kongqi.com
51pingguo.cn
66663.cn
930le.com
94nile.com/apple
995ba.com
acilastir.info
acisalavans.info
acisalcap
albrahem.com
album.zip
amazondakayboldum.info
amazonhalki.info
amigosparasempre.smtp.ru
amigosparasempro.smtp.ru
armazfiles.smtp.ru
baratinha.mypets.ws
belgravehelpdesk.com
bezgi.info
bireyci.info
block-checker.com
blockinrio
bobblak.com
bobyup
bobzop.com
boyamagucu
burasiseninyerin.info
bush-gracioso.exe
checkmessenger.net
chinacircle.com
chirstmas-2007.zip
clipdeeps.com
dansadimi.info
downgrdr.exe
download.php
dreamlife365.com/member/
e-afyonkarahisar.info
ekars.info
ekastamonu.info
emret.info
fantasma.zip
fmconsulting
foto.exe
foto722a6
fotos.zip
friendims.com
friendly-offer.com
funbuddyicons.com
funpic.de
g038_jpg.zip
get-messenger
goldwindos2000.com
happy_2008.exe
happy2008.exe
hetandunhasde.com
hornymatches.com
hoto234.zip
imag091307.zip
image031.zip
image206.jpg-www.photoshare[1].com
image25.zip
images.coolpage.biz/images.php
images.getenjoyment.net
images.idohost.com
images.zip
imageswitch.info
img-0012.zip
img021.zip
img-0950.zip
img1756.zip
img301.zip
img-3773.zip
img5-2007.zip
img-6434.zip
img-8197.zip
imp.exe
implay.com
impluse.exe
improfile.net
iwantu.com
life365.com
love33.zip
mainmsn.com
mainmsn.net
malbranche.goracer.de
members.lycos.co.uk/svy21/t/contact.php
memebers.lycos.co.uk/getmessenger
mensagemparavc.mail15.com
messaging-names
messangerstats.net
messengerdeletechecker
messenger-scan
messengertools.org
miralafoto/foto.exe
monclocher.com
monica.zip
moorsh.com
mprofiles.net/members.php?msn=
msnblockerlist.com
msnblocklist.com
msn-friend.com
msnliststatus.com
msnspy.eu
msnwebimages.com
myalbum2007.zip
mydipan.cn
mymsngallery
mypengyou.com
myphoto94.zip
mypictures.zip
mypictures-0108.zip
no-ip.org
noticiasdobrasil.com.sapo.pt/noticiaurgentebrasilnumero9821.com
nowpounds.com
p1377.pic-myspace.info
photo2007-12.zip
photo234.zip
photo656.jpg
photoalbum2007
photogbase.com/pictures.php?photo656.jpg
photos.zip
photos1-2008.zip
pic.zip
pic1273.zip
pics.zip
pics-at-the-party.com
picts-7053.zip
pictura002
portakallidavet.info
profile.php?
quienteadmite.com
reuty.info
secretimages56.zip
shusu.cn
sjegat.pics.skaq.info
sontarih.info
stuff.zip
stuffplug.com/temp/downgrdr.exe
sulandirma
summer2008
sweetpictures.myphotos.cc/katiesex.pif
t35.com
tanyababe.zip
tufoto
tuhafkimse
tunabaligi
tutuskanlik
unknowntools.com
uysallik.info
verti2/fantasma.zip
viotagallery.com
windowslivemessenger.biz/msn/msn.php
wowbam.com
xpimad.com
yorungesel

Remember, MSN does not block these words alone. They must be in hyperlink. You can test them by adding www or http:// infront of those words. There are two ways to bypass this annoying censor by MSN. If you’re trying to send a mediafire link with download.php in the middle, you can use TinyURL to mask the URL. And if you’re trying to send a link with no-ip.org, do not include www or http:// infront of the URL. I find it hard to believe that no-ip.org is blocked by MSN!


Related posts:
  • How To Copy Text from Windows Error Message and Command Prompt
  • FIX Fatal error: Allowed memory size of 8388608 bytes exhausted ERROR
  • Beware of the New “hi. this is your photo?” MSN Virus
  • Fix Startup Error SymsetSymWithAddr64 Not Located in DBGHELP.dll
  • Message or Text That Automatic Deletes After Viewing
    • Ahmad Saleem

      Fantastic information, Thanks ray, I often have to face this problem, good job.

    • http://jobberies.com/jobs/banking/ Nagobonar

      hi ray, really helpful. thank to you for this tweak

    • http://tridentcore.com Aries Santoso

      ow I see… so that’s the reason ehh… any patch or update for this matter?

    • kees

      Fine, but some AV customarily blocks all TinyUrl !!

    • Fahad Golra

      Nice piece of information.

    • sumit gupta

      Very Informative
      Thanx
      Ray

    • Lineker Tomazeli

      Very nice :)

      You should try to use skydrive.live.com since is there product probably you not gonna have problems .

      Good lucky

    • Lineker Tomazeli

      there = their :P

    • kash

      You work very hard and your topics are writen by a high style of english!
      You are great Raymond sincerly.
      Thank you for all…

    • Rash

      thx for the tip :)

    • Abdullah

      spectacular work Rey … this articles answered alot of my queries

    • Toprak

      List is included many turkish domain name. :)

    • http://nacereddine.wordpress.com Nacereddine

      Another solution would be to use TinyURL, works everytime

    • Merlin_Magii

      My compliments Raymond !

      Thank you for a very thorough and excellent piece of research. That must have been tedious in the extreme to work through – but then ….. that’s why you’re simply the best …. isn’t it !!! ?

    • http://qip.ro Doru

      thanks for that

    • Decent60

      No-Ip is blocked because there have been a lot of virus dump sites that were built on that and ran in the background processes on public computers (and probably some private ones as well). Since No-IP has a tool that allows you to automatically update the IP address you are one, it is conceivable that those viruses/Trojans used the same protocol to reassign the IP to the compromised computer.

      Either way, going over this list has helped me figure out some of the problems I’ve encountered with MSN (Windows Live), although I’ve had a lot of problems, getting the same message when all I was trying to do is just type a small convo. I’ve basically given up on MSN and switched to Skype instead.

    • somu

      thanx raymond
      it’s a excellent work

    • http://www.imct.cl Sir Mauricius

      Nice job Raymond.

      I can’t understand why they block filenames or hostname, that solution is so… fool. A better solution maybe is block headers of files.

      “Saludos” from Chile

      PS: Sorry for my english

    • http://www.theiceman.co.il/blog Tim

      WOW,

      Great job investigating all of this
      Thanks

    • Anony

      Great info!

    • billy

      Wonderful research! Tons of thanks for this blog which show me the answer on this type of MSN errors.

    • Fatih Ozel

      Thanks a lot.
      Very usefull information!

    • http://dan.cx/ Daniel15

      Haha I remember you emailing me asking about this. Nice article on it. :)

      How come you found a lot more blocked phrases than what I found? Was your shields file bigger?

    • hailalpha

      instead of using http use hxxp which allows it through msn!!

    • http://frungi.livejournal.com/profile Frungi

      Thank you! I found this by trying to figure out why MSN seemed to block all my no-ip.org links, and now I know.

      Does it say something more about MSN or about its users that Microsoft apparently feels that its users will helplessly compulsively click on these links?

    Copyright © 2005-2012 - Raymond.CC Blog