Politech mailing list archives

Previous By Date Next
Previous By Thread Next

FC: Email a RoadRunner address, get scanned by their security system

From: Declan McCullagh <declan () well com>
Date: Fri, 14 Mar 2003 15:25:46 -0500

---

Date: Fri, 14 Mar 2003 15:22:24 -0500
Subject: RoadRunner Automated Portscans
From: Gunnar Hellekson <gunnar () onepeople org>
To: declan () well com
After sending an email to a friend at a RoadRunner address, I see this in my web access log:
24.30.199.228 - - [13/Mar/2003:15:11:25 -0500] "CONNECT security.rr.com:25 HTTP/1.0" 404 535 "" ""
Basically, RoadRunner tried to spam themselves using my server. I mailed abuse () rr com about this, and received a canned response, enclosed. It's a humble response, but woefully inadequate. Have anti-spam measures come to this? This seems like an ill-considered compromise between privacy and anti-spam efforts. A blunt instrument that betrays less-than-careful thinking. The opt-out option, which was revealed only after my complaint, is even more obnoxious.
Under their logic, I feel entitled to poke and prod their customers, just to make sure they don't spam me. Is that fair? I promise to provide an opt-out if anyone complains. 

I'm curious whether this preemptive measure is effective at all.

-Gunnar


From: "Road Runner Security \[DSR\]" <abuse () rr com>
Date: Fri Mar 14, 2003  2:05:12 PM America/New_York
Subject: Re: Port scans?

Hello,

The securityscan.sec.rr.com machine is a Road Runner Security resource that
is used as a tool to assist us in determining if machines being used to
send us mail may be abused from outside sources, allowing them to be used
to spam our customers and role accounts. We fully understand your concerns
surrounding the probing of your machine. This issue has been raised
internally and we hope this email helps you better understand our process.

The intention of this process is truly not meant to be a "big brother"
system, but we understand that some may view it as such. Our ultimate goal,
however, is to protect our network, our customers, and our role accounts.
Road Runner has begin the REACTIVE testing of IP addresses which connect to its inbound SMTP gateways. If your machine connects to ours to send email, we reserve the absolute right to perform SMTP relay and open proxy server tests upon the connecting IP address to ensure that the machine at that IP address cannot be abused for malicious > purposes.
These scans are done once per week per IP, via an automated process, and only on those servers that have sent our subscriber base mail. The only way for these tests to occur is if an IP address connects to our inbound SMTP gateway. If found to be an open proxy or smtp relay, the IP address will be blocked at our mail gateway borders with one of the following error messages:
ERROR:5.7.1:550 Mail Refused - See http://security.rr.com/mail_blocks.htm#proxy ERROR:5.7.1:550 Mail Refused - See http://security.rr.com/mail_blocks.htm#relay 

We understand that some entities may not wish to be scanned as part of this
automated process. If you do not wish to be tested by Road Runner, there
are two ways to accomplish this:

1. Send an e-mail to 'donottest () security rr com' with the IP address that
you do not wish to be tested. Please note that if you are not the
designated contact for your IP address range (for example, if you are on a
cable modem, DSL, or dialup range), we will be unable to fulfill your
request for addition or removal.
2. Do not connect to our inbound SMTP servers. Again, this test is only
conducted on servers that connect to our servers.

If you have any further questions, you can visit http://security.rr.com or
contact Road Runner Security via e-mail at 'spamblock () security rr com'

Regards,
Road Runner Security






-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: