--- Date: Fri, 14 Mar 2003 15:22:24 -0500 Subject: RoadRunner Automated Portscans From: Gunnar Hellekson <gunnarat_private> To: declanat_private After sending an email to a friend at a RoadRunner address, I see this in my web access log: 24.30.199.228 - - [13/Mar/2003:15:11:25 -0500] "CONNECT security.rr.com:25 HTTP/1.0" 404 535 "" "" Basically, RoadRunner tried to spam themselves using my server. I mailed abuseat_private about this, and received a canned response, enclosed. It's a humble response, but woefully inadequate. Have anti-spam measures come to this? This seems like an ill-considered compromise between privacy and anti-spam efforts. A blunt instrument that betrays less-than-careful thinking. The opt-out option, which was revealed only after my complaint, is even more obnoxious. Under their logic, I feel entitled to poke and prod their customers, just to make sure they don't spam me. Is that fair? I promise to provide an opt-out if anyone complains. I'm curious whether this preemptive measure is effective at all. -Gunnar >From: "Road Runner Security \[DSR\]" <abuseat_private> >Date: Fri Mar 14, 2003 2:05:12 PM America/New_York >Subject: Re: Port scans? > >Hello, > >The securityscan.sec.rr.com machine is a Road Runner Security resource that >is used as a tool to assist us in determining if machines being used to >send us mail may be abused from outside sources, allowing them to be used >to spam our customers and role accounts. We fully understand your concerns >surrounding the probing of your machine. This issue has been raised >internally and we hope this email helps you better understand our process. > >The intention of this process is truly not meant to be a "big brother" >system, but we understand that some may view it as such. Our ultimate goal, >however, is to protect our network, our customers, and our role accounts. > >Road Runner has begin the REACTIVE testing of IP addresses which connect >to its inbound SMTP gateways. If your machine connects to ours to send >email, we reserve the absolute right to perform SMTP relay and open proxy >server tests upon the connecting IP address to ensure that the machine at >that IP address cannot be abused for malicious > purposes. > >These scans are done once per week per IP, via an automated process, and >only on those servers that have sent our subscriber base mail. The only >way for these tests to occur is if an IP address connects to our inbound >SMTP gateway. If found to be an open proxy or smtp relay, the IP address >will be blocked at our mail gateway borders with one of the following >error messages: > >ERROR:5.7.1:550 Mail Refused - See >http://security.rr.com/mail_blocks.htm#proxy >ERROR:5.7.1:550 Mail Refused - See >http://security.rr.com/mail_blocks.htm#relay > >We understand that some entities may not wish to be scanned as part of this >automated process. If you do not wish to be tested by Road Runner, there >are two ways to accomplish this: > >1. Send an e-mail to 'donottestat_private' with the IP address that >you do not wish to be tested. Please note that if you are not the >designated contact for your IP address range (for example, if you are on a >cable modem, DSL, or dialup range), we will be unable to fulfill your >request for addition or removal. >2. Do not connect to our inbound SMTP servers. Again, this test is only >conducted on servers that connect to our servers. > >If you have any further questions, you can visit http://security.rr.com or >contact Road Runner Security via e-mail at 'spamblockat_private' > >Regards, >Road Runner Security ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ ------------------------------------------------------------------------- Declan McCullagh's photographs are at http://www.mccullagh.org/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Mar 14 2003 - 12:52:47 PST