[TriLUG] Somewhat OT: [Fwd: FC: Email a RoadRunner address, get scanned by their security system]

Jeremy Portzer jeremyp at pobox.com
Fri Mar 14 16:51:08 EST 2003


I'm not sure why everyone is so concerned about this.

Road Runner has clearly stated their policy (they've been doing this for
months, by the way, and the information is posted at
http://security.rr.com/ ).

As the email says, the scanning is 'reactive' and is fully within their
right.  Since  (1) I'm sure you're not running an open relay and won't
be blocked anyway, and (2) they provide a clear opt-out option; why get
so excited?

--Jeremy

On Fri, 2003-03-14 at 16:44, lfwelty wrote:
> Can anyone local comment?
> 
> Don't get yourself in trouble w/ ...
> Just interested in a local perspective.
> 
> [disclaimer: I assume all posts are personal opinions unless
>   explicitly stated otherwise. Do not assume everyone else will
>   take this position.]
> -- 
> ------------------------------------------------------------------
> Frank Welty                |  15401 Weston Parkway, Suite 150
> lfwelty at redback.com        |  Cary, NC 27513
> Redback Networks           |  desk:919.678.2175 m: 919.264.7495
> ------------------------------------------------------------------
> ----
> 

> From: Declan McCullagh <declan at well.com>
> To: politech at politechbot.com
> Subject: FC: Email a RoadRunner address, get scanned by their security system
> Date: 14 Mar 2003 15:25:46 -0500
> 
> 
> ---
> 
> Date: Fri, 14 Mar 2003 15:22:24 -0500
> Subject: RoadRunner Automated Portscans
> From: Gunnar Hellekson <gunnar at onepeople.org>
> To: declan at well.com
> 
> After sending an email to a friend at a RoadRunner address, I see this in 
> my web access log:
> 
> 24.30.199.228 - - [13/Mar/2003:15:11:25 -0500] "CONNECT security.rr.com:25 
> HTTP/1.0" 404 535 "" ""
> 
> Basically, RoadRunner tried to spam themselves using my server.  I mailed 
> abuse at rr.com about this, and received a canned response, enclosed.  It's a 
> humble response, but woefully inadequate.  Have anti-spam measures come to 
> this?  This seems like an ill-considered compromise between privacy and 
> anti-spam efforts.  A blunt instrument that betrays less-than-careful 
> thinking.  The opt-out option, which was revealed only after my complaint, 
> is even more obnoxious.
> 
> Under their logic, I feel entitled to poke and prod their customers, just 
> to make sure they don't spam me.  Is that fair?  I promise to provide an 
> opt-out if anyone complains.
> 
> I'm curious whether this preemptive measure is effective at all.
> 
> -Gunnar
> 
> >From: "Road Runner Security \[DSR\]" <abuse at rr.com>
> >Date: Fri Mar 14, 2003  2:05:12 PM America/New_York
> >Subject: Re: Port scans?
> >
> >Hello,
> >
> >The securityscan.sec.rr.com machine is a Road Runner Security resource that
> >is used as a tool to assist us in determining if machines being used to
> >send us mail may be abused from outside sources, allowing them to be used
> >to spam our customers and role accounts. We fully understand your concerns
> >surrounding the probing of your machine. This issue has been raised
> >internally and we hope this email helps you better understand our process.
> >
> >The intention of this process is truly not meant to be a "big brother"
> >system, but we understand that some may view it as such. Our ultimate goal,
> >however, is to protect our network, our customers, and our role accounts.
> >
> >Road Runner has begin the REACTIVE testing of IP addresses which connect 
> >to its inbound SMTP gateways. If your machine connects to ours to send 
> >email, we reserve the absolute right to perform SMTP relay and open proxy 
> >server tests upon the connecting IP address to ensure that the machine at 
> >that IP address cannot be abused for malicious > purposes.
> >
> >These scans are done once per week per IP, via an automated process, and 
> >only on those servers that have sent our subscriber base mail. The only 
> >way for these tests to occur is if an IP address connects to our inbound 
> >SMTP gateway. If found to be an open proxy or smtp relay, the IP address 
> >will be blocked at our mail gateway borders with one of the following 
> >error messages:
> >
> >ERROR:5.7.1:550 Mail Refused - See 
> >http://security.rr.com/mail_blocks.htm#proxy
> >ERROR:5.7.1:550 Mail Refused - See 
> >http://security.rr.com/mail_blocks.htm#relay
> >
> >We understand that some entities may not wish to be scanned as part of this
> >automated process. If you do not wish to be tested by Road Runner, there
> >are two ways to accomplish this:
> >
> >1. Send an e-mail to 'donottest at security.rr.com' with the IP address that
> >you do not wish to be tested. Please note that if you are not the
> >designated contact for your IP address range (for example, if you are on a
> >cable modem, DSL, or dialup range), we will be unable to fulfill your
> >request for addition or removal.
> >2. Do not connect to our inbound SMTP servers. Again, this test is only
> >conducted on servers that connect to our servers.
> >
> >If you have any further questions, you can visit http://security.rr.com or
> >contact Road Runner Security via e-mail at 'spamblock at security.rr.com'
> >
> >Regards,
> >Road Runner Security
> 
> 
> 
> 
> 
> -------------------------------------------------------------------------
> POLITECH -- Declan McCullagh's politics and technology mailing list
> You may redistribute this message freely if you include this notice.
> To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
> This message is archived at http://www.politechbot.com/
> Like Politech? Make a donation here: http://www.politechbot.com/donate/
> -------------------------------------------------------------------------
> Declan McCullagh's photographs are at http://www.mccullagh.org/
> -------------------------------------------------------------------------
> 
> 
-- 
/=====================================================================\
| Jeremy Portzer       jeremyp at pobox.com       trilug.org/~jeremy     |
| GPG Fingerprint: 712D 77C7 AB2D 2130 989F  E135 6F9F F7BC CC1A 7B92 |
\=====================================================================/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030314/0a16ba70/attachment.pgp>


More information about the TriLUG mailing list