[Dshield] security.scan.sec.rr.com

Mark Tombaugh mtombaugh at alliedcc.com
Wed Jun 18 14:57:14 GMT 2003


On Wednesday 18 June 2003 04:54 pm, Doug White wrote:
> Very normal for RR
>
> Their assertion:  "We reserve the absolute right to scan the origin of any
> mail sent to the rr servers"
>
> "If you object to this and wish to end the scanning, then do not send mail
> to the rr. servers."
>
> Now if they would give that much attention to the multiple open relays on
> their system that is spewing spam in unprecedented quantities.

But they do, or at least they try to. There are two fronts to their anti-spam 
efforts, proactive scanning of their entire subscriber IP address space, in 
addition to reactive scanning of any IP that hits their mail servers.  Their 
probing policies can be found here: <http://security.rr.com>

Anyone who uses RBLs employs the same policies as rr.com, the only difference 
is rr.com tests apparently in realtime from their own block. I have no 
problems with these policies and continue to recommend their service.

In conjunction with a concurrent thread, too bad wannadoo.fr doesn't try the 
same thing ;p 

>From abuse at rr.com:
>
>We understand that some entities may not wish to be scanned as part of this
>automated process. If you do not wish to be tested by Road Runner, there
>are two ways to accomplish this:
>
>1. Send an e-mail to 'donottest at security.rr.com' with the IP address that
>you do not wish to be tested. Please note that if you are not the
>designated contact for your IP address range (for example, if you are on a
>cable modem, DSL, or dialup range), we will be unable to fulfill your
>request for addition or removal.
>2. Do not connect to our inbound SMTP servers. Again, this test is only
>conducted on servers that connect to our servers.
>
>If you have any further questions, you can visit http://security.rr.com or
>contact Road Runner Security via e-mail at 'spamblock at security.rr.com'
>
>Regards,
>Road Runner Security





More information about the list mailing list