[Dshield] security.scan.sec.rr.com

Doug White doug at dwhite.ws
Wed Jun 18 20:38:45 GMT 2003

I can understand what RR is trying to do, but it seems like a sledge hammer is
being used to break watermelons.  All they seem to be doing is to be adding to
the congestion on the net.

My mail gateway, has been receiving spam via rr open relays consistently for a
number of months, each duly reported to abuse@  These are not going through
dynamic IP numbers, but static numbers, which means it should not be a moving
target to track down and eliminate. Not only have they not managed to shut down
the open relays, they do not even seem to be attempting to do so.

The end result?  Those static IP numbers are appearing on black lists in
increasing numbers.  This is only hurting rr customers, not anyone else.

Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
If you are not satisfied with my service, my job isn't done!

----- Original Message ----- 
From: "Mark Tombaugh" <mtombaugh at alliedcc.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Wednesday, June 18, 2003 9:57 AM
Subject: Re: [Dshield] security.scan.sec.rr.com

| On Wednesday 18 June 2003 04:54 pm, Doug White wrote:
| > Very normal for RR
| >
| > Their assertion:  "We reserve the absolute right to scan the origin of any
| > mail sent to the rr servers"
| >
| > "If you object to this and wish to end the scanning, then do not send mail
| > to the rr. servers."
| >
| > Now if they would give that much attention to the multiple open relays on
| > their system that is spewing spam in unprecedented quantities.
| But they do, or at least they try to. There are two fronts to their anti-spam
| efforts, proactive scanning of their entire subscriber IP address space, in
| addition to reactive scanning of any IP that hits their mail servers.  Their
| probing policies can be found here: <http://security.rr.com>
| Anyone who uses RBLs employs the same policies as rr.com, the only difference
| is rr.com tests apparently in realtime from their own block. I have no
| problems with these policies and continue to recommend their service.
| In conjunction with a concurrent thread, too bad wannadoo.fr doesn't try the
| same thing ;p
| >From abuse at rr.com:
| >
| >We understand that some entities may not wish to be scanned as part of this
| >automated process. If you do not wish to be tested by Road Runner, there
| >are two ways to accomplish this:
| >
| >1. Send an e-mail to 'donottest at security.rr.com' with the IP address that
| >you do not wish to be tested. Please note that if you are not the
| >designated contact for your IP address range (for example, if you are on a
| >cable modem, DSL, or dialup range), we will be unable to fulfill your
| >request for addition or removal.
| >2. Do not connect to our inbound SMTP servers. Again, this test is only
| >conducted on servers that connect to our servers.
| >
| >If you have any further questions, you can visit http://security.rr.com or
| >contact Road Runner Security via e-mail at 'spamblock at security.rr.com'
| >
| >Regards,
| >Road Runner Security
| _______________________________________________
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:

More information about the list mailing list