FC: Email a RoadRunner address, get scanned by their securitysystem]

Jack Bates jbates at brightok.net
Sat Mar 15 04:27:03 UTC 2003


From: "William Allen Simpson

> After sending an email to a friend at a RoadRunner address, I see this in
> my web access log:
>
> 24.30.199.228 - - [13/Mar/2003:15:11:25 -0500] "CONNECT security.rr.com:25
> HTTP/1.0" 404 535 "" ""
>
> Basically, RoadRunner tried to spam themselves using my server.  I mailed
> abuse at rr.com about this, and received a canned response, enclosed.  It's a
> humble response, but woefully inadequate.  Have anti-spam measures come to
> this?  This seems like an ill-considered compromise between privacy and
> anti-spam efforts.  A blunt instrument that betrays less-than-careful
> thinking.  The opt-out option, which was revealed only after my complaint,
> is even more obnoxious.

Sending email to many servers means that your mail server will be probed for
open proxies and open relays. It's only seriously taboo when it leaves the
actual connecting server to scan the rest of the network. This is why I
posted previously about a centralized system so that we can limit these
probes. In the case of RoadRunner, it is only inappropriate because RR
themselves complains and throughs a fit about being probed, and yet they
probe others.

-Jack




More information about the NANOG mailing list