[56780] in North American Network Operators' Group
Re: FC: Email a RoadRunner address, get scanned by their securitysystem]
daemon@ATHENA.MIT.EDU (Jack Bates)
Fri Mar 14 23:27:35 2003
From: "Jack Bates" <jbates@brightok.net>
To: "William Allen Simpson" <wsimpson@greendragon.com>,
"North American Network Operators Group" <nanog@merit.edu>
Date: Fri, 14 Mar 2003 22:27:03 -0600
Errors-To: owner-nanog-outgoing@merit.edu
From: "William Allen Simpson
> After sending an email to a friend at a RoadRunner address, I see this in
> my web access log:
>
> 24.30.199.228 - - [13/Mar/2003:15:11:25 -0500] "CONNECT security.rr.com:25
> HTTP/1.0" 404 535 "" ""
>
> Basically, RoadRunner tried to spam themselves using my server. I mailed
> abuse@rr.com about this, and received a canned response, enclosed. It's a
> humble response, but woefully inadequate. Have anti-spam measures come to
> this? This seems like an ill-considered compromise between privacy and
> anti-spam efforts. A blunt instrument that betrays less-than-careful
> thinking. The opt-out option, which was revealed only after my complaint,
> is even more obnoxious.
Sending email to many servers means that your mail server will be probed for
open proxies and open relays. It's only seriously taboo when it leaves the
actual connecting server to scan the rest of the network. This is why I
posted previously about a centralized system so that we can limit these
probes. In the case of RoadRunner, it is only inappropriate because RR
themselves complains and throughs a fit about being probed, and yet they
probe others.
-Jack
