Sign in to follow this  
Followers 0
SpamCopAdmin

[Resolved] Road Runner Blocking SpamCop Mail

25 posts in this topic

Road Runner is blocking mail from 204.15.82.27 vmx1.spamcop.net

Our automatic responses to Road Runner user's spam submissions are being silently discarded.

I have asked Road Runner to lift the block, but there is no telling how long it will take, or if they'll do it.

Users submitting spam and not getting our responses can log into their account here and use the "Unreported spam Saved" link to report the spam they sent in.

- Don D'Minion - SpamCop Admin -

Share this post


Link to post
Share on other sites

Thanks Don .. Pinned this so it won't "sink" .....

Share this post


Link to post
Share on other sites

The Road Runner user I've been working with reports that the block has been lifted and our responses are getting to him now.

- Don D'Minion - SpamCop Admin -

Share this post


Link to post
Share on other sites

I may have this issue.

I report a lot of spam to SpamCop using SPAMsource. All has been working fine for months. Then a few days ago I report and nothing comes back. What is really strange is I never get the unreported spam flag on the SpamCop page. It's like the emails just go to nowhere.

I have deleted and reconfigured all my mailhosts. I have "fuel" in my account.

My emails to other addresses and using Outlook test work just fine.

Like I said everything has been working fine until a few days ago.

Any ideas on how to see if my emails are getting through. I have been going back to the old single report manual cut and paste method on the reporting page for a few days now. I do this after I do not get a response back.

Any help would be appreciated

Share this post


Link to post
Share on other sites

Well, if you do not get 'unreported spam' link when you log in, it seems as if your emails are not ever leaving. Some ISPs will, without telling customers, start to filter outgoing email that looks like spam.

There is a FAQ on the subject. I think it is called 'Email Submissions disappearing' There is a checklist to see where the failure is and a list of ISP names who do this, I think. If yours is not on the list, then if they are, perhaps you will post back and we can add its name.

Miss Betsy

Share this post


Link to post
Share on other sites

Thanks for the quick reply and info. Rough day and hadn't even gotten around to trying the simple things like using a different outgoing server.

Well I went through most of the steps. I changed my smtp server and reported through gmail and now I get the unreported flag and a reply email to my RR account. Of course this pretty much means RR is blocking the outgoing emails. I have emailed the national RR email Help Desk with all the information and asked them to unblock outgoing SC emails. They might get to it in a year or two.

I have not had any luck dealing with RR admins. I hope they do fix it, but I am not going to hold my breath.

Share this post


Link to post
Share on other sites

Well after several emails with RR support they have bounced the problem back to SC.

"Thank you for your reply. This problem would indicate that the message to Spamcop is being rejected by the spamcop.net server rather than Road Runner. They are possibly rejecting the IP address you are sending from, which is included in a block list of a range of IP addresses."

I have replied to them again that since I get no reject notice from the server that this is unlikely, but I'll bet this will be a stonewall with them now.

Share this post


Link to post
Share on other sites

Well I emailed RR security and asked them about blocking mail to SC. I was in contact with a person who actually was knowledgeable and informative. After giving him some specific times and dates for emails being blocked he tracked them down in the logs and found that yes they were found to contain spam and were discarded.

RR is scanning both incoming and outgoing emails for spam. Incoming you can use a webmail interface and stop the inbound filtering or control the degree of filtering. Outgoing however has no such control. They do acknowledge that they are just discarding outgoing spam mails as the system has no other option at this time. I will post a sanitized version of their response below.

Hello, xxx.

I got the answer to you problem here; I'm not sure how you'll respond, but please read this in its entirety...

As you may be aware, xxx.rr.com users were migrated to a new mail system last week. Unlike the old mail system you had been hosted on, this new system has, in addition to our block lists, filtering of email based on spam-like characteristics in the body. This filtering is occurring on both inbound and outbound mail.

Inbound mail identified as spam by this filtering software is placed into the customer's spam Folder; this folder is accessible only through webmail (https://webmail.xxx.rr.com/). Our webmail product in this new system also offers a 'Report spam' button.

For outbound mail, obviously we cannot tag a message deemed to be spam by our own systems and send it along to the destination; doing so would cause us to be viewed in a bad light by the rest of the Internet.

While the optimal configuration for outbound spam filtering is to identify the message as spam during the SMTP transaction between the client and our server, and to reject the message before the transaction completes, our server technology at this time does not allow for such configuration. Therefore, we are discarding messages identified as spam on our outbound servers.

Your particular message to SpamCop was identified as spam and discarded; timestamps here are GMT:

Removed Header info:

The choice to do this (identify and discard) was not made lightly, but the alternative of allowing spam out through our servers was not acceptable; in fact, we learned early on with this new system the pain of delays and outright rejections of outbound mail from the new system due to a lack of spam control. Cutting down the flow of spam through our servers by discarding messges deemed to be spam was the best approach available to us at the time in order to give our customers the best chance of having their outbound mail accepted and delivered.

If you're wondering why this message ever made it to your Inbox (i.e., why didn't the spam filtering catch it inbound, since it knew about it

outbound) I cannot answer that question. My suspicion is that, given the timing of things, it was delivered initially to you Inbox on the old system, migrated with the rest of your mailbox contents to the new system, and then you tried to send it out through the new system; the headers of the particular message will confirm or deny my suspicions.

We're still in the early stages of deployment of this mail system, and we recognize that today's configuration is not likely to be the final configuration; tweaks to our anti-spam software are going to be necessary, and we'll work hard to figure out what the right tweaks are.

I hope this answers your question, but feel free to ask any follow-on questions you may have.

Maybe SC might give RR a hand. I asked them to look into allowing SC to be unfiltered but to limit emails by number and time if possible, but have not heard back from them.

Anyway, just some info should you find your emails to SC disappearing.

Share this post


Link to post
Share on other sites

One has to wonder how much spam actually is going out through legitimate outbound MXs. From what I have seen 99.9% of spam is sent "direct to MX" by a proxy trojan, and so would bypass their outgoing anti-spam system entirely. Seems like it would be easier to deal with outbound spam on the MX by simply monitoring volumes, and reading and acting on complaints in the abuse mailbox in a timely fashion.

Share this post


Link to post
Share on other sites
RoadRunner added to the list ... E-Mail spam submittals blocked by your ISP
The RoadRunner postmaster advises me that he has punched a hole in their outbound filters that will allow spam submissions to be delivered when they're addressed to our "submit" and "quick" addresses.

- Don D'Minion - SpamCop Admin -

Share this post


Link to post
Share on other sites
The RoadRunner postmaster advises me that he has punched a hole in their outbound filters that will allow spam submissions to be delivered when they're addressed to our "submit" and "quick" addresses.
That's fantastic Don. Well done! This could be the thin edge of the wedge to convince others too ...

Share this post


Link to post
Share on other sites
The RoadRunner postmaster advises me that he has punched a hole in their outbound filters that will allow spam submissions to be delivered when they're addressed to our "submit" and "quick" addresses.

This was a recent thing, spamcop submissions started being silently filtered after they upgraded the mail system.

I work in the NOC for one of the Roadrunner divisions, and opened a ticket with the mail guys when my own submissions started failing to go through.

Since it was the central mail sysops that made the change, hopefully this will apply to ALL roadrunner divisions across the USA.

Glad I could help!

Share this post


Link to post
Share on other sites
I...opened a ticket with the mail guys when my own submissions started failing to go through.

Since it was the central mail sysops that made the change, hopefully this will apply to ALL roadrunner divisions across the USA.

Glad I could help!

Well, thank you. If only there were more ... but even one is a bonus!

Share this post


Link to post
Share on other sites
This was a recent thing, spamcop submissions started being silently filtered after they upgraded the mail system.

I work in the NOC for one of the Roadrunner divisions, and opened a ticket with the mail guys when my own submissions started failing to go through.

Since it was the central mail sysops that made the change, hopefully this will apply to ALL roadrunner divisions across the USA.

Glad I could help!

Thanks for your work.

[Not related to this issue but to road runner in general]. I always wondered if roadrunner does anything about spamcop reports? I always see rr.com in the top10 or top 20 in the http://www.spamcop.net/w3m?action=hoshame#domsum . Perhaps you could help everyone out there by opening up similar tickets for all the spamcop reports!

Share this post


Link to post
Share on other sites

I suspect a lot of the reason for them being at the top is simply volume. When you have that many users, no matter how fast you respond to compromised machines spewing spam, a certain amount is going to make it out.

The alternative of course is to block port 25 by default, but considering the amount of upset customers even small changes create, I would suspect blocking an entire port (which I'm certain a LOT of their customers use to send mail through webhosts, private mail servers, etc) would create an unacceptable volume of support calls and angry customers in general.

When SBC implemented port 25 blocking in my area, they spent about 2 weeks innundating their customers with emails and letters informing them of the changes, and how to be exempted from them if you needed direct access to port 25. Even so, I probably had 4 or 5 of my customers call me because they couldn't send email anymore after the change, due to the fact they were trying to send their email out through a mail server provided by their web host. A simple call fixed the problem, but it just goes to show how unlikely it is that people will pay attention and actually make necessary changes before something like that causes them a problem.

Share this post


Link to post
Share on other sites
[Not related to this issue but to road runner in general]. I always wondered if roadrunner does anything about spamcop reports? I always see rr.com in the top10 or top 20 in the http://www.spamcop.net/w3m?action=hoshame#domsum . Perhaps you could help everyone out there by opening up similar tickets for all the spamcop reports!

Yes they do come through. Also you have to realize that rr.com covers a HELL of a lot of IP space. And, as Telarin suggested, about 8 million RR subscribers.

Each division has their own email subdomain.

nyc.rr.com = new york city + new jersey

san.rr.com = san diego california

ec.rr.com = kansas city (no idea where "ec" comes from")

etc. etc.

Abuse tickets are assigned to and handled by each division, determined by the originating IP in the spam headers. In my division (not the largest), we get 25-75 abuse tickets a DAY. I can't fathom how many the NY City division must get.

Share this post


Link to post
Share on other sites
<snip>
...Thanks for posting! It's good to see participation from the e-mail providers.

...Has RR considered doing what my employer does, which is to refuse access to anyone who does not have corporate-sanctioned active prophylactics (for example, virus detection and personal firewall)? I would think this would greatly reduce the amount of spam running through your system, since much (most?) spam these days is coming from "trojanned" PCs, as evidenced by the large number of spam "from" dynamic IP addresses.

Share this post


Link to post
Share on other sites

If I remember rightly, they do offer free AV and Firewall software in many areas. Of course, getting a customer to use them is much like getting a teenager to use free... um... nevermind. Anyway, how would you know if they have FW and AV software installed until after it is too late?

Share this post


Link to post
Share on other sites
<snip>how would you know if they have FW and AV software installed until after it is too late?
...Got me, but my employer is able to do it, so there must be some way to scan a user's running applications before allowing her/him to connect to the network!

Share this post


Link to post
Share on other sites

That sounds a tad on the illegal/privacy violation side to me. They got in trouble just for doing traffic shaping, which doesn't even involve scanning their customers computers, I suspect actually going in and somehow scanning running applications (which would be impossible if the customer is behind any kind of firewall/router configuration) would be a whole bunch of lawsuits waiting to happen.

Share this post


Link to post
Share on other sites
That sounds a tad on the illegal/privacy violation side to me. They got in trouble just for doing traffic shaping, which doesn't even involve scanning their customers computers, I suspect actually going in and somehow scanning running applications (which would be impossible if the customer is behind any kind of firewall/router configuration) would be a whole bunch of lawsuits waiting to happen.
...Tough luck -- their server, their rules (provided they publicize that in advance, so potential customers who don't want that to be done won't subscribe). Besides, I didn't suggest scanning *all* running applications, just for the presence of an (any) active firewall and an (any) antivirus product. And if it's impossible because the customer is behind a firewall, then there's no need to scan -- the customer is doing what is needed to limit access by malware, assuming the firewall is properly configured, something the provider presumably can't tell.

Share this post


Link to post
Share on other sites
I always wondered if roadrunner does anything about spamcop reports? I always see rr.com in the top10 or top 20 in the http://www.spamcop.net/w3m?action=hoshame#domsum . Perhaps you could help everyone out there by opening up similar tickets for all the spamcop reports!

This is the first time I am seeing that rr.com is not there in the top 50 list at http://www.spamcop.net/w3m?action=hoshame#domsum . Either Road Runner guys have got a nice handle on spam emanating from their network or other ISPs have gotten much worse.

hth

raju

Share this post


Link to post
Share on other sites
...Either Road Runner guys have got a nice handle on spam emanating from their network or other ISPs have gotten much worse. ...
I would be inclined to the charitable view. Total volumes are trending up, it is true - http://www.spamcop.net/spamgraph.shtml?spamyear but at the same time it is my impression that the "lacking dns" proportion is steadily increasing thus for RRs and other assignments of this world to drop through the rankings either requires some serious effort (in the way Comcast has seemingly applied itself) or a shifting of the blame - but http://www.senderbase.org/senderbase_queries/main shows both RR and Comcast are 'way up there in the rankings of total mail. So to drop off the radar in spam rankings has to be a valid achievement, I would think. Am I missing something?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0