Road Runner Security
security.rr.com


Page 3

 

Road Runner Mail Blocks

The purpose of this webpage is to provide information regarding blocks affecting email inbound to Road Runner customers. General questions regarding Road Runner's spam blocks or blocking policies can be directed to blockinfo@security.rr.com

You may also click on the Spam Control link to the left

Think You're Being Blocked By Road Runner? Want To Be Unblocked? Read This, Please.

If you're here because you know or believe that Road Runner is currently actively refusing inbound email to its customers from a server you're using, please read this section carefully.

Note: The error messages our inbound servers emit are documented below. Please make sure that you compare that list to the error message you have in hand to ensure that you're actually being blocked.

If you're not sure if your mail server's IP address is being blocked, a quick way to check is provided at this link.

If you're sure your mail server is blocked, and you want to request de-listing, use this form. We recommend that you come back to this page and gain a better understanding of why the mail server you were using was blocked.

Note: Senders who are sure that their server is being blocked should have in hand an error message that looks like this: 

    554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://security.rr.com/cgi-bin/block-lookup?IP.ADD.RE.SS

Whether or not the mail server you're using is blocked, if your organization is solely responsible for the mail server(s) in question, and you'd like to signup for a feedback loop with us, please see our Feedback Loop FAQ page.

Road Runner's Block Lists

Road Runner makes use of multiple lists of addresses and networks from which it will refuse email. Two lists are maintained by Road Runner, and their content is based mostly on complaints from our customers of spam received from the entity being refused. We also use the following third-party lists:

The two lists maintained by Road Runner are as follows:

  • Name-Based Block List - IP addresses map to names, such as 'mail-server.foo.com', or 'ip_address.reverseIP.bar.net'. Road Runner's name-based block list is comprised of two kinds of name patterns:

    • Those that Road Runner knows or believes to be indicators of other domains' dynamic address space (e.g., dialup or residential broadband customer space)
    • Generic name patterns that may be used for other providers' static address space (e.g., permanently assigned IP addresses) but that give no indication as to the name of the domain that is using the IP address.

    Senders using IP addresses blocked due to this list will receive error messages that look like the following:

    554 5.7.1 - ERROR: Mail Refused - <DOMAIN_NAME> - See http://security.rr.com/mail_blocks.htm#dynamic

    554 5.7.1 - ERROR: Mail Refused - <DOMAIN_NAME> - See http://security.rr.com/mail_blocks.htm#generic

    If you find yourself in this situation, either route your outbound mail through your provider's mail servers or contact your ISP or hosting provider and request that they change the PTR record for your IP address to a non-generic name.

  • IP Address-Based Block List - This list is comprised of IP addresses and networks from which Road Runner customers have received unsolicited mail about which they have complained to Road Runner. Senders using IP addresses blocked due to this list will receive error messages that look like this:

    554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://security.rr.com/mail_blocks.htm#REASON_CODE - YYYYMMDD

    If you find yourself in this situation, you can request removal.

    Note: The above error messages are just templates that show the format of an error message that indicates a block put in place by Road Runner. Actual error messages would replace 'DOMAIN_NAME' with an actual domain name, 'IP.ADD.RE.SS' with an actual IP address or network address, '#REASON_CODE' with a tagged code directing you to a URL on this page, and the optional 'YYYYMMDD' with an eight-digit number signifying the date that the block was put into place.

Third Party Block Lists

Error messages resulting from an IP address being in any of the third-party lists used by Road Runner will look like this:
  • SpamHaus ZEN

    554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://www.spamhaus.org/query/bl?ip=IP.ADD.RE.SS

  • MAPS RBL-Plus

    554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://www.mail-abuse.com/cgi-bin/lookup?IP.ADD.RE.SS

  • Return Path Sender Score Blacklist

    554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://sendersupport.senderscore.net/

If the error message you're receiving references either of these external lists, go to the website to which the error message is directing you, and follow their policies for requesting removal.

Return Path Sender Score Reputation Rank

Beginning in March 2009, Road Runner has instituted connection blocking on all inbound mail traffic for senders with poor email reputations. This step was taken to protect our customers and our mail system from unwanted spam and malicious attacks.

Our connection denial policy is based on Return Path's Sender Score reputation rank. We reject any connection attempt from severs with a Sender Score less than 20.

For more information on Return Path's Sender Score and to research your own score, please visit www.senderscore.org.

If we drop a connection due to the sending IP having a Return Path Sender Score less than 20, our servers will emit the following error message:

  • 421 4.7.1 - ERROR: Connection Dropped - <IP.ADD.RE.SS> - Sending IP has poor reputation - see http://sendersupport.senderscore.net/

Unresolvable DNS for IP Address or Sender Domain

In addition to these block lists, Road Runner's mail servers will also refuse mail from IP addresses that either have no reverse DNS, or PTR, record, or that have a PTR record that is unresolvable, and from email addresses in domains that do not resolve. Those error messages will look like this:

  • 554 5.7.1 - Connection refused. IP name lookup failed for <IP.ADD.RE.SS>

  • 421 4.7.1 - Connection Refused. Cannot resolve PTR record for <IP.ADD.RE.SS>

  • 554 5.1.8 - Domain of sender address EMAIL.ADD.RE.SS does not exist

  • 421 4.1.8 - Domain of sender address EMAIL.ADD.RE.SS does not resolve

If you are a sender finding your mail refused due to either of these reasons, you should contact your ISP or hosting provider to either get a PTR record configured for your IP address or for technical support for the proper configuration of the 'From' setting for your mail client software.

Interpreting Error Codes

Any error code that starts with the number 5 indicates a permanent refusal of the INBOUND mail message; the sending server will inform the sender of the email that his/her message has been rejected, and the sending server will discard the message.

Any error code that starts with the number 4 indicates a temporary failure of the INBOUND mail message. This means that Road Runner has had to temporarily refuse mail from that source due to one or more reasons. The sending server will queue the mail for later delivery attempts to Road Runner. Depending upon how long it takes for the problem to subside, the sender may receive a notification from the sending server that the message has been delayed, and in extreme cases, the sending server may give up altogether on the message and return it to the sender. It usually takes several days for such a failure to occur, however, and the problems causing temporary refusal usually subside in a matter of hours, not days.

Note: "Permanent" in the case of a mail error does not mean that Road Runner has blocked mail from the source "forever". "Permanent" in this case indicates a "go away" response to the mail message, as opposed to a "Temporary" error, which means "try again later".

How To Get Unblocked

If you are being blocked due to a listing on Road Runner's IP Address-Based Block List, you can use this website to request that the block be lifted.

More information about the specifics behind each kind of block can be found below. The section specific to your error message may be worth a read before you request removal.

If you are being blocked due to a listing on Road Runner's Name-Based Block List, do not use the removal request form, as it will not help you. Instead, contact your ISP, hosting provider, or IT department as appropriate, and start the process of getting your mail server's IP address a PTR record that is non-generic.

If mail from your server is being refused because the PTR record for its IP address is non-existent or unresolvable, do not use the removal request form, as it will not help you. Instead, contact your ISP, hosting provider, or IT department as appropriate, and start the process of getting a PTR record configured for your mail server's IP address.

Note: Road Runner does not control, the content of the third party block lists it utilizes in addition to its own lists. If the reason that you're having your mail refused by Road Runner is because your server appears on any of the third-party lists we use (the error message you're receiving will give you this information) you will need to contact the third-party provider of the list in question.

Note: It is possible, under certain criteria, for Road Runner to override a listing of a third-party list; those criteria would include, but are not necessarily limited to:

  • A demand from a sufficient number of our own customers to lift the block.
  • Evidence from the listee's provider of a good-faith effort to get the listing removed.
  • A willingness on the part of the listee and the listee's provider to accept any complaints about the space in question from Road Runner and to take action based on those complaints.
If you feel that you meet these criteria, please contact us at blockinfo@security.rr.com

If you're not sure if you're being blocked, or if you don't have an error mesage in hand, you can either see for yourself if your mail server's IP address is blocked, or you can send email to blockinfo@security.rr.com. Include in this message as much information as you can regarding your situation, so that the Road Runner Postmaster Team can begin to investigate your situation. Please include a valid reply address so that a member of the Postmaster Team may contact you if need be.

General Information On Road Runner's Efforts To Control Inbound Spam

As described elsewhere on this site, Road Runner utilizes local blocks in addition to the third party lists. The overwhelming majority of the entries on this local list are there because Road Runner customers complained that they received unsolicited email from the IP address or network being blocked. The remainder of the entries were placed there as defensive measures by the Road Runner Mail Operations team to combat active abuse of our servers by outside entities.

The blocks that Road Runner has in place tend to stay in place until we receive requests to remove them. Since most of our blocks are there because our customers complained about receiving unsolicited email from a given IP address or network, we may engage the owner of the server in question before we remove the block, especially if we have reason to believe that spam may still be originating from that host. Put another way, the act of requesting removal of a block in and of itself may not be enough to warrant that a block be removed; the final decision in the matter is still left up to Road Runner.

A short note to our subscribers: Road Runner's email blocks target servers and networks, not email addresses. If and when email blocks are implemented, if someone sends an email message and the sender's IP address or SMTP (outgoing mail) server is on one of these block lists, then the incoming email is blocked (either permanently or temporarily). This may unfortunately result in the refusal of some email that is wanted and/or expected by you. Please understand that we cannot make exceptions for individual senders or Road Runner accounts in that situation, but we will accept requests to remove the block. These requests must contain the error message in question, so they are best submitted by the owner of the server or the sender of the original email message. We would therefore like to stress that you (or better yet, the sender of the message) should contact the affected ISP for assistance in resolving the situation.

Road Runner Refusal Error Messages and Their Meanings

The sections below will provide examples of the different error messages that Road Runner's inbound email servers may return when a sending server's email is being refused due to its being blocked or for other reasons. Each example section will include a detailed explanation of what the error means. Should you have any further questions, they can be directed to blockinfo@security.rr.com

For faster access to your specific error message, click on the link below that matches your reason code:

550 5.1.1 - invalid mailbox xxxxxxxxx@yyyyy.rr.com

This error message does not mean that your server is blocked. This error message means only that the Road Runner email address mentioned in the error message does not exist here. If you receive this error message, you should update your addressbook accordingly.

ERROR:5.7.1:550 Mail Refused - NETWORK_OR_IP_GOES_HERE - See http://security.rr.com/mail_blocks.htm#directspam - 200YMMDD

This error message indicates that one or more Road Runner customers complained about unsolicited email that was received from the IP address mentioned in the error message or from the network containing the IP address. The last eight digits of the error message (shown here as 200YMMDD) will indicate the date that the block was put into place. (e.g., 20040815 means the block was put into place on August 15, 2004; 20050228 means February 28, 2005).

Road Runner does not automatically block every IP address or network about which our customers complain for sending unsolicited email. Our spam complaint processing system first parses the offending IP address from the headers of the complaint, and then checks various public sources for the current reputation of that IP address, using an objective scoring system. Those IP addresses which fail to meet a minimum score then become candidates for blocking.

Note: When we receive requests to remove addresses or networks from our block list, we consult this same objective scoring system to determine whether or not to grant the request.

Road Runner tries to focus its blocks on the smallest entity possible; direct spam from a given IP address will only result in the surrounding network (i.e., the encompassing Class C network) being blocked only under the following two conditions:

This generally means that if a customer complains about spam received from, for example, IP address 192.168.100.82, Road Runner will block the 192.168.100.0/24 network only if one of the above two conditions are met.

Note: This process has evolved over time, and there may be networks that were blocked when only a single IP block was warranted; Road Runner will address any removal requests for these blocks in a manner we deem appropriate.

If your mail server is being blocked due to this reason code, you can request removal.

ERROR:5.7.1:550 Mail Refused - NETWORK_OR_IP_GOES_HERE - See http://security.rr.com/mail_blocks.htm#highspam - 200YMMDD

This error message means that the IP in question was blocked not due to spam complaints, but rather due to mail from the IP trigerring our anti-spam filters at a high enough volume and percentage for us to feel that blocking the IP is warranted.

IPs blocked for this reason cannot be removed from our block list by our removal request form; instead, IPs blocked for this reason will be automatically removed from our block list after a pre-determined interval of time has passed.

ERROR:5.7.1:550 Mail Refused - NETWORK_OR_IP_GOES_HERE - See http://security.rr.com/mail_blocks.htm#noBounce - 200YMMDD

This error code indicates that the IP or network in question was blocked here for sending high volumes of mail that generated bounces that we could not deliver due to the reply address for the mail not accepting inbound mail. Because the referenced network was not willing to accept bounces of mail it was sending to our customers, we took the step of blocking it from sending any mail to our systems.

IPs blocked for this reason cannot be removed from our block list by our removal request form; instead, the parties responsible for the IP must contact our Postmaster Support team for further assistance.

ERROR:5.7.1:550 Mail Refused - NETWORK_GOES_HERE - See http://security.rr.com/mail_blocks.htm#rollup - 200YMMDD

This error message indicates that Road Runner has received complaints about, and as a result of those complaints blocked, enough individual IP addresses in a given class C, or /24, network (i.e., IP addresses that differ only in the fourth octet) that we believe that the prudent step is to block the entire network. The date at the end of the error message will indicate when the network-wide block was put in place.

If you are receiving this message when attempting to send email to Road Runner customers, you must contact your provider and have them contact us regarding removal. Removal requests for blocks of this type are held to a higher set of criteria than removal requests for individual IP addresses, as each underlying blocked IP address must be dealt with before the network-wide block will be lifted.

ERROR:5.7.1:550 Mail Refused - DOMAIN_OR_IP_GOES_HERE - See http://security.rr.com/mail_blocks.htm#subscription

This error message indicates that the sending domain has had, in the past, a reputation for subscription abuse, a reputation that may continue today. This reputation was sufficient for Road Runner Security to take the step of refusing email from the domain or network mentioned in the error message.

Subscription abuse is more commonly known as 'Mailing List Forgery'. This often occurs with mailing lists that do not follow the best practices of confirmed opt-in when establishing their subscriber lists. Mailing lists requiring confirmed opt-in signups will go through the following three steps each time a new address is added to the list:

  • A new subscriber will indicate a desire to sign up to receive a list's mailings, and will provide a valid email address to receive that list's mailings.
  • The list owner will send a confirmation email to the signed up address. This confirmation email will ask the owner of that email address to verify that he/she signed up for this list by replying to the confirmation email or perhaps clicking on a URL in the confirmation email.
  • Only after confirmation is received by the list owner will the address be added to the mailing list.
Ideally, the list owner will also maintain records of these transaction, to include copies of the signups and the confirmations, with dates and times that they were received. Additionally, the owner of the subscribed address may request to be removed from the list at any time, and the list owner will honor the request promptly.

Mailing lists that are less strict with their practices of adding new subscribers are sometimes known as "single opt-in", "opt-in", or "opt-out" mailing lists. Road Runner defines these terms as follows:

  • single opt-in or opt-in - These lists will not add new subscribers unless they receive a request to do so from somewhere, such as a webpage signup or an email. The new address will start receiving email from the mailing list immediately. The better of the single opt-in lists will have the method or methods avaible for unsubscribing prominently displayed in each mailing list email, and will honor unsubscribe requests promptly..
  • opt-out - These lists add subscribers from any source available. They may advertise a method for unsubscribing from the list, and they may even honor unsubscribe requests, but given their typical methods of building their lists, their email is more often than not unsolicited by the recipient.
Both of these types of lists are easy targets to use to abuse unsuspecting recipients.

Single opt-in lists become vectors for abuse of Road Runner customers in those situations where our customers get signed up, without their prior knowledge, to one, ten, or any number of mailing lists by someone wishing to cause our customers harm. While a mailing list owner would still have proof that someone asked for the address to be signed up to a given list, without confirmation of the signup, this proof is dubious at best.

While single opt-in is not the best way, in our judgement, to manage a mailing list, is it superior to opt-out lists. The building of a mailing list with addresses gleaned from any source available, including in some cases "brokers" who sell or rent lists of harvested addresses, practically guarantees that any mail sent to that list will be unsolicited by an overwhelming majority of the recipients. Those who manage opt-out lists may say, "Well, the recipients can just hit delete" or they may claim to have working unsubscribe links in the email that they honor promptly, but that is simply not good enough for Road Runner or its customers. Both of these approaches put the burden and the cost for managing list membership on Road Runner and its customers, rather than where it belongs, with the owner of the list. No Road Runner subscriber should ever be forced to "unsubscribe" from a mailing list that he or she did not subscribe to in the first place. Permission of new subscribers must be fully verified before mailings commence.

A good source of more information on the best practices for mailing list management can be found at http://www.mail-abuse.com/an_listmgntgdlines.html. Echoing the messager in that document, Road Runner calls on mailing list managers to understand that email communication is about conSENT, not conTENT. Road Runner is interested in making sure that its customers receive all of the email that they signed up to receive, and none of the email that they did not sign up for.

Requesting Removal Of A Block For Subscription Abuse

You can submit a removal request for one or more of the IP addresses of your blocked mail servers. Domains listed with this error will be removed only after meeting one of the following conditions:

Option 1: Your organization is able to produce full subscription and confirmation records for this subscriber (such as web logs or email transaction reports detailing that our subscriber both signed up for, and subsequently confirmed, the subscriptions for your mailings).

OR

Option 2: Your organization adheres to the following criteria for mailings to Road Runner:

  • Adherance to Road Runner's Inbound Sending Policies
  • Removal and permanent blocking of all outbound mail for all clients to *@rr.com (example: user@rr.com)
  • Permanent blocking of all outbound mail to Road Runner RFC 2142 addresses (see http://www.ietf.org/rfc/rfc2142.txt)
  • Immediate reconfirmation of all non-confirmed *@*.rr.com email addresses (example: user@foo.rr.com) in your mailing lists. We can assist you with verbiage if so desired.
  • Assurances that your organization will take immediate steps to stop the sending of nonconfirmed mailings to our role accounts and to our subscribers, through the use of CONFIRMED opt-in mailing list practices, for all future mailings. If you would like more information on the many methods of confirmation techniques for mailings, please see href="http://www.mail-abuse.com/an_listmgntgdlines.html"> http://www.mail-abuse.com/an_listmgntgdlines.html.
  • The name, email address, and phone number of one or more human beings to serve as contacts for any potential future issues that may arise with our subscribers receiving mail from your domain, should we decide to unblock you.

OR

Option 3: Your organization joins or subscribes to a service listing senders who have certified, via some pre-defined mechanism, that all mail that they send are confirmed as having been requested by the recipient. A list of those services which Road Runner currently subscribes to can be found at our Whitelist Policy page.

The following list contains examples of items that we deem to be not indicative of permission-based mailings; none of these items will help you get your domain unblocked for subscription abuse:

  • Confirmation that you have "listwashed" our subscriber.
  • Information on your "simple unsubscribe process".
  • Our subscriber's name, address, or other personal information.
  • Information on your "privacy policy".
  • Information on where/how you obtained the address in question, unless accompanied by subscription and confirmation logs.
  • Autoresponses.

ERROR:5.7.1:550 Mail Refused - DOMAIN_OR_IP_GOES_HERE - See http://security.rr.com/mail_blocks.htm#security - 200YMMDD

This error message indicates one of the following:

If you are blocked because of another machine on your local network segment, you can still submit a removal request, but you should bring the matter to your hosting provider's attention, as your request may be denied, depending upon the reason for our blocking your network segment. Alternatively, your provider may contact us at blockinfo@security.rr.com. This contact email should provide as much information as possible about the problem being experienced.

If you are not the owner of the IP address, as determined by ARIN or an associated network registrar, contact your ISP. If you are unsure of who owns your IP address, see this link.

If you believe you're permitted to run a mail server where you are, ask for clairification from your Internet provider. If your Internet provider allows you to run a mail server, THEY need to contact us at blockinfo@security.rr.com and tell us that you're specifically allowed.

ISPs which are blocked with this error message should contact Road Runner immediately at blockinfo@security.rr.com. Make sure that you include the exact error message that you are receiving when you email us - if you don't include it, your mail will be discarded. If you don't have an error message, you may contact us at blockinfo@security.rr.com.

If your mail server is being blocked due to this reason code, you can request removal.

ERROR:5.7.1:550 Mail Refused - DOMAIN_GOES_HERE - See http://security.rr.com/mail_blocks.htm#spam_source

This error message indicates that the domain mentioned in the error message has had, in the past, a reputation for sending unsolicited email, a reputation that may continue today. This reputation was sufficient for Road Runner Security to take the step of refusing email from the domain or network mentioned in the error message. Entities receiving this error message are blocked either because their IP address resolves to a name ending in the domain name specified in the error message, or because their IP address is in a range that is or was associated with the domain mentioned.

When a block is placed on a domain or IP range and the reason is "spam_source", that is because the domain listed in the error has been directly connected in the sending of unsolicited email directly to Road Runner subscribers or role accounts, and has been unresponsive to complaints.

The domain listed in the error message is considered by Road Runner to be a known source of unsolicited email. If you are not part of the domain listed in the error message, then you, in all likelihood, just happen to have network connectivity on the same network segment as that which is or at one time was occupied by a known source of unsolicited email.

We recognize that this policy will sometimes inadvertently block innocent mail. This is unfortunate, but as Road Runner has no way of verifying the integrity of the entire network, and cannot tell where a blocked entity will "hop" to next within a limited block, we have no choice but to make broader assumptions to protect our networks and our customers.

In order to clear up the situation, your provider must either:

  • Terminate the spammer (and let us know), or
  • Tell us exactly what IP addresses belong to the spammer
We may then modify or remove the listing as appropriate. We have no wish to block solicited email; however, we need to hear from your provider in order to ensure that the problem has been addressed before we will lift such a block. As such, you should contact your provider first. Your provider should then contact us at blockinfo@security.rr.com. This contact should include the error message that you're receiving. If you don't have an error message, you or your provider may contact us at blockinfo@security.rr.com

ERROR:5.7.1:550 Mail Refused - DOMAIN_OR_IP_GOES_HERE - See http://security.rr.com/mail_blocks.htm#dynamic

ERROR:5.7.1:550 Mail Refused - DOMAIN_GOES_HERE - See http://security.rr.com/mail_blocks.htm#generic

ERROR:5.7.1:550 Mail Refused - Suspected Dynamic or Generic PTR Record - See http://security.rr.com/mail_blocks.htm#dynamic

This error message indicates that Road Runner believes, based on either the IP address from which you are connecting and/or the reverse DNS (or PTR) record for that IP address, that you are attempting to connect to Road Runner's inbound email servers from another provider's dynamic address space, or your PTR record is such that it's simply a generic one that gives no indication of the actual user of the (possibly static) IP address in question. An example of a generic PTR record for IP address 12.34.56.78 assigned to a customer of ISP bar.com, might be something like host-12-34-56-78.foo.bar.com

In many cases, our classification of your IP address as dynamic or generic based on its PTR record is supported by communication from your provider about the space or name in question. As a matter of policy, Road Runner does not accept direct connections to its inbound servers from other providers' dynamic address space; we do not even accept such connections from our own dynamic customer space. As of November, 2005, we are also beginning to restrict the inbound flow of mail from IP addresses with generic PTR records.

If you are having your email refused by our inbound servers and are receiving this error message, your options are as follows:

  1. If you believe that your ISP allows you to run an email server within the network to which you've been assigned and/or you're sure that your IP address is in static, not dynamic, space, contact your ISP. As part of contacting them, forward them a copy of the error message you're receiving so that that they may understand the problem, also. Have them contact us at blockinfo@security.rr.com, and have them include the error message in question in any correspondence with us.
  2. If your ISP provides outbound email (or SMTP) servers for its customers to use, configure your email server to relay all of its outbound email through those servers. You may have to contact your ISP for guidance here as to which servers to use.
  3. If your ISP offers non-default PTR record configuration to its customers, contact your ISP about getting your PTR record changed. If the error message you're receiving references a domain name between the words "Mail Refused" and "See http..." and/or the reason tag on the error message is "#generic", then traffic from your mail server is being rejected due to its PTR record, and getting your hosting provider to update the PTR record for your IP address will enable you to get mail to Road Runner again with no change required on our part.

554 5.7.1 - ERROR: Connection refused - res.rr.com - See http://security.rr.com/rrDynamic.htm

This error message indicates a special case of dynamic address space connecting to our inbound servers; specfically, the IP address connecting to our inbound servers is in our own residential dynamic space. This block message has its own web page to discuss the issue and the remedies available to you.

ERROR:5.7.1:550 Mail Refused - in-addr.arpa - Fix_Your_Reverse_DNS

Road Runner requires that all IP addresses connecting to its inbound email servers have reverse DNS, or PTR, records associated with them. IP addresses are mapped to hostnames in the DNS by reversing the IP address, appending the string '.in-addr.arpa.', and looking up the record for that name.

To illustrate, the hostname www.rr.com resolves to IP address 24.28.193.1. The hostname mapping for IP address 24.28.193.1 is found by looking up the PTR record for the DNS name 1.193.28.24.in-addr.arpa; the record returned by this search is www.rr.com.

There are times when a PTR record lookup will return a value that ends in 'in-addr.arpa', and Road Runner will refuse email from the server with this IP address. This policy is in place because such a PTR record can mean that the space in which the connecting IP resides is unmanaged by the provider which owns the space, and Road Runner does not wish to receive email from unmanaged space.

In some cases, however, it is possible that such a PTR record is merely the result of a mis-configuration on the part of the organization managing the DNS for the space, and this is easily corrected. In the simplest technical terms, the terminating dot is missing from the right-hand side of the PTR record in question; adding the terminating dot to the PTR record and reloading the zone will fix the problem. Were this problem to be present for IP address 24.28.193.1, it might resolve to something like www.rr.com.193.28.24.in-addr.arpa.

If you own the DNS for the IP address of your mail server and you're receiving this error, then you're probably missing the terminating dot in your PTR record and you need to correct this. If you don't own the DNS for your mail server's IP address, contact your ISP and direct them to this URL:

http://security.rr.com/mail_blocks.htm#inaddr

421 4.1.8 - ERROR: Domain of sender address EMAIL_ADDRESS_GOES_HERE does not resolve
554 5.1.8 - ERROR: Domain of sender address EMAIL_ADDRESS_GOES_HERE does not exist

Road Runner requires that the sender of every email inbound to its systems be from a domain which exists in the DNS. If you're getting one of these two error messages when attempting to send email to Road Runner subscribers, this indicates that you are attempting to send email from a domain whose existence we cannot reliably verify. That is, you're sending mail from "joe@somedomain.com and we can't establish that somedomain.com exists.

The two error messages indicate two different but related problems.

In the case of the 451 "domain does not resolve" error, the problem is that our inbound mail servers could not contact the advertised authoritative servers for your domain to verify that domain exists. This is a transient, or temporary, failure, and the error message returned is effectively telling the sending server to go away and try again later. Whether your DNS servers are down, or unreachable due to network issues between our servers and yours, or some other reason, the expectation is that eventually our servers will be able to reach yours and verify your domain's existence. The typical DNS response code here would be SERVFAIL.

In the case of the 553 "domain does not exist" error, the problem here is that our inbound mail servers were able to contact one of the advertised authoritative servers for your sending domain, or more likely for a parent domain of your sending domain, and received a definitive answer from it stating unequivocally that your sending domain does not exist. The typical DNS response code here would be NXDOMAIN.

If you are receiving either error message, and you believe that you are incorrectly receiving the error, you may contact us at blockinfo@security.rr.com and request that we investigate the situation. Please include the full error message you're receiving in any email to us, along with a valid contact address so that we may follow up with you as necessary.

554 5.7.1 - ERROR: Connection refused. IP name lookup failed for <IP.ADD.RE.SS>

As per our inbound sending policy, Road Runner requires that all email servers connecting to our servers have a valid reverse DNS entry. If you're getting this error message, then this means that our inbound mail servers are unable to resolve the reverse DNS, or PTR, record for the IP address of your mail server, and received an NXDOMAIN response to our queries.

The solution to this problem will be for you to contact your ISP and/or hosting provider to get a valid PTR record setup for your server's IP address. Your server's IP address is not on any of our block lists, so there is nothing for us to remove here.

421 4.7.1 - ERROR: Connection refused. Cannot resolve PTR record for <IP.ADD.RE.SS>

As per our inbound sending policy, Road Runner requires that all email servers connecting to our servers have a valid reverse DNS entry. If you're getting this error message, then this means that our inbound mail servers are unable to resolve the reverse DNS, or PTR, record for the IP address of your mail server, and received an SERVFAIL response to our queries.

If you are receiving this error message, and you believe that you are incorrectly receiving the error, you may contact us at blockinfo@security.rr.com and request that we investigate the situation. Please include the full error message you're receiving in any email to us, along with a valid contact address so that we may follow up with you as necessary.

NOTE: The SERVFAIL response to a DNS query is almost always due to one or more designated authoritative servers for a PTR record not answering authoritatively for that PTR record. This means that it's usually not Road Runner's DNS servers that are misconfigured, but rather the servers that are supposed to answer authoritatively for the PTR record. In addition to possibly contacting us about this issue, you should most certainly contact your provider as well.

421 4.3.2 - Connection refused. Server is busy, please try back later

No mail server has an infinite amount of resources available to it, and while we have redundancy built into our system, under extreme conditions, it is possible for our inbound mail servers to have exhausted their available resources such that they cannot accept any new connections. Should this happen, our servers will emit this error message.

421 4.7.1 - ERROR: Connection refused - <IP.ADD.RE.SS> - Too many concurrent connections from source IP

As discussed elsewhere on this site, we impose various rate limits on inbound mail. This particular error message means that the sending server has opened more simultaneous connections than we're willing to accept from it.

The most likely solution to this issue is for the party responsible for the server to enroll it in our feedback loop. If that doesn't alleviate the problem, then contact Postmaster support

452 4.7.1 - ERROR: Mail refused - <IP.ADD.RE.SS> - Exceeded limit for recipients per connection. Please see http://security.rr.com/spam.htm#ratelimit

As discussed elsewhere on this site, we impose various rate limits on inbound mail. This particular error message means that the sending server has exceeded its rate limit for recipients per connection.

The most likely solution to this issue is for the party responsible for the server to enroll it in our feedback loop. If that doesn't alleviate the problem, then contact Postmaster support

452 4.7.1 - ERROR: Too many recipients for this message

As discussed elsewhere on this site, we impose various rate limits on inbound mail. This particular error message means that the message in question had more recipients than we're willing to accept for any one message.

Enrolling in our feedback loop will not help you solve this problem. The only solution to this problem is to structure your mailings so that each one has fewer recipients than our per-message limit.

452 Too many recipients received this hour. Please see our rate limit policy at http://security.rr.com/spam.htm#ratelimit

As discussed at this link, Road Runner instituted a policy in October 2004 whereby it would limit the amount of email per hour that we will accept from a given IP address. These limits are based on criteria that we believe help us protect our customers from unwanted email.

If you are receiving this error message, and you are interested in your sending server being placed in a tier that allows it to send more email per hour than we are currently permitting, you may send email to blockinfo@security.rr.com to get more information. Please include the IP address(es) from which you are attempting to send more email than we are currently allowing, so that we may fully investigate your situation.

550 5.7.1 Outbound Mail Refused - IP.ADD.RE.SS - See http://help.rr.com/outboundemail - YYMMDD

Road Runner customers sending email through our outbound residential SMTP servers are limited to 1,000 recipients per day. If you are receiving this error message, requesting removal will not do you any good. Our outbound servers impose these restrictions automatically based on observed volume from a given customer's IP address, and these limits cannot be overridden. Instead, you should follow this link for more information on this error message and what you can do about it.

554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://www.spamhaus.org/query/bl?ip=IP.ADD.RE.SS

This error message indicates that the server from which you're trying to send email to Road Runner customers is currently listed on the SpamHaus ZEN List . Road Runner utilizes the ZEN list to augment its own list, but it does not control the content of that list. If you're receiving this error message, you will have to contact Spamhaus to discuss removal from their list.

554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://www.mail-abuse.com/cgi-bin/lookup?IP.ADD.RE.SS

This error message indicates that the server from which you're trying to send email to Road Runner customers is currently listed on the Trend Micro (formerly MAPS) RBL-Plus List. Road Runner utilizes the RBL-Plus list to augment its own list, but it does not control the content of that list. If you're receiving this error message, you will have to contact MAPS to discuss removal from their list.

554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://sendersupport.senderscore.net/

This error message indicates that the server from which you're trying to send email to Road Runner customers is currently listed on the Return Path Sender Score Blacklist Road Runner utilizes this list list to augment its own list, but it does not control the content of that list. If you're receiving this error message, you will have to contact Return Path to discuss removal from their list.

421 4.1.8 - ERROR: Domain of sender address EMAIL_ADDRESS_GOES_HERE does not accept inbound mail

It is our belief that there is no point in accepting mail to which we cannot send replies or post-acceptance delivery status notifications (DSNs), such as mailbox full notifications and the like. Therefore, if a sender domain's MX records are configured in such a way as to indicate that it does not accept mail (or if investigation shows that a domain is sending us mail but not accepting replies) we will reject mail from that domain.

554 5.7.1 - ERROR: Null sender with multiple recipients not allowed here

The RFCs require that we accept mail from the NULL sender (i.e., "<>") because Delivery Status Notifications (DSNs) are typically sent using that sender address, and we do accept mail from the NULL sender so long as it's addressed to only one recipient.

This error message is an indication that a message was presented to our inbound servers with a NULL sender and multiple recipients; we do not accept such mail in this case. Our rationale is as follows:

  • Messages from the NULL sender are usually DSNs
  • DSNs are sent in response to a previous message
  • A message can only ever have one sender, therefore
  • A DSN should never be addressed to more than one recipient, because the message in response to which the DSN is being generated could only have had one sender.

The most typical legitimate sender who would be affected by this rule would be what we'd term an amateur bulk sender, someone running some sort of home-grown mailing list application that's sending to multiple recipients at a time using the NULL sender as its "From" address. The solution is for the application to be altered so that it's not doing that.

 

©2005 Road Runner Security
All Worldwide Rights Reserved