Road Runner Security
security.rr.com


Page 3

 

Road Runner Mail Blocks

The purpose of this webpage is to provide information regarding blocks affecting email inbound to Road Runner customers. General questions regarding Road Runner's spam blocks or blocking policies can be directed to blockinfo@postmaster.rr.com

You may also click on the Spam Control link to the left

Think You're Being Blocked By Road Runner? Want To Be Unblocked? Read This, Please.

If you're here because you know or believe that Road Runner is currently actively refusing inbound email to its customers from a server you're using, please read this section carefully.

Note: The error messages our inbound servers emit are documented below. Please make sure that you compare that list to the error message you have in hand to ensure that you're actually being blocked.

If you're not sure if your mail server's IP address is being blocked, a quick way to check is provided at this link.

If you're sure your mail server is blocked, and you want to request de-listing, use this form. We recommend that you come back to this page and gain a better understanding of why the mail server you were using was blocked.

Note: Senders who are sure that their server is being blocked should have in hand an error message that looks like this: 

    554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://security.rr.com/cgi-bin/block-lookup?IP.ADD.RE.SS

Whether or not the mail server you're using is blocked, if your organization is solely responsible for the mail server(s) in question, and you'd like to signup for a feedback loop with us, please visit our Feedback Loop Enrollment page.

Road Runner's Block Lists

Road Runner makes use of multiple lists of addresses and networks from which it will refuse email. Two lists are maintained by Road Runner, and their content is based mostly on complaints from our customers of spam received from the entity being refused. We also use several third-party lists, as discussed below.

The two lists maintained by Road Runner are as follows:

Third Party Block Lists

The third-party block lists we employ are as follows: Error messages resulting from an IP address being in any of the third-party lists used by Road Runner will look like this:
  • Cloudmark Sender Intelligence

    554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://csi.cloudmark.com/reset-request/

  • SpamHaus ZEN

    554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://www.spamhaus.org/query/bl?ip=IP.ADD.RE.SS

  • MAPS RBL-Plus

    554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://www.mail-abuse.com/cgi-bin/lookup?IP.ADD.RE.SS

  • Return Path Sender Score Blacklist

    554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://sendersupport.senderscore.net/

If the error message you're receiving references one of these external lists, go to the website to which the error message is directing you, and follow their policies for requesting removal.

Unresolvable DNS for IP Address or Sender Domain

In addition to these block lists, Road Runner's mail servers will also refuse mail from IP addresses that either have no reverse DNS, or PTR, record, or that have a PTR record that is unresolvable, and from email addresses in domains that do not resolve. Those error messages will look like this:

  • 554 5.7.1 - Connection refused. IP name lookup failed for <IP.ADD.RE.SS>

  • 421 4.7.1 - Connection Refused. Cannot resolve PTR record for <IP.ADD.RE.SS>

  • 554 5.1.8 - Domain of sender address EMAIL.ADD.RE.SS does not exist

  • 421 4.1.8 - Domain of sender address EMAIL.ADD.RE.SS does not resolve

If you are a sender finding your mail refused due to either of these reasons, you should contact your ISP or hosting provider to either get a PTR record configured for your IP address or for technical support for the proper configuration of the 'From' setting for your mail client software.

Interpreting Error Codes

Any error code that starts with the number 5 indicates a permanent refusal of the INBOUND mail message; the sending server will inform the sender of the email that his/her message has been rejected, and the sending server will discard the message.

Any error code that starts with the number 4 indicates a temporary failure of the INBOUND mail message. This means that Road Runner has had to temporarily refuse mail from that source due to one or more reasons. The sending server will queue the mail for later delivery attempts to Road Runner. Depending upon how long it takes for the problem to subside, the sender may receive a notification from the sending server that the message has been delayed, and in extreme cases, the sending server may give up altogether on the message and return it to the sender. It usually takes several days for such a failure to occur, however, and the problems causing temporary refusal usually subside in a matter of hours, not days.

Note: "Permanent" in the case of a mail error does not mean that Road Runner has blocked mail from the source "forever". "Permanent" in this case indicates a "go away" response to the mail message, as opposed to a "Temporary" error, which means "try again later".

How To Get Unblocked

If you are being blocked due to a listing on Road Runner's IP Address-Based Block List, you can use this website to request that the block be lifted.

More information about the specifics behind each kind of block can be found below. The section specific to your error message may be worth a read before you request removal.

If you are being blocked due to a listing on Road Runner's Name-Based Block List, do not use the removal request form, as it will not help you. Instead, contact your ISP, hosting provider, or IT department as appropriate, and start the process of getting your mail server's IP address a PTR record that is non-generic.

If mail from your server is being refused because the PTR record for its IP address is non-existent or unresolvable, contact your ISP, hosting provider, or IT department as appropriate, and start the process of getting a PTR record properly configured for your mail server's IP address.

If the reason that you're having your mail refused by Road Runner is because your server appears on any of the third-party lists we use (the error message you're receiving will give you this information) you will need to contact the third-party provider of the list in question.

Note: It is possible, under limited circumstances, for Road Runner to override a listing of a third-party list; those circumstanaces would include, but are not necessarily limited to:

  • A demand from a sufficient number of our own customers to lift the block.
  • Evidence from the listee's provider of a good-faith effort to get the listing removed.
  • A willingness on the part of the listee and the listee's provider to accept any complaints about the space in question from Road Runner and to take action based on those complaints.
If you feel that you meet these criteria, please contact us at blockinfo@postmaster.rr.com

If you're not sure if you're being blocked, or if you don't have an error mesage in hand, you can either see for yourself if your mail server's IP address is blocked, or you can send email to blockinfo@postmaster.rr.com. Include in this message as much information as you can regarding your situation, so that the Road Runner Postmaster Team can begin to investigate your situation. Please include a valid reply address so that a member of the Postmaster Team may contact you if need be.

Road Runner Refusal Error Messages and Their Meanings

The sections below will provide examples of the different error messages that Road Runner's inbound email servers may return when a sending server's email is being refused due to its being blocked or for other reasons. Each example section will include a detailed explanation of what the error means. Should you have any further questions, they can be directed to blockinfo@postmaster.rr.com

For faster access to your specific error message, click on the link below that matches your reason code:

550 5.1.1 - invalid mailbox xxxxxxxxx@yyyyy.rr.com

This error message does not mean that your server is blocked. This error message means only that the Road Runner email address mentioned in the error message does not exist here. If you receive this error message, you should update your addressbook accordingly.

ERROR:5.7.1:550 Mail Refused - NETWORK_OR_IP_GOES_HERE - See http://security.rr.com/mail_blocks.htm#directspam - 200YMMDD

This error message means that the IP in question was blocked due to a combination of complaints from our customers about unwanted mail from the IP, plus mail from the IP triggering our anti-spam filters at a high enough volume and percentage for us to feel that blocking the IP is warranted. The last eight digits of the error message (shown here as 200YMMDD) will indicate the date that the block was put into place. (e.g., 20040815 means the block was put into place on August 15, 2004; 20050228 means February 28, 2005).

Road Runner does not automatically block every IP address or network about which our customers complain for sending unsolicited email. Our spam complaint processing system first parses the offending IP address from the headers of the complaint, and then checks various data sources for the current reputation of that IP address, using an objective scoring system. Those IP addresses which fail to meet a minimum score then become candidates for blocking.

Note: When we receive requests to remove addresses or networks from our block list, we consult this same objective scoring system to determine whether or not to grant the request.

Road Runner tries to focus its blocks on the smallest entity possible; direct spam from a given IP address will only result in the surrounding network (i.e., the encompassing Class C network) being blocked only under the following two conditions:

This generally means that if a customer complains about spam received from, for example, IP address 192.168.100.82, Road Runner will block the 192.168.100.0/24 network only if one of the above two conditions are met.

Note: This process has evolved over time, and there may be networks that were blocked when only a single IP block was warranted; Road Runner will address any removal requests for these blocks in a manner we deem appropriate.

If your mail server is being blocked due to this reason code, you can request removal.

ERROR:5.7.1:550 Mail Refused - NETWORK_OR_IP_GOES_HERE - See http://security.rr.com/mail_blocks.htm#highspam - 200YMMDD

This error message means that the IP in question was blocked not due to spam complaints, but rather due to mail from the IP triggering our anti-spam filters at a high enough volume and percentage for us to feel that blocking the IP is warranted.

IPs blocked for this reason cannot be removed from our block list by our removal request form; instead, IPs blocked for this reason will be automatically removed from our block list after a pre-determined interval of time has passed.

ERROR:5.7.1:550 Mail Refused - NETWORK_OR_IP_GOES_HERE - See http://security.rr.com/mail_blocks.htm#noBounce - 200YMMDD

This error code indicates that the IP or network in question was blocked here for sending high volumes of mail that generated bounces that we could not deliver due to the reply address for the mail not accepting inbound mail. Because the referenced network was not willing to accept bounces of mail it was sending to our customers, we took the step of blocking it from sending any mail to our systems.

IPs blocked for this reason cannot be removed from our block list by our removal request form; instead, the parties responsible for the IP must contact our Postmaster Support team for further assistance.

ERROR:5.7.1:550 Mail Refused - NETWORK_GOES_HERE - See http://security.rr.com/mail_blocks.htm#rollup - 200YMMDD

This error message indicates that Road Runner has received complaints about, and as a result of those complaints blocked, enough individual IP addresses in a given class C, or /24, network (i.e., IP addresses that differ only in the fourth octet) that we believe that the prudent step is to block the entire network. The date at the end of the error message will indicate when the network-wide block was put in place.

ERROR:5.7.1:550 Mail Refused - DOMAIN_OR_IP_GOES_HERE - See http://security.rr.com/mail_blocks.htm#dynamic

ERROR:5.7.1:550 Mail Refused - DOMAIN_GOES_HERE - See http://security.rr.com/mail_blocks.htm#generic

ERROR:5.7.1:550 Mail Refused - Suspected Dynamic or Generic PTR Record - See http://security.rr.com/mail_blocks.htm#dynamic

This error message indicates that Road Runner believes, based on either the IP address from which you are connecting and/or the reverse DNS (or PTR) record for that IP address, that you are attempting to connect to Road Runner's inbound email servers from another provider's dynamic address space, or your PTR record is such that it's simply a generic one that gives no indication of the actual user of the (possibly static) IP address in question. An example of a generic PTR record for IP address 12.34.56.78 assigned to a customer of ISP bar.com, might be something like host-12-34-56-78.foo.bar.com

In many cases, our classification of your IP address as dynamic or generic based on its PTR record is supported by communication from your provider about the space or name in question. As a matter of policy, Road Runner does not accept direct connections to its inbound servers from other providers' dynamic address space; we do not even accept such connections from our own dynamic customer space. As of November, 2005, we are also beginning to restrict the inbound flow of mail from IP addresses with generic PTR records.

If you are having your email refused by our inbound servers and are receiving this error message, your options are as follows:

  1. If you believe that your ISP allows you to run an email server within the network to which you've been assigned and/or you're sure that your IP address is in static, not dynamic, space, contact your ISP. As part of contacting them, forward them a copy of the error message you're receiving so that that they may understand the problem, also. Have them contact us at blockinfo@postmaster.rr.com, and have them include the error message in question in any correspondence with us.
  2. If your ISP provides outbound email (or SMTP) servers for its customers to use, configure your email server to relay all of its outbound email through those servers. You may have to contact your ISP for guidance here as to which servers to use.
  3. If your ISP offers non-default PTR record configuration to its customers, contact your ISP about getting your PTR record changed. If the error message you're receiving references a domain name between the words "Mail Refused" and "See http..." and/or the reason tag on the error message is "#generic", then traffic from your mail server is being rejected due to its PTR record, and getting your hosting provider to update the PTR record for your IP address will enable you to get mail to Road Runner again with no change required on our part.

554 5.7.1 - ERROR: Connection refused - res.rr.com - See http://security.rr.com/rrDynamic.htm

This error message indicates a special case of dynamic address space connecting to our inbound servers; specfically, the IP address connecting to our inbound servers is in our own residential dynamic space. This block message has its own web page to discuss the issue and the remedies available to you.

421 4.1.8 - ERROR: Domain of sender address EMAIL_ADDRESS_GOES_HERE does not resolve
554 5.1.8 - ERROR: Domain of sender address EMAIL_ADDRESS_GOES_HERE does not exist

Road Runner requires that the sender of every email inbound to its systems be from a domain which exists in the DNS. If you're getting one of these two error messages when attempting to send email to Road Runner subscribers, this indicates that you are attempting to send email from a domain whose existence we cannot reliably verify. That is, you're sending mail from "joe@somedomain.com and we can't establish that somedomain.com exists.

The two error messages indicate two different but related problems.

In the case of the 451 "domain does not resolve" error, the problem is that our inbound mail servers could not contact the advertised authoritative servers for your domain to verify that domain exists. This is a transient, or temporary, failure, and the error message returned is effectively telling the sending server to go away and try again later. Whether your DNS servers are down, or unreachable due to network issues between our servers and yours, or some other reason, the expectation is that eventually our servers will be able to reach yours and verify your domain's existence. The typical DNS response code here would be SERVFAIL.

In the case of the 553 "domain does not exist" error, the problem here is that our inbound mail servers were able to contact one of the advertised authoritative servers for your sending domain, or more likely for a parent domain of your sending domain, and received a definitive answer from it stating unequivocally that your sending domain does not exist. The typical DNS response code here would be NXDOMAIN.

If you are receiving either error message, and you believe that you are incorrectly receiving the error, you may contact us at blockinfo@postmaster.rr.com and request that we investigate the situation. Please include the full error message you're receiving in any email to us, along with a valid contact address so that we may follow up with you as necessary.

554 5.7.1 - ERROR: Connection refused. IP name lookup failed for <IP.ADD.RE.SS>

As per our inbound sending policy, Road Runner requires that all email servers connecting to our servers have a valid reverse DNS entry. If you're getting this error message, then this means that our inbound mail servers are unable to resolve the reverse DNS, or PTR, record for the IP address of your mail server, and received an NXDOMAIN response to our queries.

The solution to this problem will be for you to contact your ISP and/or hosting provider to get a valid PTR record setup for your server's IP address. Your server's IP address is not on any of our block lists, so there is nothing for us to remove here.

421 4.7.1 - ERROR: Connection refused. Cannot resolve PTR record for <IP.ADD.RE.SS>

As per our inbound sending policy, Road Runner requires that all email servers connecting to our servers have a valid reverse DNS entry. If you're getting this error message, then this means that our inbound mail servers are unable to resolve the reverse DNS, or PTR, record for the IP address of your mail server, and received an SERVFAIL response to our queries.

If you are receiving this error message, and you believe that you are incorrectly receiving the error, you may contact us at blockinfo@postmaster.rr.com and request that we investigate the situation. Please include the full error message you're receiving in any email to us, along with a valid contact address so that we may follow up with you as necessary.

NOTE: The SERVFAIL response to a DNS query is almost always due to one or more designated authoritative servers for a PTR record not answering authoritatively for that PTR record. This means that it's usually not Road Runner's DNS servers that are misconfigured, but rather the servers that are supposed to answer authoritatively for the PTR record. In addition to possibly contacting us about this issue, you should most certainly contact your provider as well.

421 4.3.2 - Connection refused. Server is busy, please try back later

No mail server has an infinite amount of resources available to it, and while we have redundancy built into our system, under extreme conditions, it is possible for our inbound mail servers to have exhausted their available resources such that they cannot accept any new connections. Should this happen, our servers will emit this error message.

421 4.7.1 - ERROR: Connection refused - <IP.ADD.RE.SS> - Too many concurrent connections from source IP

As discussed elsewhere on this site, we impose various rate limits on inbound mail. This particular error message means that the sending server has opened more simultaneous connections than we're willing to accept from it.

The most likely solution to this issue is for the party responsible for the server to enroll it in our feedback loop. If that doesn't alleviate the problem, then contact Postmaster support

452 4.7.1 - ERROR: Mail refused - <IP.ADD.RE.SS> - Exceeded limit for recipients per connection. Please see http://security.rr.com/spam.htm#ratelimit

As discussed elsewhere on this site, we impose various rate limits on inbound mail. This particular error message means that the sending server has exceeded its rate limit for recipients per connection.

The most likely solution to this issue is for the party responsible for the server to enroll it in our feedback loop. If that doesn't alleviate the problem, then contact Postmaster support

452 4.7.1 - ERROR: Too many recipients for this message

As discussed elsewhere on this site, we impose various rate limits on inbound mail. This particular error message means that the message in question had more recipients than we're willing to accept for any one message.

Enrolling in our feedback loop will not help you solve this problem. The only solution to this problem is to structure your mailings so that each one has fewer recipients than our per-message limit.

452 Too many recipients received this hour. Please see our rate limit policy at http://security.rr.com/spam.htm#ratelimit

As discussed at this link, Road Runner instituted a policy in October 2004 whereby it would limit the amount of email per hour that we will accept from a given IP address. These limits are based on criteria that we believe help us protect our customers from unwanted email.

If you are receiving this error message, and you are interested in your sending server being placed in a tier that allows it to send more email per hour than we are currently permitting, you may send email to blockinfo@postmaster.rr.com to get more information. Please include the IP address(es) from which you are attempting to send more email than we are currently allowing, so that we may fully investigate your situation.

550 5.7.1 Outbound Mail Refused - IP.ADD.RE.SS - See http://help.rr.com/outboundemail - YYMMDD

Road Runner customers sending email through our outbound residential SMTP servers are limited to 1,000 recipients per day. If you are receiving this error message, requesting removal will not do you any good. Our outbound servers impose these restrictions automatically based on observed volume from a given customer's IP address, and these limits cannot be overridden. Instead, you should follow this link for more information on this error message and what you can do about it.

554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://csi.cloudmark.com/reset-request/

This error message indicates that the server from which you're trying to send email to Road Runner customers is currently listed on the Cloudmark Sender Intelligence (CSI) list Road Runner utilizes, but does not control, the content of that list. If you're receiving this error message, you will have to contact Cloudmark to discuss removal from their list.

554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://www.spamhaus.org/query/bl?ip=IP.ADD.RE.SS

This error message indicates that the server from which you're trying to send email to Road Runner customers is currently listed on the SpamHaus ZEN List . Road Runner utilizes the ZEN list, but it does not control the content of that list. If you're receiving this error message, you will have to contact Spamhaus to discuss removal from their list.

554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://www.mail-abuse.com/cgi-bin/lookup?IP.ADD.RE.SS

This error message indicates that the server from which you're trying to send email to Road Runner customers is currently listed on the Trend Micro (formerly MAPS) RBL-Plus List. Road Runner utilizes the RBL-Plus list, but it does not control the content of that list. If you're receiving this error message, you will have to contact MAPS to discuss removal from their list.

554 5.7.1 - ERROR: Mail Refused - <IP.ADD.RE.SS> - See http://sendersupport.senderscore.net/

This error message indicates that the server from which you're trying to send email to Road Runner customers is currently listed on the Return Path Sender Score Blacklist Road Runner utilizes this list list, but it does not control the content of that list. If you're receiving this error message, you will have to contact Return Path to discuss removal from their list.

421 4.1.8 - ERROR: Domain of sender address EMAIL_ADDRESS_GOES_HERE does not accept inbound mail

It is our belief that there is no point in accepting mail to which we cannot send replies or post-acceptance delivery status notifications (DSNs), such as mailbox full notifications and the like. Therefore, if a sender domain's MX records are configured in such a way as to indicate that it does not accept mail (or if investigation shows that a domain is sending us mail but not accepting replies) we will reject mail from that domain.

554 5.7.1 - ERROR: Null sender with multiple recipients not allowed here

The RFCs require that we accept mail from the NULL sender (i.e., "<>") because Delivery Status Notifications (DSNs) are typically sent using that sender address, and we do accept mail from the NULL sender so long as it's addressed to only one recipient.

This error message is an indication that a message was presented to our inbound servers with a NULL sender and multiple recipients; we do not accept such mail in this case. Our rationale is as follows:

  • Messages from the NULL sender are usually DSNs
  • DSNs are sent in response to a previous message
  • A message can only ever have one sender, therefore
  • A DSN should never be addressed to more than one recipient, because the message in response to which the DSN is being generated could only have had one sender.

The most typical legitimate sender who would be affected by this rule would be what we'd term an amateur bulk sender, someone running some sort of home-grown mailing list application that's sending to multiple recipients at a time using the NULL sender as its "From" address. The solution is for the application to be altered so that it's not doing that.

 

©2009 Road Runner Postmaster
All Worldwide Rights Reserved