Sprint PCS Vision added to Open Relay DataBase

First thing Monday morning I started noticing a lot of email I was
sending to my customers was bouncing back. I use a PCMCIA card with the
PCS Vision service from Sprint <http://tinyurl.com/4ggj7>.

It seems that Sprint has been added to the Open Relay DataBase
<www.ordb.org> by mistake somehow. Sprint has no idea how this
happened, and they can't tell me when this will be resolved.

Has anyone here had this happen to their ISP? How long did it take to
get it resolved?


Eric Friedebach
/An Apollo Sandwich from Corky & Lenny's/

---

› See More: Sprint PCS Vision added to Open Relay DataBase

Eric Friedebach wrote:
> First thing Monday morning I started noticing a lot of email I was
> sending to my customers was bouncing back. I use a PCMCIA card with the
> PCS Vision service from Sprint <http://tinyurl.com/4ggj7>.
>
> It seems that Sprint has been added to the Open Relay DataBase
> <www.ordb.org> by mistake somehow. Sprint has no idea how this
> happened, and they can't tell me when this will be resolved.

There are a couple badly run blacklists out there, but the competent ones will
delist if a listing is in error. Of course, there is no way to tell for sure
whether it was a mistake, and if it wasn't, Sprint needs to fix their open relay.

> Has anyone here had this happen to their ISP? How long did it take to
> get it resolved?

I'd imagine it depends. To get the right person at Sprint PCS to look at this
problem might be difficult, since... how do you know who the right person is?
(Sprint's a huge company.)

If you forward some details to me (especially anything involving bounce
messages), I may be able to find someone who can help.

> Eric Friedebach
> /An Apollo Sandwich from Corky & Lenny's/

From Cleveland, eh? Corky & Lenny's rocks out loud

--
JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638)
Steven J. Sobol, Geek In Charge / [email protected] / PGP: 0xE3AE35ED

"The wisdom of a fool won't set you free"
--New Order, "Bizarre Love Triangle"

On Wed, 30 Mar 2005 16:21:51 -0800, Eric Friedebach wrote:

> First thing Monday morning I started noticing a lot of email I was
> sending to my customers was bouncing back. I use a PCMCIA card with the
> PCS Vision service from Sprint <http://tinyurl.com/4ggj7>.
>
> It seems that Sprint has been added to the Open Relay DataBase
> <www.ordb.org> by mistake somehow. Sprint has no idea how this
> happened, and they can't tell me when this will be resolved.
>
> Has anyone here had this happen to their ISP? How long did it take to
> get it resolved?
>
>
> Eric Friedebach
> /An Apollo Sandwich from Corky & Lenny's/

Last time(it has been awhile and I use encrypted mail connections to my
remote smtp servers anyway) I checked sprintpcs allowed port 25 (smtp)
incoming so all it would take is for one user to get on with an open relay
to get an ip/netblock to get an rbl entry. I'm surprised sprintpcs was not
on the list anyway since their ip blocks are dynamic allocations which
a lot of providers, such as aol for example, will block incoming mail from
since dynamic ip ranges should never be running servers (They tend to be
dial-up/residential cable or dsl) and being they they are largely
residential/consumer they tend to have little to no security patches which
make them make good spam relay bots. Keep in mind that the dynamic blocks
I am referring to are specifically set for non-business use by the isp and
given to dyn rbl setups for that purpose. You shouldn't be sending mail to
servers directly from your sprintpcs data connection but through a mail
server setup either at your isp (some allow remote smtp auth) or through
your business' smtp servers. As far as getting removed it usually involves
contacting the list then having them retest a few times and if they feel
like removing you they just might do it if you are extra nice. Remember
these rbl setups have no obligation to remove anyone and by no means
guarantee that their lists are accurate. Best method to avoid trouble
with them is to take steps to never get on them. Sadly since spammers like
to use various setups that give them a lot of ips to jump around on these
rbl setups give up blocking individual addresses and block a whole range
of ips so if you end up in a /24 or even a /16 with some really bad
spammers that your isp continues to do nothing about you may find
yourself on the block list.

Well, it looks like enough people raised hell to get this resolved.
Everything is back to normal as of this afternoon, or at least from
what I can see.

Now why would anyone be mad enough at Sprint to falsely submit them as
an open relay?

Thanks for your help!


Eric Friedebach
/An Apollo Sandwich from Corky & Lenny's/

Eric Friedebach wrote:
> Well, it looks like enough people raised hell to get this resolved.
> Everything is back to normal as of this afternoon, or at least from
> what I can see.
>
> Now why would anyone be mad enough at Sprint to falsely submit them as
> an open relay?

Assuming that it was an incorrect listing... well, mistakes happen.

Usually, you submit an IP address and it goes through one or more
automated tests. The tests aren't always infallible.

--
JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638)
Steven J. Sobol, Geek In Charge / [email protected] / PGP: 0xE3AE35ED

"The wisdom of a fool won't set you free"
--New Order, "Bizarre Love Triangle"

On Thu, 31 Mar 2005 17:10:23 -0800, Eric Friedebach wrote:

> Well, it looks like enough people raised hell to get this resolved.
> Everything is back to normal as of this afternoon, or at least from
> what I can see.
>
> Now why would anyone be mad enough at Sprint to falsely submit them as
> an open relay?
>
> Thanks for your help!
>
>
> Eric Friedebach
> /An Apollo Sandwich from Corky & Lenny's/

I highly doubt it was an incorrect listing, as others have said they do
automated tests. Usually what happens is someone gets a spam email which
lists an smtp relay that isn't in a block list they then submit it to
various anti-spam groups/p2p reporting networks. Some groups wait till
they see multiple complaints others act on the first email and begin the
testing/confirmation process. The process tends to be finding out who the
is owner and warning them about being added(not all groups do this but the
major ones usually do) followed by a confirmation that the site is an open
relay or a legit mail server who's customers are exploiting their account.

After all of this they add the ip/block to the list and if the isp/owner
does not answer emails the entry just stays on the blacklist until the
owner wakes up and contacts the blacklist operator for removal
instructions. Believe it or not but customer outcry is how these spam
blacklists work. The idea is they block your business model until you
decide you have no choice but to listen to their demands and since they do
not force anyone to follow their lists it is not illegal for them to do
this. After all they are only reporting what they have seen to be true and
are not attacking your business directly.

If you really want to see how business/hosting providers can get hurt by
over zealous blacklist operators do a search on spamhaus they are a well
known anti-spam group that has no problem blocking entire net blocks of a
specific company and even the net blocks surrounding the ip that the
spammer was on. They have also been well known for being near impossible
to get off their list but I do believe that has changed and that they do
put more effort into working with companies, after they have been added,
to come to terms for removal. If you don't agree to their terms for
being de-listed you never will.