[TWC] Warning Letter help

[TWC] Warning Letter help
Links: home · search · speed test · login · more ·

Links: Reply New Topic
Forums » US Cable Support » Road Runner » [TWC] Warning Letter help
page: 1 · 2
Slo @ 6th Nov 12:14PM:
[TWC] Warning Letter help

I have internet service with Time Warner in NW Ohio. At one point I started getting spam to a mailbox and it was benign till the flood gates opened 2 weeks ago... The spammers are from china and send 100+ emails per hour to two email addresses of mine. I deployed Zen.Spamhaus and SpamCop to filter the mail,,, 2 to 6 still get through an hour...

The bigger problem is TW has sent me a letter to download virus software,,, it will not stop these spam pirates from abroad... I have forwarded all my mail to Gmail at this point and ask some of the pros here what would be my best course of action here?

Why are my balls being busted while these pirates roam free deploying this crap???/rant...
reply

patt2k @ 6th Nov 01:53PM:
Re: [TWC] Warning Letter help

That is strange. Well what I can suggest you try this 12 month trial of MC-Affe antyvirus

last couple month antyvirus companies are giving promotions for their software like kapsersky,avira,mcaffe

here use this:

This Says Trial but you will get 12 month

reply

dcurrey @ 6th Nov 03:40PM:
Re: [TWC] Warning Letter help

Ok maybe I a missing something. But unless TW thinks you are sending the spam why would they recommend virus software.

If you are running your own mail server the filters will kill it server level but TW will still see it maybe this traffic what they are complaining about.

You have little control over who sends you email.
reply

K Patterson @ 6th Nov 04:34PM:
Re: [TWC] Warning Letter help

Take a look at some of that email. I'd bet it isn't addressed to you - rather it is bounces from people who have been spammed using your email address and possibly your computer.
reply

Slo @ 6th Nov 04:49PM:
Re: [TWC] Warning Letter help

I'm starting to smell a rat... I sent off a lot of emails to spamcop in which they have you send notice of the spam to the offenders isp and I now think I have alerted RR as me being the offenderLOL,LOL,,, this is so funny... K your post led me in this direction... I have looked at a slew and they are bogus in every way,,, but all were address to me... --
The mod depot sponsor
Rant all You Want
reply

SanDiegoLV @ 6th Nov 10:23PM:
Simple solution

abandon/delete the two problem e-mail addresses.

Setup new e-mail addresses.
reply

Slo @ 7th Nov 11:46AM:
Re: Simple solution

said by SanDiegoLV :

abandon/delete the two problem e-mail addresses.

Setup new e-mail addresses.

Not a solution as the email still passes RR on it's way to get a "not Known" here...

My concern is RR cutting me for no fault of my own...
reply

dcurrey @ 7th Nov 12:09PM:
Re: Simple solution

Some type of gateway filtering would help. We I worked for a small isp we used Postini just pointed mx records to them and then they would filter and forward only good mail to us. Server mail dropped 10,000 plus messages a day.

If small business use you can try to find something like this. If personal you may have a hard time find service that would support such a small account.

Think google still allows personal domains to be used for free. »www.google.com/apps/intl/en/group/index.html so you could just use google instead of your server until the problem corrects itself.
reply

K Patterson @ 7th Nov 12:13PM:
Re: Simple solution

I don't thhink we understand the problem. RR does not send you antivirus warnings because you have too much INBOUND email.

OP, please scan and post the letter. I'd be almost certain it is warning you about a viral infection and that the email is a result, not the cause.
reply

Slo @ 7th Nov 01:25PM:
Re: Simple solution

said by dcurrey :

Some type of gateway filtering would help. We I worked for a small isp we used Postini just pointed mx records to them and then they would filter and forward only good mail to us. Server mail dropped 10,000 plus messages a day.

If small business use you can try to find something like this. If personal you may have a hard time find service that would support such a small account.

Think google still allows personal domains to be used for free. »www.google.com/apps/intl/en/group/index.html so you could just use google instead of your server until the problem corrects itself.

I checked on google apps,,, it is trial to pay and I might go with it... I am only a personal server with only my mail,,, no others period... I spent 2 days looking for a free for personal use filter to put in front of my server,,, I am a big fan of "open source"...

for the time being I am forwarding all my mail via Zoneedit to gmail accounts...

Thank you for your input...
reply

Slo @ 7th Nov 01:26PM:
Re: Simple solution

said by K Patterson :

I don't thhink we understand the problem. RR does not send you antivirus warnings because you have too much INBOUND email.

OP, please scan and post the letter. I'd be almost certain it is warning you about a viral infection and that the email is a result, not the cause.

putting it thru the scanner now...
reply

Slo @ 7th Nov 02:13PM:
Re: [TWC] Warning Letter!

Just to add I use AVG and Hijackthis and monitor my started processes...

I think the crux of this letter lay in the 2nd paragraph...

TW Warning pg1
TW Warning pg2

K Patterson @ 7th Nov 02:15PM:
Re: [TWC] Warning Letter!

Yep. Head for the security forum, read their FAQ's and get busy.
reply

Slo @ 7th Nov 02:33PM:
Re: [TWC] Warning Letter!

said by K Patterson :

Yep. Head for the security forum, read their FAQ's and get busy.

Yep what???
reply

dcurrey @ 7th Nov 03:02PM:
Re: [TWC] Warning Letter!

Don't they still have a free virus software. CA security software or something like that.
reply

K Patterson @ 7th Nov 03:08PM:
Re: [TWC] Warning Letter!

I'd say you have a nasty in your system and it is being used as part of a bot net.
reply

DrDrew @ 7th Nov 03:17PM:
Re: [TWC] Warning Letter!

said by dcurrey :

Don't they still have a free virus software. CA security software or something like that.

Yes. Get it here:
»help.rr.com/HMSLogic/security_ab···pic.aspx
reply

Slo @ 7th Nov 04:27PM:
Re: [TWC] Warning Letter!

said by K Patterson :

I'd say you have a nasty in your system and it is being used as part of a bot net.

I disagree,,, it is spam to me... They have tried to relay in the past but I am secure... I monitor my router with Windump and Wireshark,,, all the spam has one destination,,, my mailbox...

Below is a typical header... I think this warning is the amount of email traffic to me and by redirecting my mail I have stopped the maddness for now...

I am using AVG and if I find a way to use another AV with/out installtion I'm all ears... I think AVG is good I despise system killing AV software...

If someone thinks this should be moved to security Move it,,, I will find it...

Received: from spooler by mail.themoddepot.com (Mercury/32 v4.72); 5 Nov 2009 23:59:14 -0500X-Envelope-To: <XXXXX@themoddepot.com>X-SPAMWALL: Passed through antiSPAM test by Spamhalter 4.5.1.411 on mail.themoddepot.com (15)X-SPAMWALL: probability - 100.0%X-SPAMWALL: SPAM detected!Return-path: <annabelle.reyes_da@iuc.gnosjoregionen.nu>Received: from 41aw712 (220.72.234.198) by mail.themoddepot.com (Mercury/32 v4.72) ID MG000173;   5 Nov 2009 23:59:08 -0500Message-ID: <000701ca5e95$0ca81300$ae78a432@iuc.gnosjoregionen.nu>Reply-To: "Annabelle Reyes" <annabelle.reyes_da@iuc.gnosjoregionen.nu>From: "Annabelle Reyes" <annabelle.reyes_da@iuc.gnosjoregionen.nu>To: <XXXXX@themoddepot.com>Subject: get Hydrocodone and vicodin online easily..Date: Thu, 05 Nov 2009 21:55:58 -0600MIME-Version: 1.0Content-Type: text/plain;format=flowed;charset="windows-1250"reply-type=originalContent-Transfer-Encoding: 7bitX-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Office Outlook, Build 11.0.5510X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807 Purchase Rx~Medicationz Online!.. NO_Prescription_Required!Browse Our Website Today! -> http://easyonlinerxmedznow.com

amysheehan @ 7th Nov 05:35PM:
Re: [TWC] Warning Letter!

From what I see YOU are spamming for perscription drugs online using the Road Runner pipe into your house to access the internet and spam.

The email states: get Hydrocodone and vicodin online easily

and includes:
Purchase Rx~Medicationz Online!.. NO_Prescription_Required!

--
Proud Member of ASAP
DSLR Phishtracker
reply

K Patterson @ 7th Nov 05:45PM:
Re: [TWC] Warning Letter!

Yes, that looks like a bounce to me.
reply

Beachie @ 7th Nov 05:46PM:
Re: [TWC] Warning Letter help

I agree with amysheehan and K Patterson here.

Additionally, if you're a residential and not a business customer, you are violating the terms of service by running a mail server.
reply

amysheehan @ 7th Nov 07:44PM:
Re: [TWC] Warning Letter help

NOTE: tracert to IP resolving to the domain name ends with
cpe-76-189-106-97.neo.res.rr.com [76.189.106.97]

Dshield info »www.dshield.org/ipinfo.html?ip=76.189.106.97

Here's the who is record for his domain receiving the mail:
Domain Name: THEMODDEPOT.COM
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Whois Server: whois.melbourneit.com
Referral URL: »www.melbourneit.com
Name Server: NS16.ZONEEDIT.COM
Name Server: NS9.ZONEEDIT.COM
Status: ok
Updated Date: 21-feb-2009
Creation Date: 13-mar-2005
Expiration Date: 13-mar-2010

The Registry database contains ONLY .COM, .NET, .EDU domains and
--> /usr/local/bin/fwhois themoddepot.com@whois.melbourneit.com
[whois.melbourneit.com.au]

Domain Name.......... themoddepot.com
Creation Date........ 2005-03-14
Registration Date.... 2005-03-14
Expiry Date.......... 2010-03-14
Organisation Name.... George Uknow
Organisation Address. 112 Main Street
Organisation Address.
Organisation Address. Flemington
Organisation Address. 08822
Organisation Address. NJ
Organisation Address. UNITED STATES

Admin Name........... George Uknow
Admin Address........ 112 Main Street
Admin Address........
Admin Address........ Flemington
Admin Address........ 08822
Admin Address........ NJ
Admin Address........ UNITED STATES
Admin Email.......... saneithink@hotmail.com
Admin Phone.......... +1.9084209165
Admin Fax............

Tech Name............ YahooDomains TechContact
Tech Address......... 701 First Ave.
Tech Address.........
Tech Address......... Sunnyvale
Tech Address......... 94089
Tech Address......... CA
Tech Address......... UNITED STATES
Tech Email........... domain.tech@YAHOO-INC.COM
Tech Phone........... +1.4089162124
Tech Fax.............
Name Server.......... ns16.zoneedit.com
Name Server.......... ns9.zoneedit.com
---

Registrant is also from New Jersey as the OP :)
--
Proud Member of ASAP
DSLR Phishtracker
reply

Derwood @ 7th Nov 08:37PM:
Re: [TWC] Warning Letter help

nfs1# dig THEMODDEPOT.COM ; <<>> DiG 9.3.5-P2 <<>> THEMODDEPOT.COM;; global options:  printcmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29664;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION:;THEMODDEPOT.COM.               IN      A ;; ANSWER SECTION:THEMODDEPOT.COM.        7200    IN      A       76.189.106.97 ;; AUTHORITY SECTION:THEMODDEPOT.COM.        7200    IN      NS      ns16.zoneedit.COM.THEMODDEPOT.COM.        7200    IN      NS      ns9.zoneedit.COM. ;; Query time: 206 msec;; SERVER: 192.168.0.5#53(192.168.0.5);; WHEN: Sat Nov  7 20:33:16 2009;; MSG SIZE  rcvd: 95 nfs1# dig -x 76.189.106.97 ; <<>> DiG 9.3.5-P2 <<>> -x 76.189.106.97;; global options:  printcmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4670;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION:;97.106.189.76.in-addr.arpa.    IN      PTR ;; ANSWER SECTION:97.106.189.76.in-addr.arpa. 86400 IN    PTR     cpe-76-189-106-97.neo.res.rr.com. ;; AUTHORITY SECTION:106.189.76.in-addr.arpa. 86400  IN      NS      clmboh1-dns2.columbus.rr.com.106.189.76.in-addr.arpa. 86400  IN      NS      clmboh1-dns1.columbus.rr.com. ;; Query time: 62 msec;; SERVER: 192.168.0.5#53(192.168.0.5);; WHEN: Sat Nov  7 20:33:22 2009;; MSG SIZE  rcvd: 153

MX record points to you as well:

Definitely running a server of some sort from a residential line. Big no-no.

reply

Slo @ 8th Nov 11:29AM:
Re: [TWC] Warning Letter help

I still don't see anywhere in the header that I am the spammer,,, please point that out...
reply

Slo @ 8th Nov 11:49AM:
Re: [TWC] Warning Letter help

deducting that i am running a server was not the question it may be an end result but i need to know what kind of BS the spammers are doing... I can buy a static IP but i will still be dealing the spammer... I agree it is a bot net but I don't see the spam going to anyone else...

Are you people saying that i am running an illegal server therefore spam to me is viewed as me being the spammer...
reply

dcurrey @ 8th Nov 06:21PM:
Re: [TWC] Warning Letter!

said by amysheehan :

From what I see YOU are spamming for perscription drugs online using the Road Runner pipe into your house to access the internet and spam.

Doesn't have to be him. I have seen his before. Say I am a spammer and I don't want the bounces back to me so I would use XXXXX@themoddepot.com as my email address. Then all bounces go to him. To help find the true origin of the email you would need to see the header. This is just the reject email headers.

I checked some of the blacklist his ip isn't listed. If I recall RR was blocking port 25 anyway so he would have to relay to tw smtp servers.
reply

hottboiinnc @ 8th Nov 07:10PM:
Re: [TWC] Warning Letter help

TWC NEO will have his line along with RR. And from what I have heard once they shut you off in NEO or MidOhio/NW Ohio kiss your access good bye with them for a LOOOOOOOONG time
reply

hottboiinnc @ 8th Nov 07:12PM:
Re: [TWC] Warning Letter help

first off TWC NEO will NOT sell you a static IP unless you are a business class customer. Which it seems like you are not.

They have the proof and your own posts show that the emails are coming from you. Sounds like you need to go over to the Security Fourm like others have said to have your problem fixed. Otherwise TWC NEO and RR will have you line. Don't forget, RR CAN and WILL shut you off without TWC doing anything about it.
reply

swintec @ 8th Nov 11:42PM:
Re: [TWC] Warning Letter!

said by dcurrey :

If I recall RR was blocking port 25 anyway so he would have to relay to tw smtp servers.

Not in all divisions though.
--
Block Accounts | UseNet Now
reply

Slo @ 9th Nov 11:52AM:
Re: [TWC] Warning Letter!

said by dcurrey :

said by amysheehan :

From what I see YOU are spamming for perscription drugs online using the Road Runner pipe into your house to access the internet and spam.

sorry,,, XXXXX was placed by me for posting...

these are spam to my mailbox,,, nothing more,,, ZEN.spamhaus drops connection on 99% of them NXDomain 1% is coming from Hotmail and unless on a blacklist will pass ZEN and the like,,, likewise the Gmail forward also drops them with only Hotmail making it to the spam folder...

The letter states to check my RR mailbox for further warning,,, the only thing there was 30 RR spams,,, I reported them as such... spam is spam is spam... No further warning which supports my theory that I was flagged for incoming spam... My take is that 100+ spams per hour is bandwidth waste and could be better used to support customer flow...

someone here tried to relay off me via abuse.net I guess they were just interested in proving me wrong instead of helping...
reply

Slo @ 9th Nov 12:01PM:
Re: [TWC] Warning Letter help

said by hottboiinnc :

first off TWC NEO will NOT sell you a static IP unless you are a business class customer. Which it seems like you are not.

They have the proof and your own posts show that the emails are coming from you. Sounds like you need to go over to the Security Fourm like others have said to have your problem fixed. Otherwise TWC NEO and RR will have you line. Don't forget, RR CAN and WILL shut you off without TWC doing anything about it.

and why would you think I can not get a business account???

Your wrong the header shows I received the spam,,, please keep false statements out of this...

As a side note at&t just finished running fiber to the curb I can fly a paper airplane to the main hub outside my door,,, my plan before this crap... TWC does not own the internet...
reply

Beachie @ 9th Nov 12:32PM:
Re: [TWC] Warning Letter!

If Roadrunner Security was going to flag customers for inbound spam, why would they have measures in place help alleviate spam from customer's email boxes? Their concern is protecting their subscribers from outside spam sources, not singling folks out for receiving and reporting it. After all, you don't send your received spam reports to Roadrunner, they are reported to the originating ISP to be dealt with.

They provided you with a phone number for terms of service support in the letter, why not call them and ask what the issue is? We're obviously not supporting your claims here in this forum and they ultimately have the final say as to what the problem is and how to go about rectifying it.
reply

Slo @ 9th Nov 12:55PM:
Re: [TWC] Warning Letter!

said by Beachie :

If Roadrunner Security was going to flag customers for inbound spam, why would they have measures in place help alleviate spam from customer's email boxes? Their concern is protecting their subscribers from outside spam sources, not singling folks out for receiving and reporting it. After all, you don't send your received spam reports to Roadrunner, they are reported to the originating ISP to be dealt with.

They provided you with a phone number for terms of service support in the letter, why not call them and ask what the issue is? We're obviously not supporting your claims here in this forum and they ultimately have the final say as to what the problem is and how to go about rectifying it.

I came here for advice not to deviate... I like to walk into a fire with at least an extinguisher... I will call when I am ready...

I originally thought this might of been a form letter in which others have been privy... Comcast had a open port 25 in the comcast forum warning letters where handed out like halloween candy...

quote:
Their concern is protecting their subscribers from outside spam sources

probably a better way of stating what I mean...
reply

Beachie @ 9th Nov 01:17PM:
Re: [TWC] Warning Letter!

said by Slo :

I will call when I am ready...

You might not want to put that off too long as you might find yourself in "walled garden" status until you do contact them regarding the situation. Roadrunner Security doesn't take lightly to possible security and/or TOS violations.
reply

hottboiinnc @ 9th Nov 07:01PM:
Re: [TWC] Warning Letter!

his walled garden status will be disconnected with a screen saying he needs to call in to activate his RR account and then followed by a letter stating he needs to return the modem.
reply

hottboiinnc @ 9th Nov 07:06PM:
Re: [TWC] Warning Letter help

TWC owns the internet to your house until ATT decides to turn that VARD on. Also if RR tells TWC NOT to service your house with HSI TWC Business Class WILL NOT service you as well (I hope you're also willing to pay $50+ for a good connection from Biz Class IF you can get it after all this).

You need to read the AUP and TOS from RR and then again TWC's AUP and TOS. They are two different companies and both have their own agreements you are bound by since you use their connection.

The headers may say one thing but others don't say the same as you on this topic. TWC doesn't say that either and like someone else says, they get the final word that you will have to live with.

And just because ATT has a VARD at your house, doesn't mean you'll get service from it. I also have one next to my house- guess what, can't get service.
reply

Slo @ 9th Nov 07:55PM:
Re: Simple solution

said by dcurrey :

Think google still allows personal domains to be used for free. »www.google.com/apps/intl/en/group/index.html so you could just use google instead of your server until the problem corrects itself.

My bad,,, google apps does have a free version it is called "standard" in fine print,,, I just signed up...
reply