Slashdot Mirror
Internet Vigilante Justice, SPAM, and Copyrights
pdw writes "An interesting article about how vigilante justice on the Internet by anti-spam advocates can be just as threatening to the Internet as those proposed for copyright advocates."
← Back to Stories (view on slashdot.org)
I don't run or maintain any mail server that I use, so I can't beat on the spammers the way I want. There's no way that I can say "My server, my rules" as clearly as I could by using the SPEWS blacklist. The best I can do is send the LARTs and hope the spammers get nuked. *sigh*
Come to the University of Mars! Classes starting soon!
This article demonstrates the problem we are up against getting people to secure their networks.
His mail server is an open relay, and he still doesn't realize it. Worse, he's a lawyer. These are the people that will be setting policy.
I wonder if it is even worth e-mailing to explain the situation to him.
Not only is he a lawyer, but hes a lawyer with an open relay, and he doesn't believe that spammers will 'lie' to get that server to propagate their mail!
His server was set up so poorly that all it took was a forged header saying it was from his domain to get a message through?
Sounds like he should have been blocked. Come on, at the very least do some ip checking. It sounds like his server wasn't a textbook open relay, but it was pretty close.
Anyway, I think he should pick up the phone and call the dudes in Denmark. I think that being on an e-mail black hole list means never being ABLE to say you're sorry...
John
Authenticating by the domain that the sender says he is from is very weak...
Holes like this are what keeps the spam coming to my mailbox...
Platform independent bug tracking software
Well, setting your sender's address to a trivially guessed domain name (such as the reverse-mapped address of the host), you effectivly have an open relay. Guess what spammers are doing: they are using known-good addresses, and try sending spam from those addresses MX hosts in the hope that the MTA do this foolish kind of access check.
This has been discussed since at least five years, and has been a point in the many faqs and howtos on how to lock down your MTA for a long, long time.
If you really need to send mail through your MTA from arbitrary IP addresses, you need to employ authentication. Again, this is hardly a new technology, and many documents explaining how to combine SSL and authentication for SMTP exist.
How had it gained access to my mail server? Simple. It had forged the headers on its email to convince my mail server that the email it sent was from a permitted user.
One word: Authentification.
You see, my mail servers were set up to pass mail only from a domain name of which I am the only user. It blocks everything else. That's not an open relay. Unless you're a user in my domain, you can't use it.
Uh, it may not be a totally open relay in the literal sense of the word, but surely that still means it can be used to send spam, as long as the spammer figures out who to identify himself as - and if the Danes could do it, then it can't be that hard?
Any spam-block that relies entirely on the "from:" header is broken by design. What, spammers disguise their identities? Never!
When that appears in the first paragraph the rest loses credibility. Anybody qualified enough to be commenting on SPAM should be aware that simply by opening the email you may have verified the address as valid (if it contains an external image).
-----
interested in inventions?
He does seem remarkably clue resistant though. He *IS* running an open relay and admits it.
So what if you have to forge the FROM. It's not like spammers don't do that anyway.
This is the kind of thing you see every day in news:news.admin.net.abuse.email.
"Waah, I'm being blocked by your nasty list! I demand you stop blovking me or I'll drop piano's on all your heads! and I'm a lawyer!"
"A. no-one's blocking you, they're justing *choosing* not to accept email from known open relays (or whatever the perp feels accused of)."
"You're abusing my First Amendment Rights to 'Frea Speach'"
"Our list is based in the Gobi Desert. *Our* first amendment guarantees the right to tea with yak butter."
Also, searching for his email address to see if he had ranted on usenet, I found this: Archived Article
an Excerpt (from the above article by "R. A. Hettinga" ):
New Architect is a Microsoft/DotNet magazine. This article is
agitprop for Microsoft's identity solutions: UDDI, Passport, and Palladium.
Any reputation framework that arises in the wild would reduce the
profitability of a Microsoft solution, so they are going to badmouth it,
sue it, etc.
dave
I fail to understand how this can be a valid argument against bad-maintained blackhole lists. The author was listed because *anyone could use his server to relay just by using a MAIL FROM command sporting his domain name*. Sheesh! When you configure your relay ACL, you use *IP ranges*, not domains (an awful lot of spammers forge all the headers in the messages they throw out). Even better, you use SMTP AUTH. That guy didn't bother to implement a technically valid solution, and thus his mail server definitely *could* be abused. No wonder it has been put on a blacklist...
BTW, this doesn't mean there aren't stupid blacklists out there listing innocent people. But this article proves nothing. Moreover, there are now better ways to filter spam, based on message content checksum, like Vipul's razor. This is not the first time people bitch and moan about their badly-configured relays being censored by the antispam Nazis (I remember a guy, from the EFF I believe, that did the same thing some time ago) but they simply are irrelevant. Their solution is to RTFM and play by the rules. Period (grrrr, I really dislike bad admins :-/.
Xenu brings order!
Yeah, that's what got me. He's there running an open relay, but keeps whining about how it's not an open relay. Someone needs to whack up him upside the head.
funny munging
Anyhow, IMHO this is an other blabla piece from someone who doesn't realy has an understanding of what he's doing.. Typical american sollution.. let's sue..
Nobody expects the spanish inquisition!
This guy admits his e-mail server WAS unsecure and is complaining that he got blacklisted. I understand his fustration, but I'm glad he was blacklisted.
Now what's needed is a simple to use tool to help users determine if their systems can be comprimized. Any ideas?
For one, the Danish antispam organization falsified an email header to gain access to my mail server.
Translation: His mail server is an open relay for anyone who forges a from: address using his domain name. No password, POP-before-SMTP or other identification and authentication mechanisms are used.
He's whining because his open relay was correctly listed as an open relay. And he's even suggesting a tresspass-to-chattels lawsuit against the group that properly identified his server as an open relay. What a dick!
First off, he's right. A black hole list has the potential for abuse, and there need to be some checks to make sure they're not abused as such.
Second, once you're listed on a black hole, it can be hell to get off. My company had a secondary domain that was used for customer emails. It was, indeed, an open-relay due to misconfiguration. Eventually it got blackholed and our admins realized the mistake they'd made and set out to fix it. They did fix it eventually, but by that time the server was being slammed by spammers trying to use it as an open-relay. And on top of that trying to get the black hole list to remove the domain was difficult - it took well over two weeks, while the black hole-ing occurred in under a day. Eventually the entire domain was just dropped, since even with the open relay closed the spammers were still abusing the hell out of our pipe.
That said, as best I can tell the author of the article barely even tried to remedy the situation. Yes, the black hole system forged a header to hit his open relay. Duh. So do spammers. If they could do it, so could (and will) others, and that's why you're black holed. But I'm sure he could've contacted the people running the black hole to find out what he could do to fix the problem. Instead it looks like he just wants to take them to court.
Finally, black holes/black lists/spam filters/etc. aren't solving the problem. The bandwidth is still being chewed up, and as is pointed out in the article, the block lists act like honeypots for the spammers - everytime a new site is added the spammers find a new site to spam from. Sure, if you participate in the black hole you won't deliver the spam, but the bandwidth has already been sucked up from the backbones, and you're still using CPU power to deny the spam. As much as I'd like to see lawyers stay the hell away from the Net, I don't see any other way to stop spam than to make it illegal. It may be that most of the relays are foreign, but most of the spammers are in the US or another Western country. Anti-spam laws could significantly help.
ISPs on Anti Spam Hunt
MAPS Attack
I'm afraid I've got little sympathy for the author of the article. He is running an open relay. Yes, for someone to abuse it they've got to forge the headers. That spammers do this is news? I don't think so. So, he runs an open relay, it gets detected, he gets added to a blackhole list until he closes it, he's now upset that the list operator won't accept "Well, someone would have to lie to abuse my server, so it shouldn't count." as an excuse. Pardon my complete lack of sympathy for him. This isn't vigilante justice, this is simple shunning by the community. If he wants to restrict his server to authorized users, he should do just that. POP-before-SMTP and SMTP AUTH exist, they can be used. Requiring that someone forge his domain in a From: header is not securing a relay.
If what he says is true then his server is not as secure as it could be but it is hardly completely open. What should he be doing that he is not? What standard of hackproofing should every Mom & Pop on the internet have to meet, and why?
No, this guy *IS* an idiot. Based on what he says in his diatribe, he has his server configured to allow relay based on the sender email address. As he doesnt seem to realize he has discovered, this is NOT a secure way of configuring a server, and a server configured that way *IS AN OPEN RELAY*. Relay controls must be based on IP address, not sender email address. Other secure options include SMTP Auth and POP-before-SMTP.
His saying his server is not an open relay doesnt make it so. If some random person on the Internet can make his server send a message to some other random person on the Internet, then his server is insecure. Yes, spammers *DO* forge sender addresses in order to abuse these servers.
Spam, and the security and policies necesarry to try and get control of it, are by nature a very technical field. More and more people who are just upset that they cant mail, and thing the blacklists are responsible, and who arent willing to take the time to understand whats really going on, and starting to get off on their soapboxes like this. THEY ARE WRONG.
If you subscribe to New Architect, this guy wrote a followup article to this one after receiving a boat load of mail pointing out the he was in fact running an open relay. He admitted to being behind the times, etc, said he was sorry. He still doesn't take back the fact he's mad at the vigilantes out there. Sorry, there's no link yet, I think NA has a lag between the print and web editions.
:-)
Point being, if they can forge a header to get on your computer, a spammer can very easily do the same thing. An interesting thing on my campus is the technology department regularly scans and tries to hack into FTP sites running on campus, and sends an e-mail to the admins if they're successful. Some students got mad, but the moral of the story is, better to have someone trustworthy find your weakness rather than someone who's going to exploit it. This seems to be a new effective form of security that's emerging, since we can't depend everyone to stay up to date with the latest security issues, such as the Mr. Faussett in the article. I think vigilante is the wrong term, these blacklist ops are doing everyone a favor by helping to clean up insecure sites, which in the end saves everyone money. I propose we call them "Freelance Security Advisors" or something like that.
Blacklists are a lot like a security blanket, they make you feel comfortable but they don't do anything about the real problems. A recent employer (a university) was placed on earthlink's blacklist simply because a customer had pressed a wrong button and reported an email to earthlink as spam. (Admittedly, the manager who insisted on handling the mailserver himself was technically clueless...but there wasn't any ACTUAL spam we could find traced to our server)
First off, why is earthlink who is the domain of quite a bit of spam itself running a blacklist? Secondly, why couldn't they have at least bothered to send a courtesy automail to let us know? We finally found out when the sender of the original "spam" tried to send another email to her friend at earthlink. At that time it took a series of calls to earthlink to even find the department we needed to talk to! And then I found out that we'd been on their blacklist for MONTHS!
Blacklists should be carefully administered and you should develop your own as it's really not that difficult to set up blocks for individual domains. Too many domains are blocked by error or because one company put another on a blocklist that got circulated but never bothered to circulate that spamming domain had been fixed and removed from teh list.
Of course, a contributing problem is that many mailserver admins don't bother to keep proper security (or even keep their security patches up to day) for their server. It's way too easy to find a mail server that is VERY open to people outside the actual domain. But any truly working solution to the problem will have to involve responsible actions on the part of the "blacklisters" and the mail admins.
To play devil's advocate ... perhaps the notification from the RBL should be clearer? Instead of saying "you've been blackholed you nasty friend of spammers" if should say "you've been blackholed because your server accepts forged headers. I notice you're running XYZ server, so to fix the problem do A, B and C"
(Nb. I've never been blackholed, so I don't know what the notification really say. It could just be that this guy is illiterate)
----
* a phrase used on Slashdot about as often as "Why do all those Supermodels keep throwing themselves at me?"
Envy my 5 digit Slashdot User ID!
There are a variety of solutions to the technical problems that arise from wide-ranging internet access by the public. Those of us who were using the net in the late '80s recall sending and recieving email, unincombered by large volumes of spam. As internet usage gained popularity, so to did unacceptable practices undertaken by businesses and indeviduals.
SPAM is as much a social problem as a technical problem. Blackhole lists attempt to solve the social aspects of the problem with a technical solution - the idea being that the sender of spam is shunned and ignored when trying to communicate. I don't have all the answers but solutions like Vipul's Razor seem a bit more like technical solutions to the technical aspects of the problem.
Likewise, domain registration operates much like the wild west. He who hets there first, gets the loot. I was attempting to register an expiring domain at one point. It had expired 90 days previous and still had not been released by Verisign. I consulted my perfered domain registrar, who's generally vary helpful staff gave me this wild west analogy and suggested that my only recourse was to lodge a complaint with ICANN. We all know how helpful ICANN can be...
Any new technology opens up oportunities for baser elements of human nature to bear their collective ugly head. Over time the practices will iron themselves out and until then people like the lawyer, author if this article will probably have to suffer unless they want to contribute a positive solution. The Internet will eventually grow out indulging these childish behaviors but until then, we can only do what's best to protect ourselves from the poor choices of others.
--CTH
--Got Lists? | Top 95 Star Wars Line
You want to beat on spammers using spews.org? And here I thought you linked to some quite violent imagery involving a steel pipe and some quick lime.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
This article really turned my crank. What a load of hogs-wallop. To wit:
... :)
... I dunno). His actions are not only irresponsible, they are just plain stupid.
... I skipped to the end and read:
... ISPs use it voluntarily. Hell, switch ISPs if you don't like the level of access they provide you with!
... Why are you wasting the courts' time?"
For one, the Danish antispam organization falsified an email header to gain access to my mail server. Illegal access to a computer system is, if not a criminal violation, then a trespass on my private property.
Except that he previously admitted to asking the antispam people to check his mail server. So it isn't trespass if you invite them in. Or it's entrapment on his part, right?
As I've discussed previously in this space, one of the novel legal theories now catching on for these kinds of unacceptable accesses to computer systems is a centuries-old tort called "trespass to chattels." At a minimum, I ought to be able to sue the Danish company for the damage it caused me from its illegal access.
Alternatively, you could secure your f'ing mail server properly.
But in spite of all that, I could probably get an injunction, or least a dollar or two to compensate me for my injuries and establish that I have been wronged.
Always the lawyer
Who knows whether the organization is a real legal entity or just some name cooked up by a group of self righteous individuals.
At some point along here I gave up reading. This guy is a whining, deluded, litiginous fuckwad. And a bit xenophobic (maybe he had a bad experience with a Danish girl once
Okay
It isn't difficult to imagine that the RIAA could pressure a sufficient number of ISPs into subscribing to this copyright blackhole list and blocking access to their users, or to any traffic emanating from them.
Except (you half-wit), the RIAA would likely use pressure. The anti-spam list doesn't force ISPs to use it
I hate spam as much as the next guy. If I found out my mail server was an open relay (which we did at one point), I sure as hell would spend my energies fixing the problem, rather than ranting about it and plotting a lawsuit.
I really hope that if he decides to take legal action, some judge with half a brain will say "You could've solved this yourself in half an hour
Sheesh.
Tuus crepidae innexilis sunt.
Should we recommend this guy to Bernie Shifman just in case he's still looking to sue people?
Discussing this on /. is all well and good, but if he is really astroturfing, and it appears that he is, someone that understands what is going on should submit a response article to the New Architect site. The do accept submissions. Check out http://www.newarchitectmag.com/guidelines/. I would do it, but I am not an expert on setting up mail servers or on the effectiveness of the black list.
Lasers Controlled Games!
I was recently a victim of this problem. A machine at my former hosting provider (JTLnet, and they were already my former hosting provider before this incident) got infected by an email worm, and started propagating to everyone in that machine's address book - which seems to've included their entire customer-contact list. Being a modern email worm, it picked one address from that address book to spoof as the source of the messages, and I was the "lucky" guy so I ended up getting all the bounce messages.
There's a lot more to the story, but it's mostly about JTLnet and it's not their faults that are relevant here. The more interesting story is the part played by Verizon (my DSL service provider). Here's a major provider to millions of people, and their mail server was set up so it would happily propagate the worm's spoofed emails. A little experimentation quickly revealed that as long as the original FROM line (the SMTP one, not the one in the header) matched my email address the message would go through, regardless of where the connection came from. Unbelievable.
There is the tiniest shred of an excuse, though. I do remember being annoyed when they shut off SMTP access from outside their network entirely, so I couldn't reply to messages received on that account while at work. However, there are other ways to deal with the problem without allowing worms to spoof email through subscribers' accounts. SMTP authentication would be the obvious solution. A web interface for subscribers to specify which hosts could send email through their account would also have stopped the worm in its tracks. There's no excuse for a provider employing that many people to take the cheesy way out.
Slashdot - News for Herds. Stuff that Splatters.
The truth is that these home-grown spam mitigation methods do have their problems.
One of them is evident in the article: well-meaning users often do not understand what might be insecure about their server configurations, or what might need to be done to fix them. I am very comfortable with sendmail configuration, and I can tell you that setting up the authorizations correctly for mobile users to be able to send email safely is a narrow, twisty labyrinth in comparison to the big, flashing exit door marked "promiscuous relay".Another problem in the home-grown nature of these solutions is the tendency for them to be personality-driven, instead of professional. Often, IP addresses (or even whole ISPs) are placed on blacklists because the blacklist maintainer does not mind creating a little collateral damage if they think it might create a little extra pressure on a spammer or an ISP.
Some blacklists have blocked out entire hosting companies, including some of the biggest ones on the net, simply because they did not think they acted with sufficient alacrity against spammers in their midsts. This kind of wild overkill is unfortunately too common, and perhaps it's a good argument in favor of for-profit blacklisting, which would probably exert some good influence on the question of list quality.
Earthlink rejects mail from any IP address that belongs to a dial-up pool that attempts to connect to their SMTP servers.
Ostensibly, this is done to reduce "direct-to-mx" spam, which is a very common spammer tactic. Unfortunately, it also makes life harder on the home linux enthusiast, or home business operator who might be running their own perfectly legitimate sendmail server. All part of the collateral damage in the spam wars: Internet access and Internet business are slowly becoming more expensive and possibly moving out of the reach of people with limited means.
So what should we do?
First, I think that current law against junk faxes should be extended to include junk emails. This would not eliminate spam, but it would give us the ability to correct the spammers who operate out in the open.
As a Libertarian, I want to jealously guard the right of the people to freedom of expression. But that right does not and cannot include the right to expropriate other people's time or money. You have a right to make your voice heard. You do not have a right to force me to pay for it.
Second, I think that we should be careful about the blacklists that we use, and prefer those operated by recognizable and accountable companies wherever possible.
Finally, I think that for the forseeable future, filtering at the user desktop will be necessary.
(Cards-on-the-table time: I am working on a new solution for end users to eliminate spam from their inboxes. It is based on a new method, and it will work for any user who uses a POP email account. It will be ready for public beta soon. Please write to me if you want to learn more.)
The struggle against spam is definitely picking up, and I think that a new equilibrium is approaching.
Rather than focus on what constitutes an "open relay," which is really a technical issue rather than a policy issue, I'd rather see more thought given to the damage caused by blackhole lists. Are we really interested in championing their use? Spam today, something else "offensive" tomorrow? How different is this than when Chinese ISPs decide to block Google? As vile as spam is, I don't think this is the right tool.
My response to the original letters sent in by New Architect readers:
Thanks.-- Bret
www.lextext.com
Yes, blacklists aren't perfect. But if you do what it takes to plug up obvious security holes in your service, you can get off of them; it may take time, but the volunteers who run these things need to verify that you have plugged up a hole, or that your service was always secure. I'm sure there are a lot of people added to blackhole lists who shouldn't be there, because some mistake was made. At the same time, I think the vast vast majority of people griping about being unfairly placed on a blackhole list are just people who don't understand the technical security flaws in their system.
/. makes me wonder about CmdrTaco. Taco, don't you read these articles at all? Or don't you even know that this is a security hole so big and obvious that even MS could have recognized it and plugged it up?
/. This method can effectively be used to filter out messages which are spam based on the headers, via user input; i.e., the user tells the program via the header, "this is spam, that isn't". The program then analyzes the characteristics of the header and modifies previous assumptions accordingly. Think of it as going to Las Vegas and flipping a coin. If you flip the coin 100 times and you get 51 heads and 49 tails, do you conclude that the coin is unfair? Depends. You have a previous assumption about how reputable the casino is; if you think its unreputable, maybe you think the coin is unfair; if you think its reputable, you probably think its fair. What if you flip the coin 100 times and you get 2 heads and 98 tails? Then your first impression is that the coin is unfair; the evidence strongly overwhelms your previous assumption that the coin was fair, so you modify your hypothesis. But if you then flip the coin another million times and you get 500,001 heads and 499,999 thousand tails, you probably conclude that the coin is fair, despite your first impression. Same thing goes on with e-mail.
Prime example is this idiot author. I'm not security expert -- in fact, I (gasp) don't even know how to set up a server. But I can recognize a security hole as big and obvious as the one his system has. If all someone has to do is forge a from address in the header to use your system for their e-mail without authorization, your system is completely insecure. This author displays his complete ignorance when he says, "the system was doing what it was supposed to do". Every system does what its supposed to do, and that's depends on how it was programmed by the programmers and set up by the administrator. That doesn't necessarily mean every system is doing things the right way.
That this story was posted on
At the very least, your service should request password and user-name verification. IP-address verification possibly, if you don't want to allow your users to be able to access it from any remote location. Someone needs to slap this author with the clue-stick. He fell off the a 300ft high dumb tree and hit every branch on the way down.
The author does, however, make two interesting points, though these are hardly news. (1) It takes forever (i.e., weeks) to get off a blackhole list; this is understandable, since these things are run by volunteers, and it takes time to verify. (2) Blackhole lists are used by spammers, which allows them to slam any domain on the list. This is something which needs to be fixed. I think this is that rare case where security through obscurity works. The only people who should know all the domain names on a blacklist are those running it. People running domain-names that have been placed on a blacklist should be notified so they can fix it, and if they want notify the public. But because these blackhole lists are available for anyone to see, spammers use them and effectively DoS those who are on the list, making their life difficult.
Oh yea, almost forgot. The title of this post is "Legal action needed," because I think laws are needed to deal with this problem. Spamming might not be particularly profitable, but its also not at all unprofitable; theoretically, it probably wouldn't even cost a cent to send spam to everyone on earth with an internet connection. Thus, spammers will continue spamming, because they have no reason not to. Even if only one out of a thousand people actually buy something from that "make your dick bigger by jilking" spam, it still amounts to something worthwhile for the spammer.
They will never stop unless there is a strong cost associated with spam. So what I propose is tagging very high high fines onto any spammer -- millions of dollars. Enough to bankrupt an individual and keep him in debt for a long time, or enough to send a company into Chapter 11. I'll admit that we won't catch many spammers; maybe 1 out of a 1,000. But when you can't catch most people who do something and punish them accordingly, the way to stop an activity is to say we'll punish anyone caught inordinately.
I strongly disagree with the misguided notion that somehow dealing with our spam-problem violates the principles the internet was founded on. This is just an example of community action to deal with a problem.
The anonymity that the net gives us is valuable because it allows those who have controversial opinions to speak privately; because it allows those who have inordinate interests (i.e., occult or pornography) to pursue them in privacy without fear of public scrutiny; because it allows us to share information though P2P networks without fear of a slap-down from the RIAA. No useful purpose is served by spammers using annonymity; it neither promotes a public good, nor facilitates them in excercising their rights; rather, it facilitates them in doing harm to the public and violating the rights of others. The community is dealing with that problem in many ways.
One of them is blackholes. Crude, but somewhat effective. Simplest method. It is valuable not so much because of the spam that it blocks, but because of the action it forces service providers to take -- securing their systems against spammers.
Another is bayesian filtering, as was recently mentioned on
Another method -- one I prefer -- is simply blocking any messages from those whom you don't have in your address book or on your "accepted senders list". This effectively blocks out all spam. You have to, however, keep an updated list of accepted e-mail addresses.
There are many others.
No method is perfect. My method blocks all spam, but also will block anything from anyone who I don't have on my accepted senders list; so I have to be vigilant in maintaining such a list. Bayesian methods effectively have no false positives or false negatives, so are pretty damn good. The primary usefulness of blackhole lists is making services secure their systems.
social sciences can never use experience to verify their statemen
Forging the 'From:' header is one of the most common spammer tactics known. If the guy's server responds to such a forgery by sending the forged message out to the world, then yes, he is indeed running an open relay EVEN IF it won't forward messages from, say, 'spammer@here.com.'
Any mail server worth its salt needs to look at more than just the 'From:' header. It needs to look at the originating IP address of the machine trying to send the message. If said address is not part of the mail server's local domain, the traffic should be rejected with extreme prejudice.
The article reads very much like a whine from someone who doesn't know enough about how a mail server works (or is supposed to work) to be running one; "Those Evil Censorous (sp?) Anti-Spam Nazis forged my domain name and cracked into my system! How dare they?! Even though it's the same trick a spammer might pull, how dare they?!"
This guy needs to get a clue. Quickly. In fact, I'm going to make sure to block his server out of mine when I get in tonight.
Bruce Lane, KC7GR,
Blue Feather Technologies
Spammers never lie or forge domain names! So of course it's unfair that this lawyer's mailserver was blacklisted. . .
Bah. With all the money lawyers make, you'd think he could buy himself a clue.
!#@%*)anks for hanging up the phone, dear.
The internet is often a useful tool for communication. It's also often a tool for complete idiots to share their useless opinions with the masses. This guy has an insecure mail server, gets blacklisted, and asks the blacklisting org to check his mailserver. He then bitches when they find a hole and get in, and decides he should sue them for illegally entering his server.
He claims they caused damage, but all they did was fulfill HIS request to double-check his server, and didn't in any way disrupt any functionality of his server, other than using an existing hole
Another spam-pigeon who thinks his right be leave his ass flapping in the wind overrules the rights of others who don't wish to get a gazillion messages bounced off his insecure server.
A few quotes to laugh at:
I asked the blackhole list service if it would kindly re-scan my mail server and make another determination as to whether it was an open relay
For one, the Danish antispam organization falsified an email header to gain access to my mail server
At a minimum, I ought to be able to sue the Danish company for the damage it caused me from its illegal access.
Debating on anonymously spamming this guy with a few, 'got spam? you're a moron' messages from his owner server... - phorm
I just read your articles /s=2442/n a0802g/index.html) about
(http://www.newarchitectmag.com/document
open relays and figured I'd email you with my experience. For my day job,
I work network security (handling spam complaints, hacking, etc) for an
extremely large public educational institution, so I see an extremely
large number of spam complaints, spam issues and whatnot every day.
If your mail server is allowing mail to be relayed to it through the
domain it advertises, it is an open relay. Period. An open relay is a
relay that permits an unauthenticated, unidentified host on the network to
send mail through it. Your claim that you are not running an open relay
simply because you only allow mail from users on your domain demonstrates
a fundamental lack of understanding of the mail protocol. The FROM
field is not any kind of authorization, it's not a login, it's completely
arbitrary and should never be used to allow or disallow mail except in
rare cases where virii may email out with fixed FROM addresses that are
known to not be legitimate.
Your mail server advertises what domain it claims to be (and likely has
reverse dns to supply a spammer with the domain), therefore it's trivial
for any spammer to (as the denmark organization did) simply but a from
address of your domain. And are they lying? It might be interesting to
note that since your mail server is sending the message, the mail ~is~
from the domain they put in the from field.
The issue is not that some anti-spammers spoofed a from field. The issue
is that your mail server allows relaying of spam email. I'm sorry you see
it otherwise. There are other effective ways to secure your mail server
so you can travel and still have access to it, but your current
'protection' is not.
If you would like more information on how exactly you can configure your
mail server to not be an open relay and still allow remote access, please
feel free to respond via email and I'd be glad to help.
If they make a mistake, you and your organization are screwed until they decide to admit their mistake and correct it -- if they ever do. They have cute, pat answers to explain away any responsibility for their behavior and generally refuse to communicate with those they block. I have had a nasty experience recently with "relays.osirusoft.com" where a client of our was using them as a part of their Postfix RBL configuration. Some Nazi^H^H^H^H German nominated our mail server as a spamhaus when we were not. Without being tested, our server was blacklisted -- I checked my logs and saw no check on the date we were listed. We received no notice, no automated robot checked out server or would anyone respond to my inquiries, just accusations that I was supporting SPAM--an absolute lie. If you are listed, you have to be an evil SPAM supporter with their mentality.
It took one month of constantly e-mailing their retest e-mail address. Daily checking of my mail logs and seeing that their robot was being rejected from relaying, yet, we were not taken off the RBL. Finally, after a month, we were removed. Nothing changed in our configuration, no notice was given as to why we were removed nor why we were added outside of the nomination origin. We were just lucky that "relays.osirusoft.com" decided to do what's right but was too cowardly to admit they were wrong. Hiding behind the anonymity of the Internet with no responsibility to the people they harm. We will never know how many e-mail messages were lost because of "relays.osirusoft.com"'s mistake.
Pathetic.
Strange women lying in ponds distributing swords is no basis for a system of government.
One could have predicted that the vast majority of Slashdot readers would have responded with, "This guy is an idiot because ... misconfiguration ... blah blah" without addressing the underlying complaint. The more important issue is that a group of unregulated volunteers (albeit well-meaning volunteers) has the power to block any server from sending mail, by placing it on a blackhole list. Nobody is holding these people accountable for the power that they wield, and their grievance procedures are either obscure or non-existent.
Toronto-area transit rider? Rate your ride.
Here is what I wrote to this guy back on July 25 when the article had just come out. I never received a response from him. Was he totally embarassed by his idiocy once it was explained to him? I guess so.
<lettertext>
I just read the article you wrote on New Architect Magazine entitled "Blind Vigilantes; Blackhole lists offer dark prospects". I feel you have missed certain points in your analysis, and as a result, you misunderstand what is going on. That's OK, because the majority of network administrators still do, too. As a lawyer you would not be expected to know this kind of stuff. You clearly know a lot more about it than the average lawyer. I'm writing in hopes of filling in the gaps. I sincerely hope you have the time to read this. It's long, but I think this is important.
First of all, I use these blackhole lists myself, so it is possible that your reply to me could bounce back. I can override it if I know the IP address of your mail server. But I won't know it until there is a server log telling me about it bouncing. What I'll do is get your IP address at that time, add it to the exception database, and you can repeat the reply later on. Or you can send me mail from Hotmail, which I believe is not blocked anymore.
I want to fast forward to the point in your article where I think the main misunderstanding is:
One of the methods spammers use to send their mail through a mail server configured like yours is to do exactly what you are complaining about. I see upwards of 10,000 of these a day on my servers. The spammers have these massive lists of email addresses, quite many of which are valid. What they do is look up which mail server those users would use, which is not hard because that's exactly what the whole system is designed to be able to do. Every delivered piece of email had to do that. Once they have this information, then they forge that user in their FROM line and start sending mail to the user's server. In the case of a server set up to test only the domain name in the FROM line, it works, and the spam message gets sent on its way.
That's why your mail server is considered to be an open relay, because it is possible for a spammer to use it, despite the fact that they are doing something illegal such as forging your domain name. If it lets a spammer forward mail, it's an open relay.
It is standard practice for every program (there are several available) which does the open relay tests to try dozens of different ways to fool a mail server into forwarding mail. Forging the domain name of the users of that server is one of the simpler tricks. There are some that are more complicated. These programs are simply doing exactly the same thing that a spammer would do. It's the same principle used by security test programs which test whether or not a computer can be broken into. They have to pull all the punches a hacker might try. Otherwise such programs will fail to detect a flaw and the program itself will be worthless.
I periodically run tests on all my mail servers to make sure I have not accidentally configured out the relay controls. I watch these tests take place, and they do this forgery exactly as expected.
Actually, that is not true. Read on and this will be explained.
Last year, one of my client companies, a local web hosting business, had a case of one of their customers running a spamming operation right from the server they were paying my client to use, in violation of their AUP. The customer got cut off, and my client asked me to help him clean up the mess. In so doing, I obtained a copy of not only the spamming software (a special version intended for running from web servers), but also a copy of a big list of about 1.5 million addresses.
There was something very interesting in this list. The first 1000 or so entries were email address that were familiar to me. They were OTHER SPAMMERS. That's right, other spammers have their own names in these lists. What that means is if any spammer discovers an open relay, the others find out about it fairly quickly. The "spammer network" as I might call it is very well connected. They all see the successes of the others. And much like wild animals on the African Savannah when one makes a kill, the others circle around to take their own bite out of the carcass. That's what is happening to your server.
The anti-spam group have some of their addresses on these lists, too. That's how they first find out if your mail server is an open relay. They get spam that some spammer who found it relayed through. That's how you were first put on the list.
The blackhole lists are run through a distributed database called DNS. This is the same thing that allows looking up a domain name to get the numeric IP address which the routers use to send packets to the correct destination. But the point about it is that DNS works as a general distributed database, and unless someone runs the DNS server wrongly, there is no mechanism to get a list of these addresses. All that can be done is to pick and address and do a lookup. Unlike a regular database, there is no means to do a query lookup like "give me all the IP addresses which are open relays".
In reality, there are sometimes some breakdowns in that security and the blocked addresses can get out. I've acquired one such list myself. But for the most part, spammers do one of two things. They scan the net at high speeds looking for open relays, and they scan through their mailbox which is on the lists to check for good pickings in recent spam they received.
They have a legal defense. You actually gave them permission to do the scan. Although you did not know the scan involved the address forgery, their defense is that the practice is the only way to test to see if a mail server is an open relay (that is, if it could be used by a spammer who would forge the address). As mentioned above, this and many other tests like it are standard practice in security testing (and testing for an open relay is simply one form of security test).
This is why when an open relay listing is in the database they will not remove it by periodically testing on their own accord. That would truly be illegal. They require you to consent to the test before they will do it. And again, the standard for these tests is to do exactly every know trick a spammer would try.
It is not their test that put you in the list in the first place. It was the fact that they received a copy of spam that some spammer relayed through your server first. It is that spammer that trespassed on your server and caused you the real harm.
Those who compile the database are just the messengers. But your real problem is that these guys are just the little fish. The big ones are even harder to reach. They are rumored to be in Bulgaria, an Eastern Europe country formerly behind the infamous Iron Curtain.
And there is the risk that they would win if they were present to defend their practice. They would certainly bring up the point that the original listing was due to a spammer discovering your open relay, and that they received permission from you to test their server.
The choice to use the information from blacklists to reject delivery of email in a mail server is something the owner of the mail server would do. This becomes a private property issue. I have the right to refuse any mail into my mail server I wish (except on the basis of the few parameters law now prohibits, like gender, race, religion, etc). I have the right to get my list of IP addresses to block from anywhere I like. If Joe down the street tells me he blocked email using his private little list of IP addresses and it cut out 90% of his spam, then of course I'd like for him to share it with me.
Could there be an issue of libel here? Sure, there could. But it's a clear line between saying "You are a spammer" and saying "Your mail server allowed a spammer (who uses forgery) to send spam to me, and when you gave me permission to test it, I found that by mimicking just what the spammer would do, it was still allowing it."
I do worry that the techniques used to reduce and prevent spam could be put to less noble uses. I also worry that facilities that exist on the internet to allow anonymous communications (which some people sometimes need to have) are abused by spammers (there are techniques to reduce that abuse) and in turn blocked by anti-spammers.
Personally, I don't consider the anti-spam movement to be less noble than peer-to-peer file sharing. The vast majority of what is shared on those networks is copyrighted material being shared well beyond the rights of the copyright owners. While I'm not advocating that those file sharing programs be outlawed, or the networks they use be shutdown, I do consider it to be less noble a thing that the effors of the anti-spam community to help keep mailboxes cleaner.
It depends on who is doing the breaking. If I break connectivity in my own server, even if I use information from someone else that I choose to use, who offers that information to me freely (I didn't illegally copy it), then what law have I broken? What tort have I committed? Who have I harmed? If it involves my customers in a service I provide to them, then it's a matter of the business relationship between me and that customer. In practice, my customers want the spam blocking since it proves to be very effective against spam.
As to your mail server. It is an open relay, and it needs to be closed.
If a thief enters a building by opening an unlocked door, it is breaking and entering. Merely opening the closed door was breaking, as opposed to the door being wide open. It does not matter if there was a lock on the door or not. It does not matter if the lock was left unlocked. It is still breaking.
Your mail server has a closed door, but it has no lock. You are making the assumption that spammers won't do the "breaking in" thing with address forgery. But they do. What you need is the equivalent of a lock on your mail server. Instead of just checking the FROM line to see if it has your domain name on it, it needs to check something that a spammer simply cannot forge at all. Usually this is an IP address. If you want to be able to use your mail server from other locations, then the IP address is not good enough. There is another method that is used which requires you to log in to READ your mail first. The way that works is when the mail reading login is done, the server notes what the IP address is from which the successful login came, and puts that IP address in a list which is valid for sending mail for some period of time, say maybe 30 minutes to an hour. Thousands of people use this technique successfully. It's typically called "SMTP after POP" (in reference to the POP protocol used to read mail in most cases).
The following has a number of useful links to help in testing and closing an open relay:
</lettertext>
now we need to go OSS in diesel cars
Unlike "sharing" of "marketing information" by credit card companies, telephone companies, and banks, blackhole lists for email ar opt-in.
You have to explicitly subscribe to someone else's judgement in order for it to have an effect on what you block.
Your argument about the putative "RIAA P2P blacklist" is flawed, in that you would have to go out of your way to elect to subscribe to RIAA's judgement.
A much more salient argument might be Palladium, which is effectively a black list of people who do not used Palladium, and which holds you hostage via the use of monopolistic power in the marketplace. A black list which forces you to use it -- which is not "opt-in" -- is much more of a threat.
PS: In your original argument, you had exactly one valid point, which was that the original probe of your email server -- before you asked them to recheck it, thereby giving them permission -- was in fact a criminal trespass on your system. On the other hand, from a legal standpoint, it's probably easy to argue "attractive nuisance" in defense of the original probe, particularly if your mail server had been reported by a third party who had received SPAM via it.
-- Terry
People like this can't be educated. He has taken a stand and refuses to believe that his mail server is an open relay even when presented with irrefutable evidence. He KNOWS that his mail server accepts forged mail. The problem is VERY clear to all the parties involved.
This lawyer is both stupid and stubborn which IMHO is the worst kind of lawyer.
As an FYI, most rejections refer you to web pages on the RBL which explain things. None of the web pages I have EVER seen has said anything about "you nasty friend of spammers". Instead, they generally inform you that you are running an open proxy or relay and point you to information on how to fix it, however they rely on YOU (or your administrator) to know what mail server you are running. The web page has NO way of knowing which mail server you are running based on your browser / browsers IP address. Note that SOME rejection messages can refer you to a CGI script that looks up the offending mail server info, but not all MTAs support the ability to customize error messages in the fashion needed for this functionality.
Sometime in the next week or so, I am going to stop by your home and probe for any security problems that a burglar might exploit. I know we have never met before but its in your best interests. Since I have the best of intentions, I am sure you won't mind. You wouldn't want to leave your home with security holes in it?
Strange women lying in ponds distributing swords is no basis for a system of government.
Let it be a problem for those that don't know any better, or how to deal with it. Set up a SpamAssassin-enabled mail server for you, your buddies (or clients) and let the rest of the world deal with the junk.
Junk-Filter that works. End of problem!
You are forgetting the fact that spammers use forged addresses and third party open relays. They will NEVER GET THE ERROR MESSAGE. Instead, the incompetant sod running the open relay gets to deal with it.
This guy is part of the problem. He was told he had an open relay, he didn't believe the people, so they demonstrated that he did, infact, have an open relay. Instead of trying to fix the problem he instead wants to sue the people who told him he had a problem. It isn't like they were obligated to let him know...
Kintanon
Check out JoshJitsu.info for Brazilian Ji
That is almost exactly the my reaction a couple of weeks ago after reading the print version of this article. In fact I included pretty much this same info in an email to the author, along with some recommendations of how to close his "partially ajar" mail relay. Two weeks out now, and no response to it yet... Or maybe he did respond and my spam checker bounced it for him being on an open relay :grin:
To err is human, but to really foul things up requires a computer
He even published his email address, so you can check it yourself if you like, but you scum don't bother to check facts, you just subscribe to the blacklists and pretend your penis is larger because you can block someone's email. Fuck you and all like you. Vigilanties suck, and the day will come when you will pay for your actions, because the government will eventually be forced to send in a Marshall to clean up Dodge, and thanks to you fools the internet will be under Marshall Law. But at least you wankers will be shut down, so it won't be all bad.
If all this should have a reason, we would be the last to know.
So what if mail servers accepted SMTP for inbound mail only, and required POP for outbound mail? Mail arriving from points unknown would be accepted via SMTP, but mail heading out would need that initial authentication -- no more forged headers. I think it's a great solution: it's compliant with IETF standards that are in place today. There's one problem.
Since PMMail, and I assume its short-lived Windows version PMMail 95, I haven't seen any mail clients that support POP for outgoing mail. Given the problem with spam and forged headers, I can't believe that no one has seized upon this idea.
Anyway, if the response is positive enough, I may be motivated to crack open some open-source mail client add support for outbound POP...
He maintains that no one should be lying in order to relay using his server, and I agree. Sure, locking it down is a good technological way to prevent abuse. But, maybe this guy would rather see a law against forged headers. Anyway, as far as he's concerned, his server IS locked down, assuming no one fasifies his identity to get into it. Similarly, if he restricted relaying based on IP address, his server would then be "secure" assuming nobody breaks into his house or sneaks onto his wireless network, etc.
Being a lawyer, I think this guy's real goal is to get some kind of law passed or legal precident set. Without that, a technological solution has little power behind it if it's bypassed.
I meant to say "I think that this guy, being a lawyer..."
You're speaking of SPEWS. And the whole point is that because spammers move around to evade blocking, the front line of defense is the ISPs. Blocking just the spammer alone is a futile effort. Getting spammers disconnected doesn't work at too many of the larger ISPs because they would rather take spammer money than keep non-customers happy. So of course the logical way to go is to block ISPs. And SPEWS doesn't immediately block a whole ISP (unless they are so small they have less than a class C network or something). They raise the pressure gradually so the ISP gets the message before too many customers are impacted.
The only way these ISPs are going to respond to dealing with spammers is when they are forced to decide between the revenues of spammers vs. the revenues of non-spammers. Absent that force, they just keep spammers online and the internet suffers. With that force, most will eventually see the financial issue and make the decision (and yes, some have decided to go with spammers and have gotten 100% blocked ... and rightly so).
As long as you stay with an ISP that supports spammers, then you are, every time you make a payment to them, saying "It's OK for you to keep spammers online because I'll keep paying you even though it causes me grief". If it's so costly to change ISPs for you, then maybe you should have done due diligence in the first place to discover what their real intentions are with regard to spam.
I already ignore spammers. They have not gone away. That idea is stupid because there will always be some small percentage that don't ignore them, and it only takes that small percentage for them to get more money out of spamming than they put in. Then while they spam, they force us to do deal with all the junk. Even if you just count the 3 seconds it takes to delete each piece of spam at a typical low end wage of an office worker, spam costs over a billion dollars a year (at its current rate) just in lost worker productivity in the USA. Now that Europe has caught up and edged past the USA on internet users, I'm sure the figure is nearly as high there, and will soon be higher. And this doesn't count the time it takes for staff to manage the situation and clean it up.
What's a little guy to do? For starters, try convincing your ISP to stop supporting spammers. But if you say to them "because it costs me so much money to move to another ISP, I will stay with you no matter what you do", then why would they give up the revenue from the spammers just for you? Maybe what you should do is figure out why and how you got yourself into a mess where you can't change to another ISP?
now we need to go OSS in diesel cars
I make it known to my customers that inbound mail is subject to spam filtering. I even make available to them a list of all the spam (what server it came from, and what MAIL FROM had in the SMTP) attempts that got blocked. If they discover something they want is getting blocked, I can whitelist it. And I have done so already in a couple of cases. Being small, I can do this myself. Eventually I'll have to automate this so I can grow. The plan is to give each user a choice which blacklists to use, and give them their own private blacklist and whitelist, and the ability to automatically allow inbound mail from anyone they send outbound mail to. Is that reasonable enough for you?
now we need to go OSS in diesel cars
"An end user's choice devolves to changing ISPs".
Or running their own mail server, yes. That's correct.
This is, though, completely orthogonal to your original argument, and I don't think it's a legitimate complaint, even if you come down to lack of choice. As a Californian, you don't have any choice about having the oxygenate MTBE in the gasoline you buy for your car, no matter which gas station you go to, even if your car was manufactured since 1981, and has an Oxygen sensor, causing the fuel to be burned more rich, and actualy causing *more* rather than *less* pollution.
Individual filtering is also not a good answer. Filtering after download multiplies the problem and the amount of computational effort required. It also has you paying message units for the transfer of the unwanted email, if you are using a commercial phone line in the U.S., if you are using a cellular phone, if you have elected that tarrif for your residential telephone connection, or, if you are a European or Japanese user who has no choice in the matter.
Filtering also has the undesirable side effect of everyone having to accumulate their own, potentially very large and expensive to accumulate, undesirable sender list.
Filtering on the server side to avoid the download has these same negatives, as well as increasing the amount of CPU cycles that have to occur at the ISP (at least at the ISP, the cycles are amortized across all users selecting a set of filtering options, instead of being a per user cost). Still, why should I have to pay more for an ISP who has to pay more for compute cycles for more flexible filtering?
The problem comes down to one of unsolicited senders costing a recipient money.
In any case, since you are running your own mail server, you have the choise of whether or not to use a black list. If you don't opt-in to one, then you aren't a member of the class that you are complaining about anyway.
I don't think you have a valid legal argument against black lists, unless you are in fact forced to utilize one as a conditon of not being black-listed (e.g. as Microsoft's Palladium permits, and will inevitably encourage as a result of non-interoperability penalties).
-- Terry
Yeah, that is what you think...
(Yes, I know the difference. Just couldn't resist).
They won't know, unless they were expecting it in the first place, or the sender found a means to tell them, or they discovered it in the list I make available to them (a scan of server logs filtered on their email address for the past 90 days). I do want to make that work better.
now we need to go OSS in diesel cars
This is rather like partly dried bullshit. It doesn't smell as bad as completely fresh bullshit, but it still smells -- no matter what you want to call it.
Sendmail config docs give a stern warning about enabling relays based only on the the senders alleged domain name. That the author ignores such warnings and complains about people who complain that his machine is willfully mis-configured is an example of why some people distrust lawyers. I say willfully because most modern mail server configs don't allow domain name spoofing by default.
As my sister (also a lawyer) once said, after a tornado attack:
Too bad you can't sue god.
Free Software: Like love, it grows best when given away.
You can configure your server however you want -- On the other hand, if you Insist on configuring it in a way that is documented as allowing spammers to abuse your machine. who are you to tell Me that I have to accept email from such an ill-configured box.
The more interesting absurdity is that he asked these people to test his server. Now he's claiming that he can sue them for doing what he asked them to do.
Free Software: Like love, it grows best when given away.
Great! so not only is his box an open realy, it doesn't even handle legitimate email properly.
Oh, well.
Free Software: Like love, it grows best when given away.
The same point remains. His server based authentication on the forgeable domain name. Some spammer did discover his server worked that way. I see spammers frequently testing my servers exactly that way, by trying to use local domains, including the name of the server itself, to see if any of those have been blindly (and stupidly) configured to allow relaying. They don't get through mine because I don't configure it to trust forgeable information. And it is easy for a spammer to try this because he already has lots of email addresses from which he can do MX lookups to find mail servers. If that server is stupidly configured, that email address stands a good chance at being allowed to relay by merely being the MAIL FROM or the From: address. If that doesn't work, they try the reverse DNS of the mail server IP address as the hostname part. Some spammer did that on Bret Fausett's mail server, and at least one of those spams went into a spamtrap mailbox, resulting in the initial listing. Then when he discovered the situation and read about how to get it unlisted by being tested, he asked for that, probably without yet knowing the mechanisms the spammer used, and therefore that the relay test would have to use. When he discovered that the test mail forged his own domain name, he got into a tizzy and started writing his article.
It doesn't matter what the mechanisms actually are. There are many others that some mail servers will be fooled by to allow relaying. If a spammer can use it to relay spam, then a relay tester must include that mechanism in the testing to determine if that particular mechanism has now been closed.
now we need to go OSS in diesel cars
The university clearly has the right to test its own network in whatever way it chooses. The students don't "own" the network, they are just granted the right to use it in whatever way the owners want.
As for the guy in the main article, he also asked to be tested. So, where is the "without permission" part?
And as for getting in a blackhole list in the first place, no one has to probe his server. Some of us still can read email headers and determine where some piece of email came from.
That line makes you the lawyer (I know you were referring to him being one). Without a technological leg to stand on, no law has any power behind it. There are already laws against accessing a computer without authorization, fraud and unsolicited commercial email. Now we need a fourth law to cover this activity? Get real.
I spent a year in Iraq looking for WMD and all I found was this lousy sig.
To satisfy your specificity, just think I am your Dorm Resident Advisor and I want to make sure of your Dorm Room security. Therefor, without warning to you, I start to probe the various ways I can I break into your room. Hey, its just the University's dorm. They have a right to make sure all students living in them are secure. And what do you mind? If they happen to "stumble" on your 6 foot water pipe disguised as a Sunflower stand and kick you out, its for your security. How can you complain?
Strange women lying in ponds distributing swords is no basis for a system of government.
telnet naam.pair.com 25
.
Trying 209.68.1.237...
Connected to naam.pair.com (209.68.1.237).
Escape character is '^]'.
220 naam.pair.com ESMTP
HELO test.lextext.com
250 naam.pair.com
mail from: randomuser@test.lextext.com
250 ok
rcpt to: bret@lextext.com
250 ok
DATA
354 go ahead
Hello Mr. Fausett,
your mail server is wide open. please fix it.
250 ok
quit
221 naam.pair.com
Connection closed by foreign host.
So it seems the article published in New Architect is wrong. It is defamatory and it is claiming that the guy is innocent while he's guilty as sin.
I guess that's what passes for lawyers nowadays...
Please DO NOT flood the poor guy with email. He's enough trouble already: He's a lawyer, he's been caught pants down after claiming he wore belts and suspenders, he's a lawyer, he's been blacklisted, and he's a lawyer.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
Virtually all modern E-mail clients (yes, even OutLook) and SMTP servers can be configured to use that.
There's just no excuse for open relays anymore.
/Styx