Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC vs. Open SMTP Relays

Posted by michael on from the because-we-care dept.

HighOrbit writes "Cnet reports on news.com.com that The U.S. Federal Trade Commission, several state Attorneys General, and Australia, Canada and Japan are sending this letter (pdf) to operators of open relay mail servers to educate them on the dangers of open relays and how they help spread spam. Although the letter does not threaten direct law enforcement action, it does let open relayers know that they have been noticed and warned. The threat of being blacklisted has not worked yet, so will this finally convince mail server admins to shut down those open relays?"

17 of 328 comments (clear)

  1. Looks like... by Smirks · · Score: 5, Informative

    ... alot of IBM AIX customers are going to get this letter:

    http://www.securityfocus.com/archive/1/321307/20 03 -05-13/2003-05-19/0

    --

    [Got Hosting?]
    1. Re:Looks like... by larien · · Score: 1, Informative
      Er, AIX is probably one of the top 4 versions of Unix being run today; the others being SCO, Solaris and Linux (if you include it as a "Unix").

      IBM Unix servers are probably leading the performance race at the moment, although Sun are due to release UltraSPARC IV this year which might see them leapfrog IBM again.

  2. Text of the letter by Anonymous Coward · · Score: 1, Informative

    AC coz i'm not Karma Whoring

    Various public databases suggest that the following IP address, [insert number], may be an
    open relay mail server. If that is the case, this letter contains important information for you that
    may affect your organization's email server and online presence.

    Open relays are computers (e-mail servers) that allow any other computer in the world to
    "bounce" or route e-mail through them to other Internet mail addresses. Open relays often are
    exploited by people who flood the Internet with unsolicited commercial email, or spam. This
    creates problems for consumers worldwide, for law enforcement and for your organization. For
    example, it may appear to recipients of the spam that the spam is coming from your system;
    your mail server and Internet service resources may be utilized by unknown third parties; your
    network connections may become clogged with traffic; your administrative costs may increase;
    or your Internet Service Provider may shut down your Internet service. Fixing your open relay
    mail server will help you protect your system from being misused.

    The Federal Trade Commission is the U.S. government agency charged with protecting
    consumers against unfair, deceptive or fraudulent practices. The Commission, along with its
    partners, is sending you this advisory explaining the problems associated with open relay mail
    servers and how you can prevent these problems from affecting you or your organization. We
    are joined in this effort by our domestic partners, the Attorneys General of Arkansas, Louisiana,
    New Mexico, Oklahoma and Texas; the Office of the U.S. Attorney for the District of New
    Mexico; the U.S. Postal Inspection Service; the Securities and Exchange Commission's Ft.
    Worth Office; and the Richardson, Texas Police Department.

    From the international
    community, we are joined by the Australian Competition and Consumer Commission; Industry
    Canada; Servicio Nacional del Consumidor (SERNAC); and the Japanese Delegation to OECD
    Committee on Consumer Policy.
    For more information about open relays please review our Business Alert located at
    http://www.ftc.gov/openrelay. If your server is an open relay, and you are interested in closing
    it, please follow the step-by-step instructions on remedying the problem.

  3. Most Open Relays are Overseas by buck09 · · Score: 2, Informative

    The open relays that are most commonly abused are overseas. Hong Kong, South Korea, China, India.

    What's the FTC going to do to them, lock them up in Guantamino bay??

    --


    Press any key to continue, any other key to quit.
  4. Re:convincing? by Vainglorious+Coward · · Score: 2, Informative
    why would any mail admin want to have an open relay?

    Usually, they don't actually want it, they are just clueless. There's the odd individual who might claim to have justification for operating an open-relay, but in my experience, there is absolutely no reason for it these days

    [Disclaimer : I have the highest regard and respect for John Gilmore; I just think he's wrong about this particular issue.]

    --
    My next sig will be ready soon, but subscribers can beat the rush
  5. Wha? by no+reason+to+be+here · · Score: 2, Informative

    How, exactly, is the parent off-topic. Redundant perhaps, but not off-topic.

    Anyway, I'm glad to hear this. In the last 12 months or so, my e-mail has gone from at most 4 or 5 spam messages a day to at least 25 each day, without my changing my online habits (w/ regard to who gets my e-mail address) in any significant way.

    --
    my pet machine
  6. Anonymity by Hatta · · Score: 1, Informative
    Am I the only person who believes the importance of anynomous communication far outweighs the moderate inconvenience of spam? Dissent is not always safe. For a society to be truely free those with unpopular opinions must be able to express them safely. Harassment comes from all quarters, the government, your employer, your neighbors. One of the best ways to avoid this is to remain anonymous.


    Of course you know the Federalist Papers were published anonymously. Anonymity is no less important today than then. It has become increasingly important over the past couple years with increased governmental survellience, control of the media, and intolerance of dissenting opinion. The FBI can even view our library record without a warrent! If you ask me, spam is the least of our problems.

    --
    Give me Classic Slashdot or give me death!
  7. Re:convincing? by DaveAtFraud · · Score: 4, Informative
    all this time thinking its just horrible admins who dont know how to do their job, or are to lazy to do it right
    Here is a link to mail-abuse.org with pointers for securing most major mail systems against third party relaying. I think you had it right all along: horrible admins who are too lazy or too incompetent to update their mail server configuration.
    --
    They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
    Ben
  8. Spammers (humans) themselves need to be stopped. by bigpat · · Score: 3, Informative

    Shutting down OpenRelays will have a negligable effect on Spam, since any Internet connected computer can send tens of thousands of spams before anyone would even notice.

    Also, there may be legitimate reasons to have OpenRelays. Much like there are legitimate reasons to have DVD copying software. Maybe only a few good reasons, but enough that they should not be banned outright.

    The only legal action that these legal folks should be taking is against those spammers using deceptive practices, which is about all of them these days. For instance the false sender information and the innability to be removed from the list. Life was okay when you could get removed from a mailing list and you really wouldn't get any more spam from them, but now they just use it as a confirmation that the email is active and to send more email.

    Open SMTP relays are not the problem any more than Open Routers are. Find the individuals that are sending these things and you will stop the problem.

  9. anti-spam server by joeldg · · Score: 2, Informative

    For those of you interested I posted more code for the honeymail project.
    honeymail
    Which is an anti-spam opensource forked SMTP server.

    --
    anime+manga together at last.. in real time.
  10. Re:I don't think it's a admin problem. by MindStalker · · Score: 3, Informative

    All mail servers accept mail to their own users form anyone. How else are they supposed to work??? Currently there isn't some central repository of "These are safe addresses to receieve mail from" And if there was it would make sending mail much more difficult. The whole point of SMTP is to accept mail for its local users, and to bounce mail from its local users to another SMTP. Anyways the only way around this would be to trust some signing intity to verify each mail server, which is a solution some are poposing, but currently does not exist.

  11. Re:sendmail by Fulcrum+of+Evil · · Score: 4, Informative

    Geez, Sparky, lay off the sendmail.cf - that's for masochists. Everyone else uses m4. 6 lines of simple macros with human-readable names is easier to maintain, too.

    --
    "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
  12. Re:I don't think it's a admin problem. by Anonymous Coward · · Score: 1, Informative

    Isn't qmail that server that accepts (at the rcpt phase) mail for users that doesnt even exist? Someone please shed light on this ..

  13. Too little, too late by httptech · · Score: 5, Informative
    Most spammers no longer use open SMTP relays. They have shifted to buying several broadband connections and pumping spam through open HTTP/Socks proxies. This gives them the advantage of being able to randomize/personalize messages to get past spam filters. Also it lets them actively test for bad addresses, since they are maintaining an end-to-end SMTP connection and can read the protocol responses. In the old method of "relay rape" the bouncebacks never made it back to the spammers, so their list integrity would degrade over time.

    Here are some articles covering proxy abuse and the Sobig virus/Spam connection which detail some of the current techniques of spammers and how to fight them.

  14. Re:You're taking a very simplistic view of the wor by Anonymous Coward · · Score: 1, Informative

    I don't think the Federal Trade Commission has anything to do with High Definition television. You are probably thinking of the Federal Communications Commission (FCC), a den of corruption.

  15. A multi-facited approach is needed by Anonymous Coward · · Score: 3, Informative

    I think that the open relay problem requires a multi-facited approach. IMHO, the open relays break down into several categories that require different solutions.

    1. Legitimate mail servers that are open because of old software installs that haven't been updated, perhaps because that's a low priority. Here, education is a good first step, but threatening to blacklist them and actually following through if necessary will do the trick.

    2. Legitimate mail servers that are open because they're running very old software that's difficult to patch because of its age. Here, the admin may know that there's a problem, but he or she doesn't have the time to dig around for hard-to-find fixes, and retiring the old machine might not be an immediate option. MAPS has a good idea with its list of patches for various MTAs. I tended to get more successful communications with admins when I told them that MAPS had these resources for them to use. FYI, here's the link.

    http://www.mail-abuse.org/tsi/ar-fix.html

    3. Machines that are running MTAs but aren't an organization's real mail servers. These would be around because someone did an OS install that didn't really need a mail server, but they put it in anyway, then promptly forgot about it. They may not even know what they did. In this case, blacklisting that server doesn't mean much. Whoever administers the official mail servers could care less because that isn't a machine that is their official server, so why should they care? This could be a problem in a large organization, where you may have a bunch of uninformed bozos setting these things up faster than you can blacklist them. In this case, the only way to get results is to just blacklist the organization's entire IP space. Yes, I know that this would impact the real mail servers, which may be secure, but it'd also get the admins to take note and apply a clue-stick to the ones throwing insecure machines onto the network.

    4. Servers with admins who don't speak English. Having informative material available in different languages would be a good thing. The Chinese admin you e-mail might actually care about the problem if he could understand the issue a little better. If nothing else, having the info in various languages negates the argument that these admins don't have resources to fall back on.

    5. Servers on networks where the admins just don't give a damn. We've discussed this on Slashdot before, especially regarding Korean and Chinese networks that are getting blanket-blacklisted. I hate to see siginifican't chunks of the Internet being walled off, but if that's what it takes, then so be it. These brain-dead admins will either have to eventually clean up their networks or have no one else who'll receive their mail. In either case, the problem will take care of itself.

  16. Re:The key is... by Enigma2175 · · Score: 2, Informative


    All it takes is a little special coding and some database maintenance...
    By maintaining a table of mail servers for each domain

    There is already such a table. It's called DNS. (example: 'dig @localhost slashdot.org MX' returns: slashdot.org. 86400 IN MX 10 mail.egl.net.)

    The procedure that you describe is how a mail server works, other than it gets the server IP via DNS rather than a local DB lookup. There is nothing preventing the spammers from running their own servers rather than using relays, other than the expense and overhead. It doesn't take any "special coding" or "database maintenence" all it takes is a few clicks of a mouse (or a 'make setup check' if they're using Qmail).

    --

    Enigma