Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC vs. Open SMTP Relays

Posted by michael on from the because-we-care dept.

HighOrbit writes "Cnet reports on news.com.com that The U.S. Federal Trade Commission, several state Attorneys General, and Australia, Canada and Japan are sending this letter (pdf) to operators of open relay mail servers to educate them on the dangers of open relays and how they help spread spam. Although the letter does not threaten direct law enforcement action, it does let open relayers know that they have been noticed and warned. The threat of being blacklisted has not worked yet, so will this finally convince mail server admins to shut down those open relays?"

7 of 328 comments (clear)

  1. Looks like... by Smirks · · Score: 5, Informative

    ... alot of IBM AIX customers are going to get this letter:

    http://www.securityfocus.com/archive/1/321307/20 03 -05-13/2003-05-19/0

    --

    [Got Hosting?]
  2. Re:convincing? by DaveAtFraud · · Score: 4, Informative
    all this time thinking its just horrible admins who dont know how to do their job, or are to lazy to do it right
    Here is a link to mail-abuse.org with pointers for securing most major mail systems against third party relaying. I think you had it right all along: horrible admins who are too lazy or too incompetent to update their mail server configuration.
    --
    They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
    Ben
  3. Spammers (humans) themselves need to be stopped. by bigpat · · Score: 3, Informative

    Shutting down OpenRelays will have a negligable effect on Spam, since any Internet connected computer can send tens of thousands of spams before anyone would even notice.

    Also, there may be legitimate reasons to have OpenRelays. Much like there are legitimate reasons to have DVD copying software. Maybe only a few good reasons, but enough that they should not be banned outright.

    The only legal action that these legal folks should be taking is against those spammers using deceptive practices, which is about all of them these days. For instance the false sender information and the innability to be removed from the list. Life was okay when you could get removed from a mailing list and you really wouldn't get any more spam from them, but now they just use it as a confirmation that the email is active and to send more email.

    Open SMTP relays are not the problem any more than Open Routers are. Find the individuals that are sending these things and you will stop the problem.

  4. Re:I don't think it's a admin problem. by MindStalker · · Score: 3, Informative

    All mail servers accept mail to their own users form anyone. How else are they supposed to work??? Currently there isn't some central repository of "These are safe addresses to receieve mail from" And if there was it would make sending mail much more difficult. The whole point of SMTP is to accept mail for its local users, and to bounce mail from its local users to another SMTP. Anyways the only way around this would be to trust some signing intity to verify each mail server, which is a solution some are poposing, but currently does not exist.

  5. Re:sendmail by Fulcrum+of+Evil · · Score: 4, Informative

    Geez, Sparky, lay off the sendmail.cf - that's for masochists. Everyone else uses m4. 6 lines of simple macros with human-readable names is easier to maintain, too.

    --
    "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
  6. Too little, too late by httptech · · Score: 5, Informative
    Most spammers no longer use open SMTP relays. They have shifted to buying several broadband connections and pumping spam through open HTTP/Socks proxies. This gives them the advantage of being able to randomize/personalize messages to get past spam filters. Also it lets them actively test for bad addresses, since they are maintaining an end-to-end SMTP connection and can read the protocol responses. In the old method of "relay rape" the bouncebacks never made it back to the spammers, so their list integrity would degrade over time.

    Here are some articles covering proxy abuse and the Sobig virus/Spam connection which detail some of the current techniques of spammers and how to fight them.

  7. A multi-facited approach is needed by Anonymous Coward · · Score: 3, Informative

    I think that the open relay problem requires a multi-facited approach. IMHO, the open relays break down into several categories that require different solutions.

    1. Legitimate mail servers that are open because of old software installs that haven't been updated, perhaps because that's a low priority. Here, education is a good first step, but threatening to blacklist them and actually following through if necessary will do the trick.

    2. Legitimate mail servers that are open because they're running very old software that's difficult to patch because of its age. Here, the admin may know that there's a problem, but he or she doesn't have the time to dig around for hard-to-find fixes, and retiring the old machine might not be an immediate option. MAPS has a good idea with its list of patches for various MTAs. I tended to get more successful communications with admins when I told them that MAPS had these resources for them to use. FYI, here's the link.

    http://www.mail-abuse.org/tsi/ar-fix.html

    3. Machines that are running MTAs but aren't an organization's real mail servers. These would be around because someone did an OS install that didn't really need a mail server, but they put it in anyway, then promptly forgot about it. They may not even know what they did. In this case, blacklisting that server doesn't mean much. Whoever administers the official mail servers could care less because that isn't a machine that is their official server, so why should they care? This could be a problem in a large organization, where you may have a bunch of uninformed bozos setting these things up faster than you can blacklist them. In this case, the only way to get results is to just blacklist the organization's entire IP space. Yes, I know that this would impact the real mail servers, which may be secure, but it'd also get the admins to take note and apply a clue-stick to the ones throwing insecure machines onto the network.

    4. Servers with admins who don't speak English. Having informative material available in different languages would be a good thing. The Chinese admin you e-mail might actually care about the problem if he could understand the issue a little better. If nothing else, having the info in various languages negates the argument that these admins don't have resources to fall back on.

    5. Servers on networks where the admins just don't give a damn. We've discussed this on Slashdot before, especially regarding Korean and Chinese networks that are getting blanket-blacklisted. I hate to see siginifican't chunks of the Internet being walled off, but if that's what it takes, then so be it. These brain-dead admins will either have to eventually clean up their networks or have no one else who'll receive their mail. In either case, the problem will take care of itself.