Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC vs. Open SMTP Relays

Posted by michael on from the because-we-care dept.

HighOrbit writes "Cnet reports on news.com.com that The U.S. Federal Trade Commission, several state Attorneys General, and Australia, Canada and Japan are sending this letter (pdf) to operators of open relay mail servers to educate them on the dangers of open relays and how they help spread spam. Although the letter does not threaten direct law enforcement action, it does let open relayers know that they have been noticed and warned. The threat of being blacklisted has not worked yet, so will this finally convince mail server admins to shut down those open relays?"

4 of 328 comments (clear)

  1. Looks like... by Smirks · · Score: 5, Informative

    ... alot of IBM AIX customers are going to get this letter:

    http://www.securityfocus.com/archive/1/321307/20 03 -05-13/2003-05-19/0

    --

    [Got Hosting?]
  2. Re:convincing? by DaveAtFraud · · Score: 4, Informative
    all this time thinking its just horrible admins who dont know how to do their job, or are to lazy to do it right
    Here is a link to mail-abuse.org with pointers for securing most major mail systems against third party relaying. I think you had it right all along: horrible admins who are too lazy or too incompetent to update their mail server configuration.
    --
    They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
    Ben
  3. Re:sendmail by Fulcrum+of+Evil · · Score: 4, Informative

    Geez, Sparky, lay off the sendmail.cf - that's for masochists. Everyone else uses m4. 6 lines of simple macros with human-readable names is easier to maintain, too.

    --
    "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
  4. Too little, too late by httptech · · Score: 5, Informative
    Most spammers no longer use open SMTP relays. They have shifted to buying several broadband connections and pumping spam through open HTTP/Socks proxies. This gives them the advantage of being able to randomize/personalize messages to get past spam filters. Also it lets them actively test for bad addresses, since they are maintaining an end-to-end SMTP connection and can read the protocol responses. In the old method of "relay rape" the bouncebacks never made it back to the spammers, so their list integrity would degrade over time.

    Here are some articles covering proxy abuse and the Sobig virus/Spam connection which detail some of the current techniques of spammers and how to fight them.