FTC vs. Open SMTP Relays

HighOrbit writes "Cnet reports on news.com.com that The U.S. Federal Trade Commission, several state Attorneys General, and Australia, Canada and Japan are sending this letter (pdf) to operators of open relay mail servers to educate them on the dangers of open relays and how they help spread spam. Although the letter does not threaten direct law enforcement action, it does let open relayers know that they have been noticed and warned. The threat of being blacklisted has not worked yet, so will this finally convince mail server admins to shut down those open relays?"

Some simple logic in order?

[PM4RK5]

Maybe I'm the only one that had this train of thought, but I'll put it here anyways. I, personally, run a home-based server that runs many services (web, ftp, SMTP and POP3 are some of them).

The threat of being blacklisted would make me change my ways, as I have nothing to gain and everything to lose should that happen. I would presume the same is true for most sys admins out there, who run *honest* servers.

Now let's say that the few "Open Relay" servers that are left are threatened, but they don't take action. Pardon my conspiracy theory, but it may very well be that these "innocent" open relays are in fact sponsored by spam clearinghouses, in which case server admins have monetary incentive to NOT close their relays.

I'd imagine the few open relays that are left are supported by spammers in some way, as they are key in spreading spam, and most people don't want spam passing through their systems anyway, so any anti-spam person would probably close their relays as soon as they are first notified.

So to relate this to the article, I'd say that a letter from the FTC that doesn't threaten *legal* action will provide no more incentive to these system administrators to close the relays; thus the letters become little more than a waste of paper...

Just my thoughts on the matter.

Re:Some simple logic in order?

[kill-hup]

Pardon my conspiracy theory, but it may very well be that these "innocent" open relays are in fact sponsored by spam clearinghouses, in which case server admins have monetary incentive to NOT close their relays.

Interesting thought, but I doubt anybody's going to pay to have an open relay stay open. There's just so many of them out there from which to choose! ;)

I would imagine they all fall into one of the following groups:

• Insecure default setups
• Admins who don't know better (or aren't really "admins")
• Admins that don't give a crap

Besides, I'd hate to have a business relationship or paper trail with an open relay provider in case it ever becomes possible to sue over an open relay. I'm no lawyer but I'd think you'd be an accessory by paying them to provide a questionable service.

Not in the lifetime of TCP/IP

[TVmisGuided]

Rumor has it that there's a whole bunch of open relays out there which are owned by the spamhausen. (I'd love to see some evidence to the contrary, but that's asking proof of a negative, so I won't hold my breath.) If we accept that rumor as fact for the sake of argument, all the FTC letter is going to do is tell said spamhausen that their crap is getting to the target audiences, and they'll happily redouble their efforts.

It's been said before, but it's worth repeating. The best way to eliminate spam is not to go after the machines (and coincidentally the people in charge of the care and feeding of them). Go after the people and companies hiring the spamhausen...the ones pushing their "herbal Viagara" (sic), pr0n, better mortgage rates, and so forth down the wire and into our overloaded mail accounts. Take away the revenue stream, and all those open relays will go idle until someone puts them to better use (for example, Quake 3 servers).

Just my two cents' worth...save up the change for a root beer or something.

Southern states taking the lead?

[dillon_rinker]

Signed by (among others) the attorneys general of Texas, Louisiana, Oklahoma, Arkansas, and New Mexico. Where are the states that are sterotypically tech-savvy? Where's Washington? Where's California? Why are southern states taking the lead on this? I'd think it was just a regional US thing if it weren't for the international signatures on there. Is it easier to get international agreement than interstate agreement? Seriously, what gives here?

Could it? Would it?

[ackthpt]

The threat of being blacklisted has not worked yet, so will this finally convince mail server admins to shut down those open relays?"

Imagine my utter surprise when I returned from running to the PO and Baja Fresh, during lunch, hit [Get Msgs] and Nothing was there to download!!!

I've been getting from 120-180 Ralsky-grams a day and nothing in the space of 45 minutes is downright unbelievable. I zipped over to the news to see if his house had been raided or he'd been kill by an irate sysadmin. Nothing on the news about it, maybe something is happening? If so, he and his animal food trough wiper friends will probably take a little while to shift over to some other sites and get caught up.

We did this

[DNS-and-BIND]

I worked at a company that ran open relays. I couldn't get them to shut them down, either. It was because we used a web-based email service, and they wanted people to be able to send mail with Outlook using our mail servers. The system was originally implemented on a unix platform by programmers who had mostly worked with windows in their careers. They were pretty clueless about everything...for example, our SQLnet port was wide-open to the world before I got it firewalled off, and the username was the domain name and the password was the company name spelled backwards. I told them about reply-to and other such measures, but was told that was unacceptable, we needed to keep the relays open. One manager was even demoted and eventually let go because he took it on his own authority to close down the relays one weekend because we were being used to spread the Nigerian bank account spam.

The real problem? Wierd foreign programmers who don't understand How Things Work and moreover don't care, and executives that just want a working system and to hell with being a good netizen.

err yes that is true

[Archfeld]

"Come on, you don't mean that. If somebody sneaks into your house while you're not looking, "borrows" your gun, goes out an kills somebody, you're responsible? You could be accused of negligence but you're not really responsible for the killing"

Here in Calif. unless you lock it up, with an approved security device or trigger guard YES you are and can be held responsible for gross negligence and possible homicide...no one has taken the homicide charge yet buty there have been cases of negligence enforced I believe...

I agree with you on the Key issue regarding email though...