Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Spam United States

FTC vs. Open SMTP Relays 329

HighOrbit writes "Cnet reports on news.com.com that The U.S. Federal Trade Commission, several state Attorneys General, and Australia, Canada and Japan are sending this letter (pdf) to operators of open relay mail servers to educate them on the dangers of open relays and how they help spread spam. Although the letter does not threaten direct law enforcement action, it does let open relayers know that they have been noticed and warned. The threat of being blacklisted has not worked yet, so will this finally convince mail server admins to shut down those open relays?"
This discussion has been archived. No new comments can be posted.

FTC vs. Open SMTP Relays

Comments Filter:
  • Oh hell. (Score:4, Funny)

    by grub ( 11606 ) <slashdot@grub.net> on Friday May 16, 2003 @03:18PM (#5975379) Homepage Journal

    How am I supposed to find out about herbal viagra, hot co-eds, batteryless flashlights or stainless steel if this succeeds?
    I'm going to write my Member of Parliament about this.
  • by hafree ( 307412 ) on Friday May 16, 2003 @03:19PM (#5975391) Homepage
    I remember (fondly) a few years ago when open SMTP relays were still considered a standard setup and not a major security risk. The FTC is definitely doing the right thing in alerting admins to the risks they are taking and helping them to learn how to better protect their infrastructure, as well as the burden it inevitably places on the rest of the internet community when a spammer eventually finds their open relay and shares it with others. Kudos...
    • This just means I don't have to test all my servers. Someone will let me know. Man, andministrating my home network just got easier!
    • Wha? (Score:3, Informative)

      How, exactly, is the parent off-topic. Redundant perhaps, but not off-topic.

      Anyway, I'm glad to hear this. In the last 12 months or so, my e-mail has gone from at most 4 or 5 spam messages a day to at least 25 each day, without my changing my online habits (w/ regard to who gets my e-mail address) in any significant way.
    • It's a protocol problem. SMTP is never going to be good enough. For example, I run qmail, courier, horde/imp. To keep it from being an open relay I use relay-ctrl. However in my testing (to make sure it wasn't open) I found a few very interesting things. On 99% of email servers if you know how to properly input the mail headers you can send anyone an email on that server.

      Granted this isn't an open relay but if you have a list of everyone at intel (or not just figure out their email addresses via a web sear
      • by Anonymous Coward
        What you're saying is that if you know someone's email address you can send them email.

        It's called SMTP.
      • Server "holes" of the type you describe is normal operation - It can't be shut down without neutering the ability to receive mail.

        That said - Spamming people that way takes a lot more effort. The spammmer has to open SMTP connections himself to every mail server he wants to spam people on. This takes a lot more resources than putting 1000 addresses on a BCC list and firing the message off to an open relay that does all the hard work.
        • Re:The key is... (Score:4, Interesting)

          by GreyPoopon ( 411036 ) <gpoopon@gma i l .com> on Friday May 16, 2003 @04:33PM (#5975981)
          The spammmer has to open SMTP connections himself to every mail server he wants to spam people on. This takes a lot more resources than putting 1000 addresses on a BCC list and firing the message off to an open relay that does all the hard work.

          I hate to say it, but this isn't nearly as much work as you might think. All it takes is a little special coding and some database maintenance -- something serious spammers would be more than willing to do. By maintaining a table of mail servers for each domain, a program could easily be created that scans through the list of email addresses, selects the correct mail server for its domain and then routes the email directly through that server. The most work would be maintaining the table of mail servers, but they could just target the big ones like Earthlink, AOL, MSN, Yahoo, Hotmail, etc. If this ever happens, you may see a rise in the popularity of Ma & Pa ISPs again.

          On a good note, spammers who directly route through the recipient's mail server will be much easier to track down -- unless they break into another computer system to do their dirty work.

          • Re:The key is... (Score:3, Informative)

            by Enigma2175 ( 179646 )

            All it takes is a little special coding and some database maintenance...
            By maintaining a table of mail servers for each domain


            There is already such a table. It's called DNS. (example: 'dig @localhost slashdot.org MX' returns: slashdot.org. 86400 IN MX 10 mail.egl.net.)

            The procedure that you describe is how a mail server works, other than it gets the server IP via DNS rather than a local DB lookup. There is nothing preventing the spammers from running their own servers rather th
      • All mail servers accept mail to their own users form anyone. How else are they supposed to work??? Currently there isn't some central repository of "These are safe addresses to receieve mail from" And if there was it would make sending mail much more difficult. The whole point of SMTP is to accept mail for its local users, and to bounce mail from its local users to another SMTP. Anyways the only way around this would be to trust some signing intity to verify each mail server, which is a solution some are po
        • If they would just reject any mail with forged headers I believe 75% of spam woudld stop, and the other 25% would be easy to track down.
          • Who is going to check every header in every email?

            What would be the spammers reaction? Quite easily forge 1000 headers in a single email?, using up all resources of your checker and causing a denial of service?

            The SPAM phenonanom (sp?) is somewhat of a battle at the edge of crakerdom; it's the "what can I get away with" philosphy.

            My users may have very valid emails from servers in the .kr domain, yet nearly 99% of our SPAM originates from there. I don't see that as a valid reason to block all their email
            • checking headers (Score:3, Interesting)

              by budgenator ( 254554 )
              Who is going to check every header in every email?
              obviously nobody is going to even try, but a yahoo, aol, msn, Earthlink, or hotmail are going to have hundreds of smtp machines load balanced off one IP address, set up ten out of a hundred to check headers throughly and it'll stop a lot of spam.

              I know that your thinking that this would be like the dutch-boy with his finger in the dike, here why I think it would be effective

              1. a spam campain that generate a .01% response rat is concidered wildly sucsessfu
  • Looks like... (Score:5, Informative)

    by Smirks ( 115113 ) on Friday May 16, 2003 @03:19PM (#5975393) Homepage
    ... alot of IBM AIX customers are going to get this letter:

    http://www.securityfocus.com/archive/1/321307/20 03 -05-13/2003-05-19/0
  • convincing? (Score:5, Insightful)

    by punkmac ( 89506 ) on Friday May 16, 2003 @03:21PM (#5975414) Homepage
    just out of curosity, why would any mail admin want to have an open relay? it must cost the isp time and money as well as make them look bad to the community in general. even those who do support spammers for profit, even they must have some sort of authentication?

    all this time thinking its just horrible admins who dont know how to do their job, or are to lazy to do it right
    • why would any mail admin want to have an open relay?

      Usually, they don't actually want it, they are just clueless. There's the odd individual [toad.com] who might claim to have justification for operating an open-relay, but in my experience, there is absolutely no reason for it these days

      [Disclaimer : I have the highest regard and respect for John Gilmore; I just think he's wrong about this particular issue.]

    • Re:convincing? (Score:5, Informative)

      by DaveAtFraud ( 460127 ) on Friday May 16, 2003 @03:40PM (#5975576) Homepage Journal
      all this time thinking its just horrible admins who dont know how to do their job, or are to lazy to do it right
      Here is a link [mail-abuse.org] to mail-abuse.org with pointers for securing most major mail systems against third party relaying. I think you had it right all along: horrible admins who are too lazy or too incompetent to update their mail server configuration.
      • Re:convincing? (Score:2, Insightful)

        by J053 ( 673094 )
        all this time thinking its just horrible admins who dont know how to do their job, or are to lazy to do it right

        Of course, all mail server software should ship/install with open relaying disabled by default. Every MTA I know of has some kind of configuration file or dialog, and the installer/admin should be aske explicitly if s/he wants to let anyone on the Internet send mail to anyone else on the Internet via hir server.

        This is a problem with software (from OS's to everything else) - ALL SOFTWARE SHOULD

      • Well, the common excuse is that remote workers (with their own Internet access) need to send mail, and want to just configure their mail client to connect to the company's mail server.

        Never mind that this is horribly insecure.

        Rather than deal with the crap of helping people set up their e-mail clients, or using authentication, or setting up a VPN, I decided to just set up web mail access instead.

        More secure (uses SSL). No client configuration. Since all mail folders are stored on the server, the

    • Re:convincing? (Score:3, Interesting)

      " just out of curosity, why would any mail admin want to have an open relay? it must cost the isp time and money as well as make them look bad to the community in general. even those who do support spammers for profit, even they must have some sort of authentication?"

      Maybe the documentation for their mail server is only in English and they only know some other language(s) so they can't find out about how to properly use the server. Supposedly this is part of the problem with open relays in Asia.

  • Oh joy... (Score:3, Funny)

    by Gibble ( 514795 ) on Friday May 16, 2003 @03:22PM (#5975421) Homepage
    I'm thinking most of these letters will be filed in the round bin.

    50% of the people recieving the letter will be the wrong person and not have a clue what it is.
    10% will read it and panic, but ultimately it won't get to the sysadmin and nothing will change
    20% will have some obscure reasons for using open relays
    and 20% of all statistics are made up as they are typed.
  • by PM4RK5 ( 265536 ) on Friday May 16, 2003 @03:22PM (#5975427)
    Maybe I'm the only one that had this train of thought, but I'll put it here anyways. I, personally, run a home-based server that runs many services (web, ftp, SMTP and POP3 are some of them).

    The threat of being blacklisted would make me change my ways, as I have nothing to gain and everything to lose should that happen. I would presume the same is true for most sys admins out there, who run *honest* servers.

    Now let's say that the few "Open Relay" servers that are left are threatened, but they don't take action. Pardon my conspiracy theory, but it may very well be that these "innocent" open relays are in fact sponsored by spam clearinghouses, in which case server admins have monetary incentive to NOT close their relays.

    I'd imagine the few open relays that are left are supported by spammers in some way, as they are key in spreading spam, and most people don't want spam passing through their systems anyway, so any anti-spam person would probably close their relays as soon as they are first notified.

    So to relate this to the article, I'd say that a letter from the FTC that doesn't threaten *legal* action will provide no more incentive to these system administrators to close the relays; thus the letters become little more than a waste of paper...

    Just my thoughts on the matter.
    • by jdreed1024 ( 443938 ) on Friday May 16, 2003 @03:26PM (#5975454)
      So to relate this to the article, I'd say that a letter from the FTC that doesn't threaten *legal* action will provide no more incentive to these system administrators to close the relays; thus the letters become little more than a waste of paper...

      I agree, it's a terrible waste of paper. I think instead the FTC should send out mass e-mails about this and... uh.... wait a minute...

    • by el-spectre ( 668104 ) on Friday May 16, 2003 @03:30PM (#5975491) Journal
      It seems to me that if you knowingly allow your server to be used in this way, and the various anti-spam laws go through, that you would be guilty of negligence (civil, not criminal). You could be successfully sued by the spamees (?). Most people wouldn't be subject to these charges, since negligence requires knowledge of the event (spamming) and a reasonable responsibility (and ability, I think) to prevent it. Once you are aware that your system is being used, you'd be negligent not to take reasonable efforts (authentication) to prevent it...
    • by kill-hup ( 120930 ) on Friday May 16, 2003 @03:33PM (#5975515) Homepage
      Pardon my conspiracy theory, but it may very well be that these "innocent" open relays are in fact sponsored by spam clearinghouses, in which case server admins have monetary incentive to NOT close their relays.

      Interesting thought, but I doubt anybody's going to pay to have an open relay stay open. There's just so many of them out there from which to choose! ;)

      I would imagine they all fall into one of the following groups:

      • Insecure default setups
      • Admins who don't know better (or aren't really "admins")
      • Admins that don't give a crap

      Besides, I'd hate to have a business relationship or paper trail with an open relay provider in case it ever becomes possible to sue over an open relay. I'm no lawyer but I'd think you'd be an accessory by paying them to provide a questionable service.

      • Dont forget forth.

        Egos to big.
        This is often the worse one to fix. Because they will not beleave any independent party telling them that their security is flawed or just Crap. Then they will get openly hostile to that party because they are a threat of thier "I am Administrator so I am God" persona.

        Compared to the correct action of receaving news about your system of saying "Thank You" and if you know how to fix it then they fix it, if you didnt know how to fix it, then you ask for help. These people w

    • So to relate this to the article, I'd say that a letter from the FTC that doesn't threaten *legal* action will provide no more incentive to these system administrators to close the relays; thus the letters become little more than a waste of paper...

      Sometimes, the fact that the gov't says "don't do that" vs Roman Kazan of escape.com (he sux0rs) holds more weight. It's the same respect you show a cop than say, some random stranger. The source of a request always affects how you answer.

      Guys, how many time

      • > It's the same respect you show a cop

        "Are you ORDERING me to close my relay?"

        "No, I am simply making a suggestion that you do so."

        "But you are not ordering me to do it, is that correct?"

        "That is correct."

        "Good day officer, and thank you for your suggestions."

    • So to relate this to the article, I'd say that a letter from the FTC that doesn't threaten *legal* action will provide no more incentive to these system administrators to close the relays; thus the letters become little more than a waste of paper...

      My question is... how many people are simply ignorant of the nature of an open relay, or don't know they are running one. Personally, I see no reason at all that I would want to have a relay open to spammers who could steal my bandwidth/CPU/etc to send crapma
    • Pardon my conspiracy theory, but it may very well be that these "innocent" open relays are in fact sponsored by spam clearinghouses, in which case server admins have monetary incentive to NOT close their relays.

      Hanlon's Razor: "Never attribute to malice that which can be adequately explained by stupidity."
    • Well, when it comes right down to it, the govt doesn't need to actually threaten legal action, that's just the way things work. Any admin with any sense is going to say hmmmm, the FTC has me on a list and is somewhat unhappy with me, while what I am doing may not technically be illegal now, it's quite possible that they're looking into a way to make it so(technically I think the FTC could probably nail them on something anyway). This brings up the question, "do I want to be on the govts sh*t list when it do
      • I mean how is "Joe", some guy somewhere else than in the US, will care about what the FTC will do ? The FTC have no legal power on server outside the US, as long as the server are in compliance with local law. For those server the only way to go is black listing, and it doesn't seem to be that great a threat...
  • I think its GREAT (Score:5, Insightful)

    by crotherm ( 160925 ) on Friday May 16, 2003 @03:25PM (#5975444) Journal
    I think this letter is a good way to let ISPs know that big-bro is watching. The letter did not threaten, it only offered advice. But the casual use of "law enforcement" does give the letter just enough bite to be worry some.

    Good job (i don't say that too often about my gov... :)

    • What if for some reason a similar letter was sent to you about an unrelated issue? Perhaps offering advice on how to stop looking at pr0n, since that could lead to kiddie porn. You, as would many others here, would be up in arms about how the government is bullying you and not physically, but mentally forcing you to do what they want!

      I think many times here on /. we have a double-standard for when things happen to us vs. when it happens to others.

      Just my two cents...

  • by Vainglorious Coward ( 267452 ) on Friday May 16, 2003 @03:25PM (#5975446) Journal
    The threat of being blacklisted has not worked yet

    Maybe if the threat hasn't worked then they should actually be blacklisted?

    • They are blacklisted as they are found. Personally, I suspect these blacklists are more useful to the spammers than the admins, since it provides an easy way to get info on what servers are vulnrable, but hey, thats just me.

      Personally, I think the huge quantities of bounced mail, high load, etc. a much better encouragement to fix the problem than the remote possibility that something would bounce.

  • I'm really glad to see the Texas seal on this document. It's really disturbed me to see Texas just standing by and ignoring the spam problem. I personally think any spammers caught in-state should be roped and dragged to the middle town to let the people decide what to do with them. We're already proud to be #1 in executions, cowboy justice would just up our position.
  • I am heartened to see that people in government are taking spam seriously as the destructive thing it is (for me, it has made email substantially less useful than it once was). That said, this measure does not seem like it's going to make a big difference by itself. There are just too many open relays, and too many users who don't have the knowledge, time or ability to properly fix things.

    It seems things have degenerated to the point that a more drastic solution will be required (such as the email tax we
  • by TVmisGuided ( 151197 ) <alan@jump.gmail@com> on Friday May 16, 2003 @03:27PM (#5975460) Homepage

    Rumor has it that there's a whole bunch of open relays out there which are owned by the spamhausen. (I'd love to see some evidence to the contrary, but that's asking proof of a negative, so I won't hold my breath.) If we accept that rumor as fact for the sake of argument, all the FTC letter is going to do is tell said spamhausen that their crap is getting to the target audiences, and they'll happily redouble their efforts.

    It's been said before, but it's worth repeating. The best way to eliminate spam is not to go after the machines (and coincidentally the people in charge of the care and feeding of them). Go after the people and companies hiring the spamhausen...the ones pushing their "herbal Viagara" (sic), pr0n, better mortgage rates, and so forth down the wire and into our overloaded mail accounts. Take away the revenue stream, and all those open relays will go idle until someone puts them to better use (for example, Quake 3 servers).

    Just my two cents' worth...save up the change for a root beer or something.

    • Rumor has it that there's a whole bunch of open relays out there which are owned by the spamhausen.


      Why keep them open? Why would a spamhouse want to share its resources? I'm sure they just distribute their load so isp's don't complain about bandwidth, switch around often, find spam-friendly isp's, etc..

    • Go after the people and companies hiring the spamhausen.

      Ha ha, it is to laugh. Is there any form of advertising that is illegal? These days, businesses are allowed to do pretty much whatever they want in pursuit of a profit. As long as it's not an outright scam, it's okay. Taking advantage of suckers and advertising to get them is what made America great. P.T. Barnum isn't reviled by history.
    • I agree with sporty - there's no need to have open relays that other spammers, that aren't you, can get to. If I were spamming in this scenario I would just keep my own servers. The drawback to that is that these known servers could be blacklisted rather quickly.

      The problem is: the revenue stream isn't going to go away because people do click through on spam and spend money at the advertised site(s). I've had the unfortunate opportunity to have my e-mail address placed in the reply-to line and, I'll te

  • by dillon_rinker ( 17944 ) on Friday May 16, 2003 @03:27PM (#5975464) Homepage
    Signed by (among others) the attorneys general of Texas, Louisiana, Oklahoma, Arkansas, and New Mexico. Where are the states that are sterotypically tech-savvy? Where's Washington? Where's California? Why are southern states taking the lead on this? I'd think it was just a regional US thing if it weren't for the international signatures on there. Is it easier to get international agreement than interstate agreement? Seriously, what gives here?
  • The threat of being blacklisted has not worked yet, so will this finally convince mail server admins to shut down those open relays?"

    I seriously doubt it. The one time that I informed a sysadmin that he had an open relay I got back a long e-mail on how "this is the way the internet works", that may have been true in times past but it certainly was no longer true in 1996, and it even seemed a bit snotty.

    Now these guys are going to get a letter from the 'lowley' government? LOL, unless it comes from Bill Gates, in most cases, or Linus in others, they will blow it off or try to have a stupid flamewar.
    • I find I have better luck quoting the spam and asking them if that's really what they want their buisness associated with thier buisness and asking them to please close the open relay.

      Works better than pretty much every other method I've tried.

  • The open relays that are most commonly abused are overseas. Hong Kong, South Korea, China, India.

    What's the FTC going to do to them, lock them up in Guantamino bay??
  • Could it? Would it? (Score:4, Interesting)

    by ackthpt ( 218170 ) * on Friday May 16, 2003 @03:30PM (#5975483) Homepage Journal
    The threat of being blacklisted has not worked yet, so will this finally convince mail server admins to shut down those open relays?"

    Imagine my utter surprise when I returned from running to the PO and Baja Fresh, during lunch, hit [Get Msgs] and Nothing was there to download!!!

    I've been getting from 120-180 Ralsky-grams a day and nothing in the space of 45 minutes is downright unbelievable. I zipped over to the news to see if his house had been raided or he'd been kill by an irate sysadmin. Nothing on the news about it, maybe something is happening? If so, he and his animal food trough wiper friends will probably take a little while to shift over to some other sites and get caught up.

  • I'd be fired (Score:5, Insightful)

    by esconsult1 ( 203878 ) * on Friday May 16, 2003 @03:31PM (#5975495) Homepage Journal
    If I got one of these, then my employers would surely terminate my spam allowing behind.

    Right now, 70% of all the mail that arrives at our domains is spam. Perhaps half of that gets filtered, but that still leaves an uncomfortably large amount.

    RedHat did a good thing by disabling sendmail receive/sending on default installs of 8.0 and forward. Now if they would only turn off portmapper and a few other things...

  • I support the intent of this letter, but do we really want the government to start going after third party mail server operators? It seems like a real slippery slope of government regulation and intervention. Better get that sendmail.cf file perfect the first time or Big Brother will come knocking to straighten you out!

    I would prefer if the FTC spent their time going after the spammers, which are the real problem.

  • Why Warn? (Score:3, Insightful)

    by repetty ( 260322 ) on Friday May 16, 2003 @03:37PM (#5975553) Homepage
    Why warn? What kind of people are being warned? People who are either incompetent or ignorant? Is that who we are willing to allow administrate part of the Internet?

    Not me. Close 'em down. Period. Now.

    --Richard
  • We did this (Score:5, Interesting)

    by DNS-and-BIND ( 461968 ) on Friday May 16, 2003 @03:37PM (#5975558) Homepage
    I worked at a company that ran open relays. I couldn't get them to shut them down, either. It was because we used a web-based email service, and they wanted people to be able to send mail with Outlook using our mail servers. The system was originally implemented on a unix platform by programmers who had mostly worked with windows in their careers. They were pretty clueless about everything...for example, our SQLnet port was wide-open to the world before I got it firewalled off, and the username was the domain name and the password was the company name spelled backwards. I told them about reply-to and other such measures, but was told that was unacceptable, we needed to keep the relays open. One manager was even demoted and eventually let go because he took it on his own authority to close down the relays one weekend because we were being used to spread the Nigerian bank account spam.

    The real problem? Wierd foreign programmers who don't understand How Things Work and moreover don't care, and executives that just want a working system and to hell with being a good netizen.

    • The real problem? Wierd foreign programmers who don't understand How Things Work and moreover don't care,(...)

      You do realize that in the large perspective - in which the Internet should be seen - it is you that are foreign, don't you ?

      If you are so clever and understand How Things Work, why didn't you just shut the relays down and implement a solution that worked ?
    • Re:We did this (Score:2, Insightful)

      by Anonymous Coward

      The real problem? Wierd foreign programmers who don't understand How Things Work

      Yeah, sum of them ferners donnt evn now ho to spell "weird."

      It's not where they're from, it's how (poorly) they're trained. And take my word for it, there are good flag-waving 'Merikuns who are just as poorly trained.

    • some have mentioned pop before smtp

      Even better, try smtp-auth. There is ZERO reason to run an open relay. People doing so should be shot, blacklisted, and rooted.
    • Re:We did this (Score:3, Insightful)

      by myov ( 177946 )
      Two words: SMTP Authentication. Is this really such a hard concept?

      I work from home and use my corporate SMTP server all the time, without them needing to run it as an open relay. Even my ISP (the cable company) has enabled SMTP Auth.
  • sendmail (Score:4, Funny)

    by sdjunky ( 586961 ) on Friday May 16, 2003 @03:41PM (#5975593)
    "so will this finally convince mail server admins to shut down those open relays"

    I've been convinced for a while... I just haven't figured out the sendmail config syntax yet

    R$* . $| $* $: $1 $| $2
    R$*.dialup.$* $| DIALUP $@ DIALUP
    Rdialup.$* $| DIALUP $@ DIALUP
    R$* $| $* $: $(Spam $1 $:NOMATCH $| $1 $) $| $2
    RNOMATCH $| $+ . $* $| $* $: $>lookat_domain $2 $| $3
    R$* $| $* $@ $>comp_value $1 $| $2

    "R$". What The ????
  • I get spam from a lot of places. I read several I18N/L10N mailing lists as well. I can't even read many of the languages I get spammed in. (For the record, I like the Korean spam the best. So far, it appears to have been for kitchen products. It is nicely formatted. I presume it would be readable if I read Korean.) But my point is, spam is coming from places outside their jurisdiction.
  • Now if they could just get this in Chinese, Korean, and Russian, maybe we'd have something here.
  • by bigpat ( 158134 ) on Friday May 16, 2003 @03:47PM (#5975641)
    Shutting down OpenRelays will have a negligable effect on Spam, since any Internet connected computer can send tens of thousands of spams before anyone would even notice.

    Also, there may be legitimate reasons to have OpenRelays. Much like there are legitimate reasons to have DVD copying software. Maybe only a few good reasons, but enough that they should not be banned outright.

    The only legal action that these legal folks should be taking is against those spammers using deceptive practices, which is about all of them these days. For instance the false sender information and the innability to be removed from the list. Life was okay when you could get removed from a mailing list and you really wouldn't get any more spam from them, but now they just use it as a confirmation that the email is active and to send more email.

    Open SMTP relays are not the problem any more than Open Routers are. Find the individuals that are sending these things and you will stop the problem.

    • Taking one step forward will have a negligable effect on my hike, therefore I will not take that step to begin my hike.

      Right. Every little bit counts. Take a look at your mail server logs sometime, there ARE relay raping bots out there, and they DO find open relays, and they DO find spam.

      Closing the open relays will help some. RBL the ones that do not get closed, that will help some too. Go after the guys paying the spammers, that will help some. Track down, arrest, and jail guys that release SMT
  • This is actually a good idea ... although occuring at government expense, its certainly better than "the threat of blacklisting". Honestly, most people that unknowingly leave open SMTP relays are ignorant to blacklists anyway, thus "blacklisting" isn't much of a threat.

  • anti-spam server (Score:2, Informative)

    by joeldg ( 518249 )
    For those of you interested I posted more code for the honeymail project.
    honeymail [intercosmos.net]
    Which is an anti-spam opensource forked SMTP server.
  • by Anonymous Coward
    The FTC is taking a good first step with the letter. Unfortunately, the letter may never reach its inteded recipient. Clearly, we need to a targeted marketing strategy that would be effective. And what better targeted marketing strategy is there than email, lots and lots of it.

    The FTC should send their PDF letter to postmaster@<open-relay-host>. However, it may get lost with all the spam flowing through there, so the FTC should send many copies over and over and over and over again to that host. Now

  • by Jade E. 2 ( 313290 ) <[slashdot] [at] [perlstorm.net]> on Friday May 16, 2003 @03:52PM (#5975674) Homepage
    It would have taken me *weeks* of flying around the world to get fake signatures from all those people, but the PDF makes it easy!

    Watch, for their next letter, they're going to warn about the dangers of using Microsoft products!

  • We are joined in this effort by our domestic partners, the Attorneys General of Arkansas, ..., ...and the Richardson, Texas Police Department.



    I guess that every 91,050 [telecomcorridor.com] helps!

    I wonder if Richardson has a "Minister of Spam"?

  • Did anyone else laugh when they saw Lic. Alberto Undurraga's signature? (bottom right corner of PDF). It looks like something a three year old drew!
  • by JohnnyBigodes ( 609498 ) <morphine@digita l m e nte.net> on Friday May 16, 2003 @04:22PM (#5975889)
    The threat of being blacklisted has not worked yet, so will this finally convince mail server admins to shut down those open relays?

    Well for Fred's sake, if the threat of being blacklisted hasn't worked, then how the hell "attempting to educate them" will?
  • Then it would cut down on the unintentional blocking of innocent emails. It is a sad fact that when an open relay gets blacklisted, innoncent users of said relay are suddenly unable to send email. I understand why people use blacklists, and in some ways I agree with it. If your ISP got blacklisted because of an open relay, would you call and complain/take your business elsewhere? Blacklists hurt the companies where it hurts, the bottom line. By sending out those letters, I think that it would bring adm
  • Too little, too late (Score:5, Informative)

    by httptech ( 5553 ) on Friday May 16, 2003 @04:31PM (#5975961) Homepage
    Most spammers no longer use open SMTP relays. They have shifted to buying several broadband connections and pumping spam through open HTTP/Socks proxies. This gives them the advantage of being able to randomize/personalize messages to get past spam filters. Also it lets them actively test for bad addresses, since they are maintaining an end-to-end SMTP connection and can read the protocol responses. In the old method of "relay rape" the bouncebacks never made it back to the spammers, so their list integrity would degrade over time.

    Here are some articles covering proxy abuse [lurhq.com] and the Sobig virus/Spam connection [lurhq.com] which detail some of the current techniques of spammers and how to fight them.

  • by Anonymous Coward on Friday May 16, 2003 @05:55PM (#5976676)
    I think that the open relay problem requires a multi-facited approach. IMHO, the open relays break down into several categories that require different solutions.

    1. Legitimate mail servers that are open because of old software installs that haven't been updated, perhaps because that's a low priority. Here, education is a good first step, but threatening to blacklist them and actually following through if necessary will do the trick.

    2. Legitimate mail servers that are open because they're running very old software that's difficult to patch because of its age. Here, the admin may know that there's a problem, but he or she doesn't have the time to dig around for hard-to-find fixes, and retiring the old machine might not be an immediate option. MAPS has a good idea with its list of patches for various MTAs. I tended to get more successful communications with admins when I told them that MAPS had these resources for them to use. FYI, here's the link.

    http://www.mail-abuse.org/tsi/ar-fix.html

    3. Machines that are running MTAs but aren't an organization's real mail servers. These would be around because someone did an OS install that didn't really need a mail server, but they put it in anyway, then promptly forgot about it. They may not even know what they did. In this case, blacklisting that server doesn't mean much. Whoever administers the official mail servers could care less because that isn't a machine that is their official server, so why should they care? This could be a problem in a large organization, where you may have a bunch of uninformed bozos setting these things up faster than you can blacklist them. In this case, the only way to get results is to just blacklist the organization's entire IP space. Yes, I know that this would impact the real mail servers, which may be secure, but it'd also get the admins to take note and apply a clue-stick to the ones throwing insecure machines onto the network.

    4. Servers with admins who don't speak English. Having informative material available in different languages would be a good thing. The Chinese admin you e-mail might actually care about the problem if he could understand the issue a little better. If nothing else, having the info in various languages negates the argument that these admins don't have resources to fall back on.

    5. Servers on networks where the admins just don't give a damn. We've discussed this on Slashdot before, especially regarding Korean and Chinese networks that are getting blanket-blacklisted. I hate to see siginifican't chunks of the Internet being walled off, but if that's what it takes, then so be it. These brain-dead admins will either have to eventually clean up their networks or have no one else who'll receive their mail. In either case, the problem will take care of itself.

"Why should we subsidize intellectual curiosity?" -Ronald Reagan

Working...