Open mail relay

From Seo Wiki - Search Engine Optimization and Programming Languages

Jump to: navigation, search
File:Email.svg
Mail relay diagram

An open mail relay is an SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users.[1][2][3] This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular due to their exploitation by spammers and worms. Many relays were closed, or were placed on blacklist by other servers.

Contents

History and technology

Until the 1990s being an open relay was a common configuration for a mail server and was often the default on UNIX systems at installation.[1] This was due, in part, to the traditional store-and-forward method of getting e-mail to its destination. E-mail was passed from computer to computer (through and beyond the Internet) via modems on telephone lines. For many early networks, such as UUCPNET, FidoNet and BITNET, lists of machines that were open relays were a core part of those networks.[2] Filtering and speed of e-mail delivery were not priorities at that time and in any case the government and educational servers with which the Internet was started were covered by a federal edict forbidding the transfer of commercial messages.[4][5]

Abuse by spammers

In the mid-1990s, with the rise of spamming, spammers resorted to re-routing their e-mail through third party e-mail servers to avoid detection[6] and to exploit the additional resources of these open relay servers. Spammers would send one e-mail to the open relay and (effectively) include a large blind carbon copy list, then the open relay would relay that spam to the entire list.[7] While this greatly reduced the bandwidth requirements for spammers at a time when Internet connections were limited, it forced each spam to be an exact copy and thus easier to detect. After abuse by spammers became widespread, operating an open relay came to be frowned upon among the majority of Internet server administrators and other prominent users,[6]. Open relays are recommended against in RFC 2505 and RFC 5321 (which defines SMTP). The exact copy nature of spam using open relays made it easy to create bulk e-mail detection systems such as Vipul's Razor and the Distributed Checksum Clearinghouse. To counter this, spammers were forced to switch to using hash busters to make them less effective and the advantage of using open relays was removed since every copy of spam was "unique" and had to be sent individually.

Since open mail relays make no effort to verify that the owner of an address is the actual sender of an e-mail, open mail relays are vulnerable to address spoofing.[2]

Anti-spam efforts

Many Internet service providers use DNSBLs (DNS-based Blocking Lists) to disallow mail from open relays. Once a mail server is detected or reported that allows third parties to send mail through them, they will be added to one or more such lists, and other e-mail servers using those lists will reject any mail coming from those sites.

This trend reduced the percentage of mail senders that were open relays from over 90% down to well under 1% over several years.[8] This led to spammers adopting other techniques, such as the use of botnets of zombie computers to send spam.

One consequence of the new unacceptability of open relays was an inconvenience for some end users and certain internet service providers. To allow customers to use their e-mail addresses at Internet locations other than the company's systems (such as at school or work), many mail sites explicitly allowed open relaying so that customers could send e-mail via the ISP from any location.[9] Once open relay became unacceptable due to abuse (and unusable due to blocking of open relays) ISPs and other sites had to adopt new protocols to allow remote users to send mail. These include smart hosts, SMTP-AUTH, POP before SMTP, and the use of virtual private networks (VPNs). The IETF has written a best current practices covering Email Submission Operations in RFC 5068.

Note that the above only becomes an issue if the user wishes to (or has to) continue to send e-mail remotely, using the same SMTP server which they were previously accessing locally. If they have valid access to some other SMTP server from their new, remote location, then they will typically be able to use that new server to send e-mails as if from their old address, even when this server is properly secured. (Although this may involve some reconfiguration of the user's E-mail client which may not be entirely straightforward.)

The Can Spam Act of 2003 makes it illegal to send spam through an open relay in the United States, but makes no provision regarding sending personal e-mail through them or regarding their operation, although the effectiveness of the act has been questioned.[10][11]

Modern-day proponents

The most famous open mail relay operating today is probably that of John Gilmore[6][12], who argues that running an open relay is a free speech issue. His server is included on many open relay blacklists (many of which are generated by "automatic detection", that is, by anti-spam blacklisters sending an (unsolicited) test e-mail to other servers to see if they will be relayed). These measures cause much of his outgoing e-mail to be blocked.[6] Along with his further deliberate configuration of the server, his open relay enables people to send e-mail without their IP address being directly visible to the recipient and thereby send e-mail anonymously. In 2002, his open relay, along with 24 others, was used by a computer worm to propagate.[13]

Closing relays

In order not to be considered "open," an e-mail relay should be configured to accept and forward only the following messages (details will vary from system to system - in particular, further restrictions may well apply):[14]

  • Messages from local IP addresses to local mailboxes
  • Messages from local IP addresses to non-local mailboxes
  • Messages from non-local IP addresses to local mailboxes
  • Messages from clients that are authenticated and authorized

In particular, a properly secured SMTP mail relay should not accept and forward arbitrary e-mails from non-local IP addresses to non-local mailboxes by an unauthenticated or unauthorized user.

In general, any other rules which an administrator chooses to enforce (for instance, based on what an e-mail gives as its own envelope from address) must be in addition to, rather than instead of, the above.[14] If not, the relay is still effectively open (for instance, by the above rules): it is easy to forge e-mail header and envelope information, it is considerably harder to successfully forge an IP address in a TCP/IP transaction due to the three-way handshake that occurs as a connection is started.

Open relays have also resulted from security flaws in software, rather than misconfiguration by system administrators.[15][16] In these cases, security patches need to be applied to close the relay.

References

  1. 1.0 1.1 The Trustees of Indiana University (2008-04-01). "In Unix, what is an open mail relay?". University Information Technology Services. Indiana University. Archived from the original on 2007-06-17. http://web.archive.org/web/20070617083024/kb.iu.edu/data/aivh.html. Retrieved 2008-04-07. 
  2. 2.0 2.1 2.2 "What is open relay?". WhatIs.com. Indiana University. 2004-07-19. Archived from the original on 2007-08-24. http://web.archive.org/web/20070824005337/http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci782509,00.html. Retrieved 2008-04-07. 
  3. "FTC and International Agencies Announce “Operation Secure Your Server”". Federal Trade Commission. 2004-01-29. http://www.ftc.gov/opa/2004/01/opsecure.shtm. Retrieved 2008-04-07. 
  4. RFC 1192 Commercialization of the Internet
  5. Aber, James S.. "Internet and the World Wide Web". ES 351 and 771. http://academic.emporia.edu/aberjame/geospat/internet.htm. Retrieved 2008-04-07. 
  6. 6.0 6.1 6.2 6.3 "Spam Blockers Pass It On". WIRED. 2001-07-02. http://www.wired.com/culture/lifestyle/news/2001/07/44876?currentPage=all. Retrieved 2008-04-07. 
  7. Open Relay. What does it mean?
  8. Hoffman, Paul (2002-08-20). "Allowing Relaying in SMTP: A Series of Surveys". IMC Reports. Internet Mail Consortium. Archived from the original on 2007-01-18. http://web.archive.org/web/20070118121843/http://www.imc.org/ube-relay.html. Retrieved 2008-04-13. 
  9. Atkins, Steve. "news.admin.net-abuse.email FAQ". http://preview.samspade.org/d/nanaefaq.html. Retrieved 2008-04-08. 
  10. United States: A New Weapon in The Fight Against Spam
  11. Is the CAN-SPAM Law Working?
  12. "Blast from the past: John Gilmore's open relay". 2006-12-29. http://www.spamresource.com/2006/12/blast-from-past-john-gilmores-open.html. Retrieved 2008-04-07. 
  13. "Worm uses John Gilmore's open relay at toad.com to reproduce". 2002-03-07. http://seclists.org/politech/2002/Mar/0026.html. Retrieved 2008-04-07. 
  14. 14.0 14.1 "Repairing open mail relays - Advice from UK JANET". http://www.ja.net/services/mail/janet-spam-relay-tester-and-notification-system/repairing-open-mail-relays.html#expected. Retrieved 2008-04-12. 
  15. "MS02-011: An authentication flaw could allow unauthorized users to be authenticated on the SMTP service". Microsoft. 2007-03-29. http://support.microsoft.com/kb/310669. Retrieved 2008-10-28. 
  16. "XIMS: Messages Sent to Encapsulated SMTP Address Are Rerouted Even Though Rerouting Is Disabled". Microsoft. 2006-10-26. http://support.microsoft.com/kb/237927. Retrieved 2008-10-29. 
ca:Open relay

de:Offenes Mail-Relay es:Open Relay nl:Open mail relay ja:第三者中継 pl:Open relay ru:Открытый релей zh:開放轉發

Personal tools

Served in 0.517 secs.