[PLUG] How dangerous is handling my own mail?

[John Meissen]

Jeme A Brelin said:
> But what's the harm in some of your bandwidth being used for spam when
> it is also being used for legitimate email? 

and:
> > Can one run an open relay and not be used by spammers?

> Just checked the mail logs on one of my open mail servers... no
> messages there I don't recognize.  It's been open for a couple of
> years.

> So I guess it IS possible. 

That's a fool's argument.

What's the harm? I've seen it first-hand. When I worked at Pyramid the
mail servers were configured as open-relay, which was the default. One
night they got discovered by spammers, who relayed messages to sets
of addresses with millions of recipients. The entire mail system 
ground to a halt and the sysadmins spent literally weeks dealing with 
bounces and hate mail from people following the address trail. I believe
they told me they were getting roughly 300 messages per hour. Once they
were discovered it took months for the relay attempts to die off. For
weeks they were getting hit with several relay attempts per minute.

The issue isn't just stopping spam, it's also about leaving yourself
vulnerable. There is absolutely NO legitimate reason to allow 
unathenticated relaying through any mail server.

Now that the spammers have virus-infected home PC's to relay through the
problem isn't as bad. I'd say my personal mail server typically rejects 
only three or four relay attempts per day.

Claiming it's OK just because you've been lucky so far isn't a very good
argument.

john-