[PLUG] How dangerous is handling my own mail?

Jeme A Brelin jeme at brelin.net
Tue Mar 30 20:26:02 UTC 2004 

On Tue, 30 Mar 2004, John Meissen wrote:
> and:
> > > Can one run an open relay and not be used by spammers?

I didn't write that, but there was no other attribution than to me.
Please don't attribute other people's words to me.  Neither of us
appreciate it, I'm sure.

> > So I guess it IS possible.
>
> That's a fool's argument.

It's proof.  He just asked if it CAN be done.  The answer, apparently, is
yes.

> What's the harm? I've seen it first-hand. When I worked at Pyramid the
> mail servers were configured as open-relay, which was the default. One
> night they got discovered by spammers, who relayed messages to sets of
> addresses with millions of recipients. The entire mail system ground to
> a halt and the sysadmins spent literally weeks dealing with bounces and
> hate mail from people following the address trail. I believe they told
> me they were getting roughly 300 messages per hour. Once they were
> discovered it took months for the relay attempts to die off. For weeks
> they were getting hit with several relay attempts per minute.

This is a result of closing all the other relays on the net.  If EVERY
mail relay was open, the spammers wouldn't have to focus their attention
on the few they can find and exploit them.

Those who use others' relays are bottlenecked down to a few and those
servers are ground to their knees.  This is a direct result of the push
for closed relays.

The harm isn't in the opening of the relay, but in the closing.

I'll grant that that can be argued from either side, but the point is that
the closing has OTHER negative effects, while the opening has ONE
potentially negative effect.  That negative is the potential use of the
relay to send spam, but I don't think there's any evidence at all that
closing relays has decreased the amount of spam on the net and I think you
can easily demonstrate for yourself that filtering is quite effective
without checking the source of the email.

Think about it.  Spam is unwanted email CONTENT.  It only makes sense to
filter it by content.  You don't want to stop receiving mail from certain
servers, you want to stop receiving mail of a certain type from ANY
server.  So deal with the real problem.

> The issue isn't just stopping spam, it's also about leaving yourself
> vulnerable. There is absolutely NO legitimate reason to allow
> unathenticated relaying through any mail server.

So everyone should have multi-homed email for failover?  Unauthenticated
relaying helps people who cannot reach their usual mail server to send
mail across the internet.  The more open relays, the more redundancy in
the system.

On how many mail servers do you have accounts?  I think I might have
access to two.  That's not a whole lot of options.  And they're BOTH in
Portland, so if there's some kind of catastrophic power failure, I'm
screwed for outgoing email.

There is ONE reason to close your mail relay... and it's not a very good
reason because it's not particularly effective at solving the problem it's
attempting to solve.

> Now that the spammers have virus-infected home PC's to relay through the
> problem isn't as bad.

Right.  Closing relays wasn't the answer in the first place.  It was a
kind of temporary stop-gap with serious unintended consequences.

Now, if we implement solutions to the spam problem that actually address
the real issue (mail content that we don't want to see), then they can
have all the mail servers in the world and it still won't impact us.

> I'd say my personal mail server typically rejects only three or four
> relay attempts per day.

Then it's definitely time to open that sucker up.

> Claiming it's OK just because you've been lucky so far isn't a very good
> argument.

I am not claiming it's OK because my mail server hasn't been ground to
dust.  I'm claiming it's OK because it's a public good with only one
potential drawback that you, yourself, admitted isn't much of an issue
anymore.

J.
-- 
   -----------------
     Jeme A Brelin
    jeme at brelin.net
   -----------------
 [cc] counter-copyright
 http://www.openlaw.org

More information about the PLUG mailing list