Jump to content

Open mail relay

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Deananderson (talk | contribs) at 16:01, 6 March 2008 (→‎Abuse by spammers and a Depressing Reversal of Ethics: King describes them as former MAPS employees). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

An open mail relay is an SMTP (e-mail) server configured in such a way that it allows anyone on the Internet to relay (i.e. send) e-mail through it[citation needed].

History and technology

An open relay is any relay that accepts mail from a source outside of its home IP address network for delivery to a destination outside of its home IP address network. Obviously, if you gateway between the Internet generally and some non-Internet network, open relay is necessary.

A closed relay is any relay that accepts email only from a source inside its home network for delivery to destinations inside or outside of its home network;

Or a closed relay is any relay that accepts email from a source inside or outside its home network for delivery only to a destination inside its home network.

In 1986, the architects of the SMTP protocol decided not to put the numeric IP address of the sender in the "Received:" header.[1] This created the ability to send anonymous email and was eventually called anonymous relay. Because of the flaw, the sender was never fully identified by anything but what the sender himself created, so the sender was effectively anonymous. The "Received:" header was soon changed to include the sender's IP Address after people posted abusive messages on the pre-commercial internet. [citation needed]. Although there was no distinction between open or closed relays at this time, if the IP Address isn't recorded in the received header, a closed relay would be subject to the same anonymous abuse. Anonymous email abuse stopped because the relay (open and closed) records the identity IP address of the sender, which the sender can't alter. By the time spam came along beginning in approximately 1994 [citation needed], there were virtually no anonymous relays. People who thought anonymous email was good for whistle-blowing and such, operated anonymous re-mailers which stripped the identifying "Received:" headers and other identifying information. [citation needed]

Until the early and mid-1990s this was the normal configuration for a mail server and was often the default on UNIX systems at installation[citation needed]. This was due, in part, to the methods in which e-mail from non-Internet email systems was passed from computer to computer via modems on telephone lines, often never touching the small Internet of the time. These networks passed e-mail from computer to computer until it reached its destination than to connect directly to the target computer (e.g. via modem) and log in to transfer the mail. For many early networks, such as UUCPNET, FidoNet and BITNET, lists of machines that were open relays were a core part of those networks[citation needed]. Filtering and speed of e-mail delivery were not priorities at that time and in any case the government and educational servers with which the Internet was started were covered by a federal edict forbidding the transfer of commercial messages[citation needed]. In the mid-1990s, many people had open relays that didn't need them, and most of these relays were closed.[citation needed] The software configuration defaults were changed in most mail server software so that the mail server was closed by default instead of open by default. [citation needed]

Nowadays, e-mail transfer by "SMTP relaying," or pass-along methods, is still the standard. While many Backbone networks and ISPs allow end-user PCs or even cellphones to send mail directly to the target host, without need for relaying through a "middleman" site, the SMTP client must still engage with SMTP Relay servers which are identified either in the client configuration (pass-along) or else by using DNS MX Records (directly). The target host may also block the PC or Cellphone network because they are frequently infected with botnets. Or, the Network provider may block outbound SMTP and require use of its own relay. This isn't open relay, but the PC or Cellphone doesn't know the difference. Also, corporate users and particularly consultants may want to roam on other networks without email configuration changes, or they may want to have their corporate mail server do some special processing. The underlying communication methods of the Internet remain largely the same as they were in 1993 and continue to provide end-to-end connectivity as well as a pass-along method. The need to open relay or closed relay depends entirely on the location of the user, the location of the mail server they want to use, and the location of the recipient of the message they send. If the user is outside the home network of the mail server, and the recipient is outside the home network of the mail server, then open relay or an alternate protocol is necessary. There have been proposals for active authentication methods, but passive authentication (open relay, monitor for abuse) is preferred in some cases.

Abuse by spammers and a Depressing Reversal of Ethics

In the mid-1990s, with the rise in popularity (and commercial adoption) of the Internet, it quickly attracted mass-marketers, in this domain known as spammers. As spam soon became widely unpopular, especially among e-mail server administrators who had to deal with the increased unsolicited traffic. Blacklists were invented to block this traffic. See "A discussion about "Some Dodgy Cartell" on December 27, 1996. As a result, temporarilly, spammers resorted to re-routing their e-mail through third party e-mail servers such as uunet to avoid this blocking by blacklists [citation needed]. After Sanford Wallace and other spammers transferred their activities from fixed IP addresses to dialup services in the fall of 1997, this practice ended. See "September 1997: Problems, Blacklists, Coercion" . Paul Vixie, co-founder of MAPS writes "But blocking relays doesn't stop the phenomena of spam, in fact it doesn't even slow it down. [...]" But some saw an opportunity. In 1996, well-known spammer Sanford Wallace had proposed to operate a business sending spam and selling anti-spam software. (see original message from Cyber Promotions reposted to NANOG list) Like Wallace, prominent anti-spammers Paul Vixie, Rodney Joffe, John Levine, and some others also saw a similar opportunity to combine a blacklist with a commercial bulk email operation called Whitehat.com. (see Whitehat Board of Directors) In 2003, it was discovered that former MAPS employees were performing "listwashing" services--removing spamtrap addresses--for well-known spammer Scott Richter. (see "Spam Kings", Brian McWilliams, O'Reilly 2005; pg 252). To many anti-spammers, this represented a "depressing reversal of ethics" (Spam Kings, pg 254) Some Open Relay Blacklists were already working with non-spam agendas. ORBS.ORG, run by Alan Brown was shut after using his blacklist to attack ISPs that didn't have open relays. (see message from Dan Cameron) The ISPs sued for defamation, and won. Others also found the benefits of blacklist operation. So, beginning in the Fall of 1997, a great flamewar began over the practice of operating an open relay e-mail server. While only a distraction, the practice came to be frowned upon among some of Internet server administrators and other prominent users[citation needed], many of whom were veterans of the Internet's non-commercial era. Some were now secretly making money on both spam and anti-spam activities.

Anti-spam efforts against open relays

Many ISPs use DNSBLs (DNS-based Blocking Lists) to disallow mail from open relays[citation needed]. Once a mail server is detected or reported that allows third parties to send mail through them, they will be added to one or more such lists, and other e-mail servers using those lists will reject any mail coming from those sites.

Anti-spammers became the principal abusers of open relays. See The Chris Neill Story for an example of misguided activities by anti-spammers to prove the harm of open relays by abusing them. This led open relay operators to hide relays and generally not engage in the public discussion of open relay operations.

Although open relays are no longer widely used to send spam, and haven't been used by commercial bulk mailers since around the fall of 1997, many sites continue to refuse mail traffic from them[citation needed].

One consequence open relay blocking was an inconvenience for some end users and certain internet service providers. To allow customers to use their e-mail addresses at Internet locations other than the company's systems (such as at school or work), many mail sites explicitly allowed open relaying so that customers could read and send e-mail via the ISP from any location[citation needed]. Once open relay became unacceptable due to abuse (and unusable due to blocking of open relays) ISPs and other sites had to hide open relays and block the open relay scanners. Some more radical proponents suggested changing protocols to avoid the need for open relay. These schemes include smart hosts, SMTP-AUTH, POP before SMTP, and the use of virtual private networks (VPNs). None of these protocols or schemes were widely adopted by ISPs as of 2007.

The Can Spam Act of 2003 makes it illegal to send spam through an open relay, but makes no provision regarding sending personal e-mail through them or regarding their operation. The Computer Fraud and Abuse Act makes it illegal to make unauthorized use of a computer for a value of more than $5000.00 Many open relay operators monitor their relays for abuse and report abuse to the abuser's ISP. Unauthorized use of an open relay is never a good idea.

Modern-day proponents

The most famous open mail relay operating today is probably that of John Gilmore[citation needed], who argues that running an open relay is a free speech issue[citation needed]. His server is included on many open relay blacklists[citation needed] (many of which are generated by "automatic detection", that is, by anti-spam blacklisters sending an (unsolicited) test e-mail to other servers to see if they will be relayed). He has never sent any spam personally[citation needed], yet these measures cause much of his outgoing e-mail to be blocked in some quarters. Most large ISPs don't block open relays or use what are known as "DNS Blacklists", low cost volunteer efforts sometimes run by just one person, which use DNS to distribute their blacklist cheaply.

Gilmore contends he has a right to configure his computer however he pleases, and others have the right to configure their computers to ignore him[citation needed]. However, since open-relay blacklisting is most commonly done at the ISP level, many end users have this decision made for them without their explicit request[citation needed]. Some ISPs have been unwilling to remove the blacklists that prevent his e-mails from reaching recipients on the ISP's network or implement any other method (such as a whitelist) to allow his e-mail through. As a result, he is unable to communicate by e-mail with some of his friends and business partners[citation needed].

Dean Anderson has, since 1997, operated open relays, investigated open relay abusers, and explained the legitimate needs and uses of open relays. Anderson is the CEO of a New England ISP known as AV8 Internet, Inc, which (2007) serves about 67,000 IP Addresses. Anderson has explored the legal issues involving open relays both in theory and in actual conflict with certain other ISPs or more precisely, certain system administrators. Anderson has prevailed in those legal disputes, and has provoked a strong negative reaction from open relay opponents. [source: Dean Anderson]

The Electronic Communication Privacy Act prohibits ISPs from blocking non-spam email that the users have not authorized to be blocked. See U.S. V. Councilman. Some antispammers have argued that this law doesn't apply to them. But one need only contact the recipient of the email being blocked and have them fax a signed letter to their ISP saying "I have not authorized blocking email from Company X"

The Sherman Anti-Trust Act prohibits both the ISP and the blacklist from engaging in an unlawful group boycott. This has been used against MAPS in Exactis V. MAPS, and has been helpful in convincing the occasional ISP manager that their admin should not be using a blacklist that isn't blocking spam, but is instead blocking relays. Exactis v. MAPS (Colorado District Court Case Number 00-CV-2250) also cited charges of Tortious Interference with Contract, Tortious Interference with Prospective Business Relations, violation of the Colorado Consumer Protection Act, Intentional and Negligent Misrepresentation and Extortion, violation of the Colorado Communications Privacy Act, violation of the Colorado Organized Crime Control Act, violation of the Sherman Antitrust Act, violation of the Colorado Antitrust act. A temporary restraining order was obtained. MAPS attempts to have the case dismissed failed, and MAPS settled. MAPS no longer blocks Exactis. This case is a roadmap to dealing with any blacklist that attempts to block email that isn't abusive. Email that complies with the CAN-SPAM Act, by definition, isn't abusive.

Make sure you have permission before testing a mailserver

  1. ^ http://securitydigest.org/tcp-ip/archive/1986/10#000007
Retrieved from "https://en.wikipedia.org/w/index.php?title=Open_mail_relay&oldid=196304023"