HOME

TheInfoList



OR:

An open mail relay is a
Simple Mail Transfer Protocol The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typica ...
(SMTP)
server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...
configured in such a way that it allows anyone on the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
to send
e-mail Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" meant ...
through it, not just mail destined to or originating from known users. This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular because of their exploitation by
spammers This is a list of individuals and organizations noteworthy for engaging in bulk electronic spamming, either on their own behalf or on behalf of others. It is not a list of all spammers, only those whose actions have attracted substantial independen ...
and
worms Worms may refer to: *Worm, an invertebrate animal with a tube-like body and no limbs Places *Worms, Germany Worms () is a city in Rhineland-Palatinate, Germany, situated on the Upper Rhine about south-southwest of Frankfurt am Main. It had ...
. Many relays were closed, or were placed on
blacklist Blacklisting is the action of a group or authority compiling a blacklist (or black list) of people, countries or other entities to be avoided or distrusted as being deemed unacceptable to those making the list. If someone is on a blacklist, t ...
s by other servers.


History and technology

Until the 1990s, mail servers were commonly intentionally configured as open relays; in fact, this was frequently the installation default setting. The traditional
store and forward Store and forward is a telecommunications technique in which information is sent to an intermediate station where it is kept and sent at a later time to the final destination or to another intermediate station. The intermediate station, or node in ...
method of relaying e-mail to its destination required that it was passed from computer to computer (through and beyond the Internet) via
modem A modulator-demodulator or modem is a computer hardware device that converts data from a digital format into a format suitable for an analog transmission medium such as telephone or radio. A modem transmits data by Modulation#Digital modulati ...
s on telephone lines. For many early networks, such as
UUCPNET UUCP is an acronym of Unix-to-Unix Copy. The term generally refers to a suite of computer programs and protocols allowing remote execution of commands and transfer of files, email and netnews between computers. A command named is one of the pro ...
, FidoNet and BITNET, lists of machines that were open relays were a core part of those networks.
Filtering Filter, filtering or filters may refer to: Science and technology Computing * Filter (higher-order function), in functional programming * Filter (software), a computer program to process a data stream * Filter (video), a software component tha ...
and speed of e-mail delivery were not priorities at that time and in any case the government and educational servers that were initially on the Internet were covered by a federal edict forbidding the transfer of commercial messages.


Abuse by spammers

In the mid-1990s, with the rise of spamming, spammers resorted to re-routing their e-mail through third party e-mail servers to avoid detection and to exploit the additional resources of these open relay servers. Spammers would send one e-mail to the open relay and (effectively) include a large
blind carbon copy Blind carbon copy (abbreviated Bcc) allows the sender of a message to conceal the person entered in the Bcc field from the other recipients. This concept originally applied to paper correspondence and now also applies to email. In some circumsta ...
list, then the open relay would relay that spam to the entire list. While this greatly reduced the bandwidth requirements for spammers at a time when Internet connections were limited, it forced each spam to be an exact copy and thus easier to detect. After abuse by spammers became widespread, operating an open relay came to be frowned upon among the majority of Internet server administrators and other prominent users. Open relays are recommended against in RFC 2505 and RFC 5321 (which defines SMTP). The exact copy nature of spam using open relays made it easy to create bulk e-mail detection systems such as Vipul's Razor and the
Distributed Checksum Clearinghouse Distributed Checksum Clearinghouse (also referred to as DCC) is a method of spam email detection. The basic logic in DCC is that most spam mails are sent to many recipients. The same message body appearing many times is therefore bulk email. DCC id ...
. To counter this, spammers were forced to switch to using
hash buster A hash buster is a program which randomly adds characters to data in order to change the data's hash sum. This is typically used to add words to spam e-mails, to bypass hash filters. As the e-mail's hash sum is different from the sum of e-mails ...
s to make them less effective and the advantage of using open relays was removed since every copy of spam was "unique" and had to be sent individually. Since open mail relays make no effort to
authenticate Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
the sender of an e-mail, open mail relays are vulnerable to address spoofing.


Anti-spam efforts

Many Internet service providers use Domain Name System-based Blackhole Lists (DNSBL) to disallow mail from open relays. Once a mail server is detected or reported that allows third parties to send mail through them, they will be added to one or more such lists, and other e-mail servers using those lists will reject any mail coming from those sites. The relay need not actually be used for sending spam to be blacklisted; instead, it may be blacklisted after a simple test that just confirms open access. This trend reduced the percentage of mail senders that were open relays from over 90% down to well under 1% over several years. This led spammers to adopt other techniques, such as the use of
botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
s of
zombie computers A zombie ( Haitian French: , ht, zonbi) is a mythological undead corporeal revenant created through the reanimation of a corpse. Zombies are most commonly found in horror and fantasy genre works. The term comes from Haitian folklore, in w ...
to send spam. One consequence of the new unacceptability of open relays was an inconvenience for some end users and certain
Internet service provider An Internet service provider (ISP) is an organization that provides services for accessing, using, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, non-profit, or otherwise private ...
s. To allow customers to use their e-mail addresses at Internet locations other than the company's systems (such as at school or work), many mail sites explicitly allowed open relaying so that customers could send e-mail via the ISP from any location. Once open relay became unacceptable because of abuse (and unusable because of blocking of open relays), ISPs and other sites had to adopt new protocols to allow remote users to send mail. These include
smart host A smart host or smarthost is an email server via which third parties can send emails and have them forwarded on to the email recipients' email servers. Smarthosts were originally open mail relays, but most providers now requiring authentication fro ...
s,
SMTP-AUTH SMTP Authentication, often abbreviated SMTP AUTH, is an extension of the Simple Mail Transfer Protocol (SMTP) whereby a client may log in using any authentication mechanism supported by the server. It is mainly used by submission servers, where aut ...
,
POP before SMTP POP before SMTP or SMTP after POP is a method of authentication used by mail server software which helps allow users the option to send e-mail from any location, as long as they can demonstrably also fetch their mail from the same place. The POP b ...
, and the use of
virtual private network A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
s (VPNs). The
Internet Engineering Task Force The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...
(IETF) has written a
best current practice A Best Current Practice (BCP) is a ''de facto'' level of performance in engineering and information technology. It is more flexible than a standard, since techniques and tools are continually evolving. The Internet Engineering Task Force publish ...
s covering Email Submission Operations in RFC 5068. Note that the above only becomes an issue if the user wishes to (or has to) continue to send e-mail remotely, using the ''same'' SMTP server which they were previously accessing locally. If they have valid access to some ''other'' SMTP server from their new, remote location, then they will typically be able to use that new server to send e-mails as if from their old address, even when this server is properly secured. (Although this may involve some reconfiguration of the user's
email client An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email. A web application which provides message management, composition, and reception functio ...
which may not be entirely straightforward.) The
CAN-SPAM Act of 2003 The Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act of 2003 is a law passed in 2003 establishing the United States' first national standards for the sending of commercial e-mail. The law requires the Federal Trad ...
makes it illegal to send spam through an open relay in the
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
, but makes no provision on their use for personal e-mail or their operation in general; the effectiveness of the act has been questioned.


Modern-day proponents

The most famous open mail relay operating today is probably that of
John Gilmore John Gilmore may refer to: * John Gilmore (activist) (born 1955), co-founder of the Electronic Frontier Foundation and Cygnus Solutions * John Gilmore (musician) (1931–1995), American jazz saxophonist * John Gilmore (representative) (1780–1845), ...
, who argues that running an open relay is a
freedom of speech Freedom of speech is a principle that supports the freedom of an individual or a community to articulate their opinions and ideas without fear of retaliation, censorship, or legal sanction. The right to freedom of expression has been recogni ...
issue. His server is included on many open relay blacklists (many of which are generated by "automatic detection", that is, by anti-spam blacklisters sending an (unsolicited) test e-mail to other servers to see if they will be relayed). These measures cause much of his outgoing e-mail to be blocked. Along with his further deliberate configuration of the server, his open relay enables people to send e-mail without their IP address being directly visible to the recipient and thereby send e-mail
anonymously Anonymity describes situations where the acting person's identity is unknown. Some writers have argued that namelessness, though technically correct, does not capture what is more centrally at stake in contexts of anonymity. The important idea he ...
. In 2002, his open relay, along with 24 others, was used by a
computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It wil ...
to propagate itself. John Gilmore and other open relay proponents declare that they do not support spam and spamming, but see bigger threat in attempts to limit Web capabilities that may block evolution of the new, next generation technologies. They compare the network communication restrictions with restrictions that some phone companies tried to place on their lines in the past, preventing transferring of computer data rather than speech.


Closing relays

In order not to be considered "open", an e-mail relay should be secure and configured to accept and forward only the following messages (details will vary from system to system — in particular, further restrictions may well apply): * Messages from local
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
es to local mailboxes * Messages from local IP addresses to non-local mailboxes * Messages from non-local IP addresses to local mailboxes * Messages from clients that are
authenticated Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...
and
authorized Authorization or authorisation (see spelling differences) is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular. More for ...
In particular, a properly secured SMTP mail relay should not accept and forward arbitrary e-mails from non-local IP addresses to non-local mailboxes by an unauthenticated or unauthorized user. In general, any other rules an administrator chooses to enforce (for instance, based on what an e-mail gives as its own envelope from address) must be in addition to, rather than instead of, the above. If not, the relay is still effectively open (for instance, by the above rules): it is easy to forge e-mail header and envelope information, it is considerably harder to successfully forge an IP address in a
TCP/IP The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suit ...
transaction because of the
three-way handshake The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly ...
that occurs as a connection is started. Open relays have also resulted from security flaws in software, rather than misconfiguration by system administrators. In these cases, security patches need to be applied to close the relay. Internet initiatives to close open relays have ultimately missed their intended purpose, because spammers have created distributed botnets of zombie computers that contain malware with mail relaying capability. The number of clients under spammers' control is now so great that previous anti-spam countermeasures that focused on closing open relays are no longer effective.


See also

*
Relay (disambiguation) A relay is an electric switch operated by a signal in one circuit to control another circuit. Relay may also refer to: Historical * Stage station, a place where exhausted horses being used for transport could be exchanged for fresh ones * Cursus ...
*
Email spoofing Email spoofing is the creation of email messages with a forged sender address. The term applies to email purporting to be from an address which is not actually the sender's; mail sent in reply to that address may bounce or be delivered to an unr ...
*
Email spam Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoida ...
*
Phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
*
DMARC Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Th ...
*
DKIM DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email (email spoofing), a technique often used in phishing and email spam. DKIM allows the receiver to check that an email claimed ...
*
Sender Policy Framework Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email. SPF alone, though, is limited to detecting a forged sender claim in the envelope of the email, which is ...


References

{{DEFAULTSORT:Open Mail Relay Email Spamming