Operation Secure Your Server Aimed at Shutting Down SPAM

An open mail relay allows a third-party SPAMmer to send their e-mail through an unsuspecting site's e-mail server. The United States Federal Trade Commission and 36 additional agencies in 26 countries have started sending out warning e-mails to registered owners of tens of thousands of computers suspected of being unwitting SPAM e-mail broadcast points, known in the nomenclature as Open Mail Relays.

The FTC has not been scanning the Internet in an attempt to find these open relays. Instead it has been relying on the much-criticized Open Relay Databases. These databases contain information identifying machines throughout the Internet which are thought to possibly be used by SPAMmers. Much of the criticism of these databases is derived from their reporting procedures, which only requires an anonymous Internet user to report a machine as a source of SPAM e-mail -- even though the target may have sent the user legitimate e-mail.

Open E-Mail Relays

Open relays and open proxies are servers that allow any computer in the world to "broadcast" their e-mail through servers of other organizations, thereby disguising the real origin of the e-mail and saving the SPAMmers thousands of dollars in network and server costs. SPAMmers often abuse these servers to flood the Internet with unwanted e-mail. Their abuses not only overload servers, but also could damage an unwitting business' reputation if it appears that the business sent the SPAM.

Open Proxies

Mis-configured Proxy servers can also be used by SPAMmers and Hackers to attack other computers. These proxy servers are used by businesses to speed up Internet connections, and to provide an increased level of security. SPAMmers, however, use these Open Proxies to relay tens of thousands of pieces of e-mail per day.

Can-SPAM, the "Controlling the Assault of Non-Solicited Pornography and Marketing Act"

The Can-SPAM law was signed into law in December, 2003. It prescribes heavy penalties for SPAMmers who use Open Relays to broadcast their SPAM, for SPAMmers who fake the Return Address in an e-mail and enhanced penalties for those who harvest e-mail addresses from web sites using crawlers and then use those addresses to send SPAM. Even lesser offenses, like failing to honor unsubscribe requests, could theoretically result in expensive judgments against both the SPAMmers and the clients for whom they advertise.

Due to the difficult-to-enforce nature of the Internet it will be months, or perhaps years, before this new law has any real effect. It is difficult to trace where an e-mail actually originated, if it even originated within the US, and to top it off there is no budget set aside for Federal enforcement of the law. The law does provide, however, for State Attorneys General to enforce the provisions, if they so desire.

Will This Fix the SPAM Problem?

Closing down tens of thousands of Open Relays will greatly increase the time, complexity and costs of sending SPAM. This will drive the small-time operators out of the business.

Can-SPAM laws went into effect on January 1st, 2004. However, SPAM e-mail increased by 2% over the prior month. Today, 60% of all e-mail is now SPAM. A record! Guess the law isn't working either.

I guess we should just look for even more SPAM in our e-boxes in time for valentine's day.

Review Questions

Does your proxy allow connections from untrusted networks such as the Internet?
Have you applied the latest available patches or upgrades?
Is someone regularly checking for unauthorized uses of your server?
Do you have and monitor an .abuse@. e-mail account where people can report abuses of your proxy or e-mail server?