Operation Secure Your Server Aimed at Shutting Down SPAM
An open mail relay allows a third-party SPAMmer to send their e-mail
through an unsuspecting site's e-mail server. The United States
Federal Trade Commission and 36 additional agencies in 26 countries
have started sending out warning e-mails to registered owners of tens
of thousands of computers suspected of being unwitting SPAM e-mail
broadcast points, known in the nomenclature as Open Mail Relays.
The FTC has not been scanning the Internet in an attempt to find these
open relays. Instead it has been relying on the much-criticized Open
Relay Databases. These databases contain information identifying
machines throughout the Internet which are thought to possibly be used
by SPAMmers. Much of the criticism of these databases is derived from
their reporting procedures, which only requires an anonymous Internet
user to report a machine as a source of SPAM e-mail -- even though the
target may have sent the user legitimate e-mail.
Open E-Mail Relays
Open relays and open proxies are servers that allow any computer in
the world to "broadcast" their e-mail through servers of other
organizations, thereby disguising the real origin of the e-mail and
saving the SPAMmers thousands of dollars in network and server
costs. SPAMmers often abuse these servers to flood the Internet with
unwanted e-mail. Their abuses not only overload servers, but also
could damage an unwitting business' reputation if it appears that the
business sent the SPAM.
Mis-configured Proxy servers can also be used by SPAMmers and Hackers
to attack other computers. These proxy servers are used by businesses
to speed up Internet connections, and to provide an increased level of
security. SPAMmers, however, use these Open Proxies to relay tens of
thousands of pieces of e-mail per day.
Can-SPAM, the "Controlling the Assault of Non-Solicited
Pornography and Marketing Act"
The Can-SPAM law was signed into law in December, 2003. It prescribes
heavy penalties for SPAMmers who use Open Relays to broadcast their
SPAM, for SPAMmers who fake the Return Address in an e-mail and
enhanced penalties for those who harvest e-mail addresses from web
sites using crawlers and then use those addresses to send SPAM. Even
lesser offenses, like failing to honor unsubscribe requests, could
theoretically result in expensive judgments against both the SPAMmers
and the clients for whom they advertise.
Due to the difficult-to-enforce nature of the Internet it will be
months, or perhaps years, before this new law has any real effect. It
is difficult to trace where an e-mail actually originated, if it even
originated within the US, and to top it off there is no budget set
aside for Federal enforcement of the law. The law does provide,
however, for State Attorneys General to enforce the provisions, if
they so desire.
Will This Fix the SPAM Problem?
Closing down tens of thousands of Open Relays will greatly increase
the time, complexity and costs of sending SPAM. This will drive the
small-time operators out of the business.
Can-SPAM laws went into effect on January 1st, 2004. However,
SPAM e-mail increased by 2% over the prior month. Today, 60% of all
e-mail is now SPAM. A record! Guess the law isn't working either.
I guess we should just look for even more SPAM in our e-boxes in time
for valentine's day.
Does your proxy allow connections from untrusted networks such
as the Internet?
Have you applied the latest available patches or upgrades?
Is someone regularly checking for unauthorized uses of your
Do you have and monitor an .abuse@. e-mail account
where people can report abuses of your proxy or e-mail server?