Open Relay FAQs

 

Q: What is an Open Relay?

A: Servers that handle Internet E-mail communicate with each other using a protocol known as SMTP. SMTP servers that accept mail from anyone to anyone else, without either party having legitimate access to the server, are known as Open Relays. These servers will accept mail and pass it along, or Relay it, from anyone to anyone.

Q: Why is an Open Relay a Bad Thing?

A: Spammers, or those who send unsolicited bulk advertising, learned long ago that they could abuse the resources of other people to send out their spam faster and safer than if they used their own servers. Spammers typically use a slow modem connection to the Internet, known as a throwaway account, because it is low cost and the spammer knows it will be terminated very quickly. They use this account to send their spam, very quicky, to Open Relays around the world. These Open Relays then do the hard work of relaying the spam on to the various recipients of the message. This is not the only mechanism spammers use to send out large amounts of spam, but it is still very popular. The people who own the Open Relays get accused of assisting the spammers. Their mail servers, which they may rely on for their own important communications, get bogged down sending the freeloader's E-mail. As well, many sites block all E-mail from known Open Relays, which means legitimate mail flowing through these servers will end up being blocked by remote sites trying to protect themselves from the flow of spam.Spammers scan the Internet for Open Relays. They also share information about Open Relays with each other. If someone is running an Open Relay, it will eventually be discovered, and it will then be abused until fixed.

Finally, if the owner of an Open Relay is billed for their traffic, they may end up paying a considerable financial penalty for inadvertently forwarding mail for spammers.

Q: What is this blocking list?

A: As the problem of Open Relays grew, people started looking for ways to combat relay spam. The MAPS RBL started tracking a few of the most abused Open Relays, but that wasn't very effective. In 1997 a service called ORBS was created. ORBS was a centralized list of servers that were known to be Open Relays. People who received spam from an Open Relay would send ORBS the IP address of the relay. ORBS would test it and add it to a list. Anyone could consult this list when receiving E-mail to determine if the system sending them E-mail was a known Open Relay.ORBS is long gone. But several similar services exist today. If an Open Relay is used to send spam, it will probably end up being reported to one or more of these services. Many sites consult these services when receiving E-mail, and will refuse mail from servers that are listed. These services are quite valuable. Since they are centralized one can be removed from them easily (once the Open Relay is fixed). The alternative, and the way it used to work, was that the server would end up being blocked in many different places. The admin could spend months chasing down odd bounces and asking to be removed from various local blocking lists. Of course, that still happens to some extent. The longer an Open Relay is left unfixed, the more blocking lists it will appear on.

If you receive a message from one of these services, or if your users notice their E-mail bouncing with messages linking to one of these services, you know you have an Open Relay. You need to fix it and then communicate with the blocking service to be removed from their list.

Q: Why do people run Open Relays?

A: Most Open Replay mail servers were installed years ago when virtually all mail servers were installed by default, or specifically configured, as Open Relays. This was before spammers began hijacking mail servers for their own purposes.

Today, most mail servers are installed by default without relaying turned on. In a few cases people disable this protection because of a perceived need for the service, without realizing the tremendous liability they are exposing themselves to.

Q: If I find I am running an Open Relay, how do I fix it?

A: The Mail Abuse Team has compiled a very comprehensive list of Internet E-mail software and ways to configure that software so it no longer functions as an Open Relay. If your software is not listed you may need to contact the vendor for assistance closing it, or call in a consultant to assist you. If you are running old software, you may need to upgrade to a version that can be secured.

In most cases fixing the Open Relay is only a few minutes work.

Q: Are there alternatives to running an Open Relay that will still let my users send mail through my server?

A: Yes! As this problem has grown, several ways have been implemented to allow legitimate users to relay through a server while keeping the spammers out. The best solution for local users is to configure your mail server to allow relay only from a known range of IP addresses (your local network, or VPN addresses, etc.). For remote users, the best solution is Authenticated SMTP, also known as SMTP AUTH. Using SMTP AUTH, the user's software actually logs into the SMTP server with a login name and password before being allowed to relay. This allows legitimate users to relay while dialed into an ISP on the road, for example.


[ Back to Skyway West Knowledge Center ]

[ Back to Spam Resource Page ]

Please send corrections or suggestions for improvements in this page to abuse@skywaywest.com

Copyright 2002, Skyway West. All Rights Reserved.

If you have a question about Open Relays not addressed by this FAQ (not regarding help securing a specific server), please email abuse@skywaywest.com.