Nordunet Home Page
 		-----------------------------------
NORDUnet SPAM/Mail Relay advice

-------------------------------------
Unsolicited commercial e-mail, also referred to as spam, is unfortunately a well-known phenomenon by now for most users, and these same users do not particularly enjoy receiving this junk e-mail.

The spread of spam actually has two major negative effects:

  • The end-users mailboxes fill up with unwanted messages. While some users pay to download their own e-mail, most users simply put up with this annoyance by deleting the unwanted messages.
  • Mail servers may be abused by the originators of spam. This can actually be quite expensive in terms of the cleanup required after such an event.
This note primarily revolves around the second of these two items.

The originators of spam very often rely on the abuse of remote mail systems to spread their e-mail messages and to hide their tracks. For this to work, these remote mail systems have to allow unrestricted third party relaying, i.e. sending of messages via a mail server where neither the originator nor the recipient is in the local domain intended to be served by the mail server. This allows the originator of the spam to send a single message together with a huge recipient list, pushing the hard work of actually doing the message delivery to the final recipients to the abused mail server.

Having a mail server which acts like an open mail relay can be quite expensive in more ways than one, some of them are:

  • The spammers can cause load on your mail system to skyrocket, shutting out legitimate users of your mail service.
  • Your mail server may be blacklisted, e.g. by it getting an entry in the MAPS RBL. In NORDUnet's case this will cause your mail server to lose connectivity to large portions of the Internet in the US.
  • Your reputation will be tarnished. Internet-aware institutions have mail server administrators who have already taken steps to prevent the abuse of their systems in this manner.
  • There is a high probability your mail server will be detected and abused. The spammers have programs which actively scan networks and probe for open mail relays.
Mail system administrators served by NORDUnet should therefore check if their mail systems are vulnerable to this form of abuse, and should take the required precautions to prevent such abuse.

References

Many of the references above point to the excellent information maintained by the MAPS LLC company in the US and their Transport Security Initiative.

Last modified: Sat Sep 11 17:40:21 MEST 1999 -------------------------------------
Nordunet Information Service