Open mail relay

Last updated
Mail relay diagram Email.svg
Mail relay diagram

An open mail relay is a Simple Mail Transfer Protocol (SMTP) server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users. [1] [2] [3] This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular because of their exploitation by spammers and worms. Many relays were closed, or were placed on blacklists by other servers.

Contents

History and technology

Until the 1990s, mail servers were commonly intentionally configured as open relays; in fact, this was frequently the installation default setting. [1] The traditional store and forward method of relaying e-mail to its destination required that it was passed from computer to computer (through and beyond the Internet) via modems on telephone lines. For many early networks, such as UUCPNET, FidoNet and BITNET, lists of machines that were open relays were a core part of those networks. [2] Filtering and speed of e-mail delivery were not priorities at that time and in any case the government and educational servers that were initially on the Internet were covered by a federal edict forbidding the transfer of commercial messages. [4] [5]

Abuse by spammers

In the mid-1990s, with the rise of spamming, spammers resorted to re-routing their e-mail through third party e-mail servers to avoid detection [6] and to exploit the additional resources of these open relay servers. Spammers would send one e-mail to the open relay and (effectively) include a large blind carbon copy list, then the open relay would relay that spam to the entire list. [7] While this greatly reduced the bandwidth requirements for spammers at a time when Internet connections were limited, it forced each spam to be an exact copy and thus easier to detect. After abuse by spammers became widespread, operating an open relay came to be frowned upon among the majority of Internet server administrators and other prominent users. [6] Open relays are recommended against in RFC 2505 and RFC 5321 (which defines SMTP). The exact copy nature of spam using open relays made it easy to create bulk e-mail detection systems such as Vipul's Razor and the Distributed Checksum Clearinghouse. To counter this, spammers were forced to switch to using hash busters to make them less effective and the advantage of using open relays was removed since every copy of spam was "unique" and had to be sent individually.

Since open mail relays make no effort to authenticate the sender of an e-mail, open mail relays are vulnerable to address spoofing. [2]

Anti-spam efforts

Many Internet service providers use Domain Name System-based Blackhole Lists (DNSBL) to disallow mail from open relays. Once a mail server is detected or reported that allows third parties to send mail through them, they will be added to one or more such lists, and other e-mail servers using those lists will reject any mail coming from those sites. The relay need not actually be used for sending spam to be blacklisted; instead, it may be blacklisted after a simple test that just confirms open access. [8] [ better source needed ]

This trend reduced the percentage of mail senders that were open relays from over 90% down to well under 1% over several years. [9] This led spammers to adopt other techniques, such as the use of botnets of zombie computers to send spam.

One consequence of the new unacceptability of open relays was an inconvenience for some end users and certain Internet service providers. To allow customers to use their e-mail addresses at Internet locations other than the company's systems (such as at school or work), many mail sites explicitly allowed open relaying so that customers could send e-mail via the ISP from any location. [10] Once open relay became unacceptable because of abuse (and unusable because of blocking of open relays), ISPs and other sites had to adopt new protocols to allow remote users to send mail. These include smart hosts, SMTP-AUTH, POP before SMTP, and the use of virtual private networks (VPNs). The Internet Engineering Task Force (IETF) has written a best current practices covering Email Submission Operations in RFC 5068.

Note that the above only becomes an issue if the user wishes to (or has to) continue to send e-mail remotely, using the same SMTP server which they were previously accessing locally. If they have valid access to some other SMTP server from their new, remote location, then they will typically be able to use that new server to send e-mails as if from their old address, even when this server is properly secured. (Although this may involve some reconfiguration of the user's email client which may not be entirely straightforward.)

The CAN-SPAM Act of 2003 makes it illegal to send spam through an open relay in the United States, but makes no provision on their use for personal e-mail or their operation in general; the effectiveness of the act has been questioned. [11] [12]

Modern-day proponents

The most famous open mail relay operating today is probably that of John Gilmore, [6] [13] who argues that running an open relay is a freedom of speech issue. His server is included on many open relay blacklists (many of which are generated by "automatic detection", that is, by anti-spam blacklisters sending an (unsolicited) test e-mail to other servers to see if they will be relayed). These measures cause much of his outgoing e-mail to be blocked. [6] Along with his further deliberate configuration of the server, his open relay enables people to send e-mail without their IP address being directly visible to the recipient and thereby send e-mail anonymously. In 2002, his open relay, along with 24 others, was used by a computer worm to propagate itself. [14]

John Gilmore and other open relay proponents declare that they do not support spam and spamming, but see bigger threat in attempts to limit Web capabilities that may block evolution of the new, next generation technologies. They compare the network communication restrictions with restrictions that some phone companies tried to place on their lines in the past, preventing transferring of computer data rather than speech. [15]

Closing relays

In order not to be considered "open", an e-mail relay should be secure and configured to accept and forward only the following messages (details will vary from system to system — in particular, further restrictions may well apply): [16]

In particular, a properly secured SMTP mail relay should not accept and forward arbitrary e-mails from non-local IP addresses to non-local mailboxes by an unauthenticated or unauthorized user.

In general, any other rules an administrator chooses to enforce (for instance, based on what an e-mail gives as its own envelope from address) must be in addition to, rather than instead of, the above. [16] If not, the relay is still effectively open (for instance, by the above rules): it is easy to forge e-mail header and envelope information, it is considerably harder to successfully forge an IP address in a TCP/IP transaction because of the three-way handshake that occurs as a connection is started.

Open relays have also resulted from security flaws in software, rather than misconfiguration by system administrators. [17] [18] [19] In these cases, security patches need to be applied to close the relay.

Internet initiatives to close open relays have ultimately missed their intended purpose, because spammers have created distributed botnets of zombie computers that contain malware with mail relaying capability. The number of clients under spammers' control is now so great that previous anti-spam countermeasures that focused on closing open relays are no longer effective.

See also

Related Research Articles

<span class="mw-page-title-main">Email</span> Mail sent using electronic means

Electronic mail is a method of transmitting and receiving messages using electronic devices. It was conceived in the late–20th century as the digital version of, or counterpart to, mail. Email is a ubiquitous and very widely used communication medium; in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.

Within the Internet email system, a message transfer agent (MTA), mail transfer agent, or mail relay is software that transfers electronic mail messages from one computer to another using the Simple Mail Transfer Protocol. In some contexts, the alternative names mail server, mail exchanger, or MX host are used to describe an MTA.

The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.

<span class="mw-page-title-main">Email client</span> Computer program used to access and manage a users email

An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.

A Domain Name System blocklist, Domain Name System-based blackhole list, Domain Name System blacklist (DNSBL) or real-time blackhole list (RBL) is a service for operation of mail servers to perform a check via a Domain Name System (DNS) query whether a sending host's IP address is blacklisted for email spam. Most mail server software can be configured to check such lists, typically rejecting or flagging messages from such sites.

An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineering Task Force (IETF) in the 1980s, and updated by RFC 5322 and 6854. The term email address in this article refers to just the addr-spec in Section 3.4 of RFC 5322. The RFC defines address more broadly as either a mailbox or group. A mailbox value can be either a name-addr, which contains a display-name and addr-spec, or the more common addr-spec alone.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Email spam</span> Unsolicited electronic advertising by email

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoidable, and repetitive. Email spam has steadily grown since the early 1990s, and by 2014 was estimated to account for around 90% of total email traffic.

Sender Policy Framework (SPF) is an email authentication method which ensures the sending mail server is authorized to originate mail from the email sender's domain. This authentication only applies to the email sender listed in the "envelope from" field during the initial SMTP connection. If the email is bounced, a message is sent to this address, and for downstream transmission it typically appears in the "Return-Path" header. To authenticate the email address which is actually visible to recipients on the "From:" line, other technologies such as DMARC must be used. Forgery of this address is known as email spoofing, and is often used in phishing and email spam.

A bounce message or just "bounce" is an automated message from an email system, informing the sender of a previous message that the message has not been delivered. The original message is said to have "bounced".

Email filtering is the processing of email to organize it according to specified criteria. The term can apply to the intervention of human intelligence, but most often refers to the automatic processing of messages at an SMTP server, possibly applying anti-spam techniques. Filtering can be applied to incoming emails as well as to outgoing ones.

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

<span class="mw-page-title-main">Message submission agent</span>

A message submission agent (MSA), or mail submission agent, is a computer program or software agent that receives electronic mail messages from a mail user agent (MUA) and cooperates with a mail transfer agent (MTA) for delivery of the mail. It uses ESMTP, a variant of the Simple Mail Transfer Protocol (SMTP), as specified in RFC 6409.

Forward-confirmed reverse DNS (FCrDNS), also known as full-circle reverse DNS, double-reverse DNS, or iprev, is a networking parameter configuration in which a given IP address has both forward (name-to-address) and reverse (address-to-name) Domain Name System (DNS) entries that match each other. This is the standard configuration expected by the Internet standards supporting many DNS-reliant protocols. David Barr published an opinion in RFC 1912 (Informational) recommending it as best practice for DNS administrators, but there are no formal requirements for it codified within the DNS standard itself.

The Mail Abuse Prevention System (MAPS) is an organization that provides anti-spam support by maintaining a DNSBL. They provide five black lists, categorising why an address or an IP block is listed:

Email forwarding generically refers to the operation of re-sending a previously delivered email to an email address to one or more different email addresses.

MailChannels is a Canadian technology company that specializes in email security for businesses and internet service providers (ISPs). Founded in 2004 by Ken Simpson and headquartered in Vancouver, British Columbia, the company operates in the areas of email security and infrastructure market. The business provides a variety of products and services designed to safeguard email systems against spam, phishing, and other harmful content. Simultaneously, they guarantee the dependable delivery of legitimate messages. Additionally, they offer a mail relay API for numerous websites.

Backscatter is incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

SMTP Authentication, often abbreviated SMTP AUTH, is an extension of the Simple Mail Transfer Protocol (SMTP) whereby a client may log in using any authentication mechanism supported by the server. It is mainly used by submission servers, where authentication is mandatory.

A mailbox provider, mail service provider or, somewhat improperly, email service provider is a provider of email hosting. It implements email servers to send, receive, accept, and store email for other organizations or end users, on their behalf.

References

  1. 1 2 The Trustees of Indiana University (2008-04-01). "In Unix, what is an open mail relay?". University Information Technology Services. Indiana University. Archived from the original on 2007-06-17. Retrieved 2008-04-07.
  2. 1 2 3 "What is open relay?". WhatIs.com. Indiana University. 2004-07-19. Archived from the original on 2007-08-24. Retrieved 2008-04-07.
  3. "FTC and International Agencies Announce "Operation Secure Your Server"". Federal Trade Commission. 2004-01-29. Archived from the original on March 6, 2008. Retrieved 2008-04-07.
  4. RFC 1192 Commercialization of the Internet
  5. Aber, James S. "Internet and the World Wide Web". ES 351 and 771. Retrieved 2008-04-07.
  6. 1 2 3 4 "Spam Blockers Pass It On". WIRED . 2001-07-02. Archived from the original on June 1, 2008. Retrieved 2008-04-07.
  7. Open Relay. What does it mean?
  8. "Big brother network now controls your E-mail".
  9. Hoffman, Paul (2002-08-20). "Allowing Relaying in SMTP: A Series of Surveys". IMC Reports. Internet Mail Consortium. Archived from the original on 2007-01-18. Retrieved 2008-04-13.
  10. Atkins, Steve. "news.admin.net-abuse.email FAQ". Archived from the original on 2012-07-27. Retrieved 2008-04-08.
  11. United States: A New Weapon in The Fight Against Spam
  12. Is the CAN-SPAM Law Working?
  13. "Blast from the past: John Gilmore's open relay". 2006-12-29. Retrieved 2008-04-07.
  14. "Worm uses John Gilmore's open relay at toad.com to reproduce". 2002-03-07. Retrieved 2008-04-07.
  15. "Open mail relay restrictions from the view point of John Gilmore". Archived from the original on 2012-05-03. Retrieved 2010-06-25.
  16. 1 2 "Repairing open mail relays - Advice from UK JANET". Archived from the original on February 24, 2008. Retrieved 2008-04-12.
  17. "DSA-554-1 Sendmail -- Pre-set Password". Debian. 2004-09-27. Retrieved 2010-05-09.
  18. "MS02-011: An authentication flaw could allow unauthorized users to be authenticated on the SMTP service". Microsoft. 2007-03-29. Retrieved 2008-10-28.
  19. "XIMS: Messages Sent to Encapsulated SMTP Address Are Rerouted Even Though Rerouting Is Disabled". Microsoft. 2006-10-26. Retrieved 2008-10-29.