Open relays

[kuznetz]

Some people who oppose closing port 25 to prevent outgoing spam at provider's gateway,

say that this is of little help because spam goes mainly through open relays, not through spam trojans at user computers.

What do you think of that?

I believe open SMTP relays at mailhosts are virtually non-existent now, except for misconfiguraiton incidents (which cannot be a noticeable percentage of all).

I wonder how can I prove my point to those people. Or might I be wrong?

[turetzsr]

...*shrug* Do these people leave the doors to their homes unlocked at night when they go to bed? It's arguably not worthwhile because most people who die at home are killed during the day by accidents or people they know, not people who enter while they are sleeping. Me, I'd rather be safe, considering it's of only very minor inconvenience to lock my doors.

...Seems to me there's at least enough anecdotal evidence of the growth and prevalence of trojans to justify closing port 25 except to legitimate outgoing e-mail but I don't know how one might "prove" it.

[kuznetz]

Thank you.

I think I'll go this way: I take any relatively large network and check it at SenderBase. Then I check first (or random), say, 20 listed hosts for open relay. They will all prove not to be.

Then, anyone who doughts will be welcome to check any number of hosts there, to find an open relay himself. I'm sure no one ever will.

[jongrose]

ISPs could probably cut spam rates in half on their networks if they just gave end users out a CD with a copy of AVG Anti-Virus Free and a few other freeware security tools (granted that the user installed this). If you look at AOL and their inclusion of more secure software for their users and the amount of spam coming from them is practically non-existent.

[rconner]

Some people who oppose closing port 25 to prevent outgoing spam at provider's gateway,

say that this is of little help because spam goes mainly through open relays, not through spam trojans at user computers.

What do you think of that?

I don't have any hard figures on this, but it is my impression that the number of open-relay spams I get in my inbox these days is virtually nil.

On my website (http://www.rickconner.net/spamweb/tricks.html#open-proxy), I have posted a simple little factoid from back in 2004; it seems that a a Comcast spokesman asserted at the time that his network was sending 800 million messages per day, of which only about 125 million were passing through Comcast outgoing mail hosts. The rest were direct-to-MX and presumably spam.

In defense of Comcast, I get very little spam from them anymore, so perhaps they have managed to stem the tide. Nevertheless, you can well imagine similar numbers from many other providers who aren't so diligent.

-- rick

[kuznetz]

Thank you, jongrose.

Yes, provider can do a lot. But they usually do not. Too bad

Thank you, Richard, for your data. I hope it will be useful.

[Rimmel]

Open relays do exist in a form.

Take the NTL (Virgin Media) ISP in the UK. To use their email system to send emails all you have to is be logged onto their system. You do not need a password or account to send email.

So, simply get a hacked VM modem (not hard to find.. they actually sell them on ebay!!!) and proceed to send as many emails as you want through their servers.

Spoofing is just as easy, if you were on VM I could send you and email from yourself!!! the mail servers dont even check that its a valid account or if you even have an account (as no login is needed).

Picking mail up needs a account with a login though.

All ISPs should enforce using a password to send and recieve email, this simple step alone would stop a good percentage of spam.

[kuznetz]

Rimmel,

Wow, you are quite a quiet big brother )) respect, indeed.

Thank you. I fully agree with you - mailservers must enforce password for sending mail. Here in Russia many do not. I would say - most do not.

However, mailservers also should employ tarpitting and IP-Screening of their clients, to prevent spam. Because SMTP-password, good as it is, still is easily stolen by spam trojan sitting on client computer. And when port 25 is closed (if ever will), password-stealing trojans will grow in numbers fast. So, tarpit is the only definitive way.