Jump to content

Open relays


kuznetz
 Share

Recommended Posts

Some people who oppose closing port 25 to prevent outgoing spam at provider's gateway,

say that this is of little help because spam goes mainly through open relays, not through spam trojans at user computers.

What do you think of that?

I believe open SMTP relays at mailhosts are virtually non-existent now, except for misconfiguraiton incidents (which cannot be a noticeable percentage of all).

I wonder how can I prove my point to those people. Or might I be wrong?

Link to comment
Share on other sites

...*shrug* Do these people leave the doors to their homes unlocked at night when they go to bed? It's arguably not worthwhile because most people who die at home are killed during the day by accidents or people they know, not people who enter while they are sleeping. Me, I'd rather be safe, considering it's of only very minor inconvenience to lock my doors.

...Seems to me there's at least enough anecdotal evidence of the growth and prevalence of trojans to justify closing port 25 except to legitimate outgoing e-mail but I don't know how one might "prove" it.

Link to comment
Share on other sites

Thank you.

I think I'll go this way: I take any relatively large network and check it at SenderBase. Then I check first (or random), say, 20 listed hosts for open relay. They will all prove not to be.

Then, anyone who doughts will be welcome to check any number of hosts there, to find an open relay himself. I'm sure no one ever will.

Link to comment
Share on other sites

ISPs could probably cut spam rates in half on their networks if they just gave end users out a CD with a copy of AVG Anti-Virus Free and a few other freeware security tools (granted that the user installed this). If you look at AOL and their inclusion of more secure software for their users and the amount of spam coming from them is practically non-existent.

Link to comment
Share on other sites

Some people who oppose closing port 25 to prevent outgoing spam at provider's gateway,

say that this is of little help because spam goes mainly through open relays, not through spam trojans at user computers.

What do you think of that?

I don't have any hard figures on this, but it is my impression that the number of open-relay spams I get in my inbox these days is virtually nil.

On my website (http://www.rickconner.net/spamweb/tricks.html#open-proxy), I have posted a simple little factoid from back in 2004; it seems that a a Comcast spokesman asserted at the time that his network was sending 800 million messages per day, of which only about 125 million were passing through Comcast outgoing mail hosts. The rest were direct-to-MX and presumably spam.

In defense of Comcast, I get very little spam from them anymore, so perhaps they have managed to stem the tide. Nevertheless, you can well imagine similar numbers from many other providers who aren't so diligent.

-- rick

Link to comment
Share on other sites

Open relays do exist in a form.

Take the NTL (Virgin Media) ISP in the UK. To use their email system to send emails all you have to is be logged onto their system. You do not need a password or account to send email.

So, simply get a hacked VM modem (not hard to find.. they actually sell them on ebay!!!) and proceed to send as many emails as you want through their servers.

Spoofing is just as easy, if you were on VM I could send you and email from yourself!!! the mail servers dont even check that its a valid account or if you even have an account (as no login is needed).

Picking mail up needs a account with a login though.

All ISPs should enforce using a password to send and recieve email, this simple step alone would stop a good percentage of spam.

Edited by Rimmel
Link to comment
Share on other sites

Rimmel,

Wow, you are quite a quiet big brother :))) respect, indeed.

Thank you. I fully agree with you - mailservers must enforce password for sending mail. Here in Russia many do not. I would say - most do not.

However, mailservers also should employ tarpitting and IP-Screening of their clients, to prevent spam. Because SMTP-password, good as it is, still is easily stolen by spam trojan sitting on client computer. And when port 25 is closed (if ever will), password-stealing trojans will grow in numbers fast. So, tarpit is the only definitive way.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...