Don't Forget Hairy Palms | Main | Working It Out

May 16, 2003

Feds to Open Relays: Check Yourself...

Posted by Mike on May 16, 2003 2:38 PM

. . . before the rest of us strangle to death on spam. The FTC, SEC, Post Office, and several other countries have decided to do consciousness raising about open STMP relays.

IT anecdote:

When I was admining a database at a high school several years ago, the network admin for the place was in the process of setting up mail services for the faculty and staff. Teachers wanted to be able to read their mail at home, and he was hitting his head up against the wall of people not understanding the difference between a POP server and an SMTP server. His solution? Tell them to change the settings the ISP gave them when they set their Internet accounts up in the first place so they could just use the high school's SMTP server. The obvious problem he was then faced with was letting people from AOL, Earthlink, the local ISP's, and the rest of the world relay through his server. So he just made it an open relay and called it a day.

About two months later, he started getting warnings from ORBS and others telling him what he was doing was a Bad Idea. He waved one mail under my nose and wondered "Who the hell do these people think they are!?" I told him, but he didn't much care. Then mail started to bounce as the school was circulated through assorted blacklists, and teachers started grabbing anyone who had something to do with computers demanding to know what they'd done wrong when mail started coming back with the words "blacklist" and "contact your administrator" on prominent display. He listened after a week of that and closed the relay back down.

If the FTC et al want to try their hand at convincing newbie admins and reckless hobbyists that open relays are bad, I'm all for it. We've got SMTP auth and SSL . . . arguments that it's too much of a burden to lock relays down are specious, and nothing compared to the burden the rest of us deal with losing resources and our precious time to spammers.

One last spam note for this entry: SquirrelMail, which gets nicer and nicer, has a buzz-a-licious Bayesian Spam Filter plug-in that seems clever enough. It makes using SquirrelMail when I'm away from home a much more pleasant proposition.