Spammers run roughshod over e-mail servers

Spammers are free to funnel their wares through the Internet e-mail servers of unwitting corporations largely because many networks all but put out a welcome mat for them.

A test conducted recently by the Internet Mail Consortium (IMC) showed that 57% of Simple Mail Transfer Protocol-enabled servers could be easily used by outsiders for so-called relay spamming, according to IMC Director Paul Hoffman. Relay spamming occurs when an unauthorized person uses the SMTP server of an organization to send unsolicited bulk e-mail.

Such spamming saps network resources and administrator time, and also can create a public relations problem when irate spam recipients blame the company because its domain name appears in the header of a junk e-mail message.

Although relay spamming has been a widely publicized problem for almost a year, a random test of 500 addresses culled from IMC's own mailing lists showed that less than half had taken steps to stop unautho-rized SMTP relays, a result Hoffman called surprisingly low. That result also should be disappointing to those who envision employing relay blocking as a potentially decisive weapon in the war against spam, he added.

"I would say we have to close down 99% of [all SMTP] relays to make an effective spam solution," Hoffman said. "Therefore, I am incredibly skeptical that it will work [long-term].

Nevertheless, IMC continues to recommend limiting relay privileges to known network users whenever possible. A number of newer SMTP servers come equipped with easy-to-deploy relay controls, although safeguarding older servers can be harder, if not impossible, Hoffman said.

Not every network administrator, however, believes that the risks of spamming outweigh the benefits of SMTP relaying to legitimate users, such as those who need to send e-mail regularly from the road.

"In our university environment it is desirable to even allow unauthenticated local addresses to relay," said Craig Paul, a systems support software analyst at the University of Kansas. "Other departments here on campus that have disabled relay have found that some of their users are inconvenienced, and the users are forced to reconfigure."

Paul added that he has "locked out specific addresses when they either make us a target of a concerted spam or try to use us as a spam relay."

Even those who have attempted to cut off relay spammers at the server report less than perfect results.

"We have used [Microsoft Corp.'s] Exchange 5.5, which is supposed to eliminate the problem," said a network administrator at a 100-user California company.

Relay spamming dropped off dramatically, but "somehow there is still someone getting into our system sending out bogus messages," the network administrator said.

The administrator also has blocked a half-dozen small Internet service providers from accessing her company's e-mail server because of spam being generated from their domains.

"That's a cat-and-mouse game, because as soon as I block one it comes in from someplace else," she said. And blocking runs the risk of losing legitimate messages.

IMC intends to repeat its test periodically in order to track whether more organizations will turn to relay-blocking as a spam countermeasure.