Date: Fri, 21 Jun 2002 10:09:49 -0400
From: Steve Smith <sgs at aginc.net>
To: WSFA members <WSFAlist at keithlynch.net>
Subject: [WSFA] Re: spam, spam, and more spam
Reply-To: WSFA members <WSFAlist at keithlynch.net>

ronkean at juno.com wrote:

> So, how do spammers access the internet in a way which allows hundreds of
> thousands of messages per day to be broadcast?

The Holy Grail of spammers is called an "open relay".  E-mail is a
"store and forward" system, in that your e-mail is passed from system to
system until it gets where it's going.  Properly set up e-mail systems
will accept mail for forwarding only from specific domains. For example,
my ISP will relay e-mail only from its own customers.

An "open relay" will accept mail for forwarding from absolutely
anybody.  All a spammer has to do is find an "open relay" (easy to do)
and start dumping.  Since nobody should have their system set up as an
open relay, the sysadmin of an open relay is, by definition, clueless
and not likely to fix it.

I believe that South Korea set up every elementary school with a
connection to the Internet.  They used a common configuration for all
their mail servers.  As open relays.

Another item is the way e-mail is handled by the relay.  What it gets is
a message and a list of addresses.  It duplicates the message and sends
it to every address on the list.  So you only send a spam message once,
along with as many addresses as your relay will let you get away with
(thousands or, for a big system, millions).  There is also no necessary
connection between the address list and the message headers.  Once the
spam gets into the system, it's indistinguishable from any other e-mail.

Perhaps mail servers should do some cross checking, like making sure
that the e-mail is really coming from where the headers say it is.
Problems are 1) open relays are by definition misconfigured anyway, and
2) Big systems handle *a lot* of e-mail.  Even a small amount of extra
processing per message is a significant load.  There's all kinds of
things that *could* be done; unfortunately, it all depends on people
with broken systems fixing them.

--
Steve Smith                                           sgs at aginc.net
Agincourt Computing                            http://www.aginc.net
"Truth is stranger than fiction because fiction has to make sense."