Mail Relays

Email relies on mail servers 'relaying' mail: receiving it from one source and sending it on to another. A typical email might be written by a user on their PC. The email will then be sent from their PC to their ISP's outgoing SMTP server. This server will lookup which server is supposed to receive mail for the specified recipient (or recipients) and send the email on to it.

A drawback of this system is that it masks the real sender of the email. When the email ends up in the recipients mailbox the only information that can be trusted not to have been forged is the IP address of the last mail server it passed through. In the example above this means if you send an email via your ISPs outgoing SMTP server all the recipient can be sure of is that it came via your ISP's mailserver - not who it was that actually sent the email. Normally this isn't a problem .. if (for example) they need to complain about the email they can contact your ISP, and your ISP can check which of their customers sent the email to their mailserver and take appropriate action to prevent the problem recurring.

The problem comes if an ISP runs a mailserver that relays email for people who aren't their customers ... it becomes almost impossible to reliably track down who is actually responsible for sending the email, let alone find anyone with the authority to take action to prevent them causing further problems. The same is equally true if any company or individual runs a mailserver that will relay email for people they can't find or hold responsible for any problems they cause.

An open relay is a mailserver which will accept email from anyone on the internet (or can be easily tricked into doing so) and forward it on to where-ever they want. Spammers can send their spam via such open relays, and often do so for several reasons.

• By sending their spam via the open relay they help make themselves much harder to track down and hold accountable for their actions.
• They can can send one email to the open relay, but specify dozens of recipients. This means they get to send lots of spam while using hardly any of their own bandwidth.
• It becomes much harder to block email from the spammer. If they were sending email out through their own mailserver it would be easy to block all their email by simply rejecting all email from their mailserver. If they use open relays then the only effective way you can block their email is to reject email from every single open relay that they could possibly use (and there are currently hundreds of thousands of open relays on the internet).

Unfortunately, despite the problems they cause, open relays still exist. Some open relays are run by ignorant adminstrators who don't realize the problems it might cause until it's too late, or by administrators who don't even realize that their mailservers are open relays either because they haven't checked thoroughly or made a genuine mistake. Sometimes the owner of the computer might not even realise they had installed a mailserver on it. Finally there are people who believe their business needs outweigh the problems they may cause the rest of the internet, or hope that no-one will notice that their mailserver is an open relay. This is particually naive since most server on the internet receive daily connections from spammers checking to see if they are open mail relays (or open proxies) that can be abused.

As a way to help combat the problems they cause there are various lists of known open relays published. These allows mailserver administrators to reject email from open relays, or tag it to help spam filtering software identify it as possible spam.

There are many reasons why it may be undesirable for many internet users to connect from their work stations directly to servers on the internet. We're not just talking about connecting to mail servers here, but web servers, file servers, etc. Many companies install 'proxy' servers: users connect to this proxy and the proxy connects to servers on the internet on their behalf. This allows to the company to more easily monitor connections and filter out unwanted or damaging content, and can help with the installation of secure firewalls. A web cache is a specific type of proxy that is designed to deal with a specific type of connection. There are general purpose proxies (such as SOCKS) which can be used for any type of connection.

Most proxies are setup to only accept connections from computers on a LAN, or other restricted set of computers or users. There are, however, some proxies that accept connections from anyone on the internet. These 'open proxies' can be abused by spammers in much they same way as they abuse open mail relays, by sending their spam via a proxy server they can increase their anonymity. Many open proxies are actually better at hiding the identity of the spammer than open mail relays are.

As well as abusing general purpose proxies to send spam it is also often possible for spammers to trick other types of proxy (imparticular web proxies) into sending email via an SMTP server. On top of this some CGI scripts run on various websites can be tricked into sending spam (formmail.pl is the classic example of this). Since all of these systems protect spammers, by allowing them to send their spam anonymously, they are all frowned upon in the anti-spam community and - like open mail relays - there are lists available to make it possible to reject or tag email that has been sent via them.