I don't see that sort of probing on our MXs, except on rare occasions, and
we haven't seen it recently.
What sort of mail volume to you handle? 2000-4000 attempts isn't a lot
for large volume domain handling millions of messages per day.
You said it is more prevalent on hosts named mail or smtp---one would at
minumum need a list of domains to search. Where do you suppose they
obtained this list? Do you have a particularly well-known domain?
Who is doing this searching? Internal viruses? Perhaps your should
report it to the organizations doing the probing.
What sort of commercial companies are abusing your open relays? We
haven't found any commercial advertising in open relay abuse in the 9
years that we've run open relays.
People should and do use open relay when it is necessary: When you have to
provide email services to persons and organizations outside your address
space.
You also haven't shown that the abusers would be prevented from emailing
if open relays were closed. There are number of myths about open relays
that are debunked in http://www.av8.net/FTC.pdf which was submitted to the
FTC spamforum in 2003, after the FTC issued a press release against open
relays. The FTC didn't permit participation by open relay operators, and
an FTC lawyer supervising the forum even ridiculed John Gilmore.
However, the FTC did allow known spammer Scott Richter to attend. It was
later learned that MAPS employees were working for Richter. And the FTC
did use a blacklist called Osirusoft run by Joe Jared. Among other revenge
activity, Jared blacklisted his ex-girlfriend out of spite after the
relationship failed. In spite of this incident, the FTC continued to use
the blacklist until it shutdown later in 2003, blacklisting the entire
world, and disrupting the email of all the blacklist subscribers,
including the FTC.
Part of the fallacy embodied in the open relay myth and also in the email
authentication jihad is that:
Every user has relay services until they are no longer a user.
That includes viruses and spammers. So why should it be anti-spam "best
practice" not to use open relays? Open relays have nothing to do with
spam. They never have.
--Dean
On Thu, 16 Jun 2005, Tony Finch wrote:
On Wed, 15 Jun 2005, Dean Anderson wrote:
Had anyone bothered to ask, I would have reported that open relay abuse
has dropped off to nearly nothing since the open relay blacklists shutdown
in 2003.
MXs are routinely probed by relay attempts: we see about 2000-4000 such
attacks each day. A similar volume of relay attempts occurs for machines
named 'mail' or 'smtp'. More obscure mail hosts might see a more
manageable number of attacks, but I still think it is valid for this draft
to state that it is best practice that MTAs must not be configured for
open relaying.
Tony.
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf