Re: [exim] Thoughts on Open Relays

Top Page
Delete this message
Reply to this message
Author: Jim Roberts
Date:  
To: Marc Perkel, Exim users list
CC: 
New-Topics: [exim] Penalty Box
Subject: Re: [exim] Thoughts on Open Relays
----- Original Message -----
From: "Marc Perkel" <marc@???>
> So - the reason open relays are bad is because spammers can use then to
> send spam. But - if I have a really good spam filter that would block spam
> sent through open relays - then having an open relay wouldn't be a
> problem.
>
> My spam filter is good enough that I'm thinking about going open relay.
>
> --
> Marc Perkel - marc@???


Well, Marc, I kinda liked your "penalty box" idea, but I don't see any
reason at all to go "open relay." This is why we have "SMTP
Authentication," so that no one needs to go open relay in order to support
customers traveling outside their home network. And I can't imagine anyone
(without several billions of dollars to play with) having the resources to
provide free email relay services to the entire internet.

Also, since a big point of your "penalty box" is that it does not block the
first "bad" email, that implies your spam filtering leaks like a sieve.
Even if you have additional spam filtering in place, which achieves the holy
grail of 100% spam detection, with ZERO false positives**, you still don't
want to go open relay, because spam is not the only reason to keep your
relay closed. It's also to keep you from having to give away free resources
to the entire internet population. Your ISP is not likely to be happy with
you if you do this, since you will be trying to give away *their* resources
for free.

Furthermore, the difficulty in blocking the many "open relay" tests out
there, when you are, in fact, an open relay, may well be more difficult than
the spam filter "holy grail" already referred to. Failure to block every
single test will get you blacklisted very quickly, which is another way of
saying, "if you don't close your open relay, the community will do its best
to do so for you." That doesn't sound like fun at all. :(

So, I have to ask, why in the world would you *want* to go open relay? What
do you gain that you can't get in some other way? Not having to learn how
to do authentication? (Even I figured out how to do that, so it can't be
that hard! lol) Honest, it would be much easier than "hiding" the presence
of an open relay. And much more palatable to the community at large.

Regards,
Jim Roberts
Punster Productions, Inc.

** Hint: the "holy grail" is impossible to achieve for two reasons: (1) the
spammers change tactics over time, and (2) ask any 2 customers to precisely
define "spam" and you will get 3 different answers. ;) (For example, some
people actually read the ads in their morning newspaper, some just clip the
coupons, some grumble about how hard it is to find the "good stuff" buried
in all the ads, and some burn them.)