When you send an email across the internet, you must first log into your ISP's
email system. Generally, you set the login information (username and password) in
some setup screen, then quickly forget about it. However, behind the scenes your
username and password are used to log in each and every time you send email.
When the email system receives your message it opens a connection to the recipient
email system and delivers the message. This is the way email normally works, at
least on properly configured email systems.
Unfortunately, many emails systems are not properly configured (or have older,
buggy software). These systems have become the bane of the internet and are one
of the primary reasons that spam is so hard to fight.
These email servers are known as open relays. You see, email systems also have
the ability to send messages to one another. This is known as relaying. In the good
old days of the internet, back when it was a small network of universities and military
installations, spam was not a significant issue. During those innocent times, there
was little security because there were not many offenders. Thus, email systems did
not protect themselves very well.
What is there to protect against? Spammers use open relay systems to hide their
identity. What happens is simple. A spammer sends messages using one of these open
relay systems and bypasses the normal security. The spammer is basically hijacking
the email server to do his dirty work for him.
You see, email messages are actually enclosed in an electronic envelope which
identifies where the message came from. So if a spammer sends a message through
his own ISP's email server, then it could be tracked back to him because he has
an account on that server.
However, if he hijacks an open relay, he can send all of the messages that he
wants without worrying about being tracked. The email message identifies the open
relay as the system where the email came from; however, the spammer is not a legitimate
user. The open relay does not (unless it goes to great lengths) have a clue where
the messages came from.
A spammer must rub his hands together in glee when he finds one of these systems.
I can just imagine the evil laugh as the spammer presses the return key to send
literally hundreds of thousands or even millions of messages through the open relay
system.
This cannot happen on a properly configured, secured and patched email server.
Open relays are a big problem, and to combat that problem a number of services
have appeared. These are called Blackhole Lists, and what they do is simply list
all of the open relays that they know about. ISPs and others can subscribe to these
lists and use them to block email messages.
Here's the process. A system is determined to be an open relay. It is added to
one or more Blackhole lists. ISPs that subscribe to the lists will bounce (return
to sender) any messages that originate from the open relay email system. This means
ALL users from that email system are blocked. Every single one of them.
I know that seems cruel, but look at it this way. The open relay is encouraging
spammers and is an unwitting accomplice in their operations. In fact, many of these
open relays do not even know they are causing a problem, and the first inkling that
they get is when their users complain that things are running slowly or when problems
occur with their servers.
The Blackhole lists are often run by individuals or small groups who believe
in the anti-spam cause. They are often unpaid volunteers who simply want to help
clean up the internet. They are also extraordinarily successful and many ISPs use
their services.
To give you an idea of how successful this approach has been, there was a blackhole
list called ORBZ. This was run by a young man named Ian Gulliver, a 20-year-old
systems administrator from Ghent, New York. Ian is an extraordinary person and created
one of the most successful blackhole lists ever.
What ORBZ did is send messages to email systems to determine if they were open
relays. If it determined that the email system had this problem it added it to it's
list. This was very successful until the end of March, 2002.
At that time, ORBZ probed the email server of Battle Creek, MI. Unfortunately,
this system used the Lotus email system, which has a known bug. The probe caused
the email server to slow down considerably, and it was interpreted by the city as
a hacker attack.
The poor ORBZ administrator found himself the subject of a search warrant signed
by a Michigan judge that authorized the search and seizure of all data relating
to ORBZ accounts.
Ian almost immediately shut down the ORBZ system (he reopened the service a few
days later with some major changes and a new name), which led directly to a huge
amount of spam suddenly being received all over the internet. The closure of a single
blackhole list had dramatic and noticeable results.
The upside is that blackhole lists prevent a tremendous amount of spam from getting
sent throughout the internet. They are very efficient and the concept is simple
and straightforward.
On the downside, blackhole lists are not governed by anyone and answer to no
one. They add open relays (and other spam sources) to their lists using their own
rules, and usually assume the suspected spammer is guilty until proven innocent.
They are, however, a necessary and vital piece in the war against spam.
