SMTP Servers and Open Relays

Do you like receiving unsolicited email, advertisements for porn pages or get rich schemes?  Me neither, but spam such as this is part of the modern Internet. However, we can fight back. We've made some changes at the ACCC that will make it harder for spammers to send notes through our machines. These changes won't filter out all your spam, but at least we'll be giving much less comfort to the enemy.

How Internet Mail Works

When you click Send, your email program checks its configuration for the address of your SMTP server, typically a big computer run by your ISP. Then your email program connects to the SMTP server, sends your email message to it, and disconnects.

The SMTP (Simple Mail Transport Protocol) server is the Internet mailman. It accepts your message and finds a way to deliver it. In rare cases it might deliver the message right away, but in most cases it stores the message on its disk, contacts another SMTP server, and forwards the message on to it. Eventually, the note winds up at the destination, where it is stored in your recipient's Inbox.

The SMTP server is only used to send email. When you read mail, you probably use a protocol like IMAP or POP. The SMTP server you use has nothing to do with the IMAP or POP server you use; they can, in fact, be miles apart, on different networks.

What Is an Open Relay?

Suppose you are in your campus office, and send a note to joe@caltech.edu. Your email program contacts an SMTP server at UIC, which sends the note. This is a fair use of the UIC SMTP servers, because your personal computer is part of the UIC campus network. Likewise, you could use your campus machine and a UIC SMTP server to send a message to your friend jane@harvard.edu.

Now, when your friend Joe wants to send you a note, he will probably use an SMTP server at CalTech. But he could also connect directly to a UIC SMTP server. His note to you would be handled by the UIC SMTP server as any incoming note, and sent to you on mailserv or tigger or perhaps some departmental machine. Again, this is a fair use of UIC SMTP servers because the note is destined for a mailbox on the UIC campus

But what about when Joe sends a note to Jane? What if Joe, at CalTech, makes a direct connection to a UIC SMTP server, with instructions to send the note to Jane, at Harvard? This is an open relay situation and is not a fair use of SMTP servers at UIC.

Why Do Spammers Like Open Relays?

Spammers like to send email, but they don't like to get caught or blocked. The more open relays a spammer can use, the harder he is to trace. The harder he is to trace, more anonymous he becomes, and the harder it is to stop him. 

How Did We Close Our Open Relays?

The best way to close an open relay is to check the sending machine and the intended recipient for each message before you process it. Here's what we do:

• If the sending machine is on-campus, let the mail go through.
  
  
• If the recipient is at UIC, let the mail go through, even if the sender is from outside.
  
  
• If the sending machine is off-campus, and if the recipient is not at UIC, then block the mail.

So if your sending machine is off-campus (see Do you do email on your personal computer?) and you use an ACCC SMTP server, your outgoing email to off-campus destinations will be blocked.

Need Help?

Closing open relays is an important step. Not only to deny spammers the opportunity of exploiting us, but to avoid the growing number of sites that reject all email that has gone through open relays, whether it is legitimate or not. If you have been affected by this change (see Do you do email on your personal computer?), please see our Web page or call the CSO if you still have problems. 

Comments are welcome; please send them
to Bob Goldstein, bobg@uic.edu