Servers to spam: drop dead - block unwanted bulk e-mail with Sendmail 8.8 for Unix, Ipswitch's IMail Server 4.0, Software.Com's Post.Office 3.1 - Product Information

Communications News, Sept, 1997 by John Junod

If you own and operate an SMTP mail server, chances are you have been a victim of "spam mail" at one time or another. Spam is the pejorative term used for unsolicited, unwanted e-mail broadcasts throughout the Internet, usually sent by unscrupulous marketers who are taking advantage of the Internet's extremely low costs of delivery.

This kind of unsolicited e-mail has become a real problem. Growing amounts of unsolicited mail are directed to users of your mail system, who then have to sort through the junk to get their work done.

Or, worse yet, your server has been "hijacked" by a bulk e-mailer's broadcast, which used it as an unsuspecting relay for thousands of messages. You may have found out only after you received hundreds of flames accusing you of sending the offending message!

In either case, unwanted mail uses up your system resources and wastes your people's time. But there are a few things you can do to cope with this threat, once you understand how bulk e-mail operates and how current technology can help you protect your communications systems from unauthorized use.

The standard protocol for Internet mail is the Simple Mail Transport Protocol (SMTP), which allows electronic mail to make its way across the network in "hops" by passing from one computer system to another, repeating this process until the mail arrives at its final destination.

This mail-relaying system was designed to allow messages to find the most efficient route to their destination and to redirect misrouted mail to its intended recipient. It is part of the original design of SMTP and was necessary in the early days of the Internet in order for e-mail to travel between various networks. But now mail usually is delivered directly from the sending host to the receiving host.

The inherent design of SMTP allows a host computer that needs to deliver hundreds or even thousands of messages to make a connection (or multiple connections) to some other SMTP server and ask that server to relay the messages on its behalf.

What was once a "good neighbor" practice that was shared by all members of the Internet community has became the object of abuse by more than a few unscrupulous senders of bulk e-mail. They use this system to monopolize other people's resources and even to hide their identity as a source of spam.

It is possible to block the receipt of electronic mail from known sources, since it is possible to deny access to a sending machine with a firewall or some other method. Once a bulk mailer's home mail server is known, all mail from that location can be refused by your mail server.

Individual users can filter their mail at the client level to stop mail from certain locations. Blocking e-mail traffic in this way can effectively stop all traffic from the publicly known sites that generate unwanted e-mail. But there is a way around these blocking techniques.

Senders of bulk e-mail, taking advantage of SMTP's open design, can deliver their mail through someone else's computer by asking the other computer to route that mail for them. Senders of unsolicited e-mail can also use this method to try to hide their real identity by manipulating the headers in the message, then sending the message through your system for delivery to its final destination -- making it appear as if the message originated from the relaying server.

If your server will no longer accept mail from a particular source, that same source can use any other SMTP server on the Internet as a relay; since the unsuspecting relay server is not a known generator of unwanted bulk e-mail, the messages get through the specific blocks and filters.

Technology built into certain SMTP mail servers solves this problem by allowing you to deny the relay of mail from any server other than the ones you have specifically approved.

This feature was first made available on SendMail 8.8 for Unix and is now available on two mail servers designed for Windows NT -- IMail Server 4.0 from Ipswitch and Post.Office 3.1 from Software.Com.

Other mail servers for Windows NT, including Lotus Notes and Microsoft Exchange, offer the ability to block e-mail from identified spammers, but do not yet allow the server to refuse unwanted relays.

A good mail server for either Unix or Windows NT should allow the mail administrator not only to block mail selectively from certain domains and IP addresses, but also to prevent the relay of e-mail from unauthorized domains.

IMail Server 4.0 and Post.Office 3.1, for example, allow you to block mail from certain sites and relay mail from only approved domains. In effect, only local users and specifically approved remote users -- such as remote offices and business partners -- have access to your server for sending mail to the rest of the Internet.

The technology for controlling the rising tide of unsolicited commercial e-mail and preventing the unauthorized use of Internet resources is still evolving. No one technical solution will completely stop unwanted e-mail from reaching your domain.