Feeds

Open relay spam is ‘dying out’

Controversial findings

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Open relay spam is dying out as a problem, according to a survey published today that is likely to raise eyebrows in the spam-fighting community.

Only one per cent of corporate UK mail servers tested by security testing firm NTA Monitor last year were poorly configured in a vulnerable way that allowed spam to be distributed by 'open relay'. In 1997, 91 per cent of servers tested by NTA Monitor were similarly vulnerable.

The firm tested only corporate - and not ISP - email servers.

Even so NTA's Monitor's findings fly in the face of conventional industry wisdom on the topic and are likely to prove controversial.

Open to abuse

Spammers traditionally used 'open relays' to distribute their spam. Open relays allowed spammers to off load the job of sending thousands of emails to a powerful server with high bandwidth. The practice slows down the processing of legitimate email and clogs up bandwidth, to say nothing of the potential damage to reputation that comes from even innocently sending out spam.

Years ago spammers were spoilt for choice for open relays, but now the window for exploitation of corporate mail servers has reduced dramatically, according to NTA Monitor.

So why has the tactic declined?

"The dramatic fall is due to manufacturers making it easier to turn off 'open relaying' functionality in their mail server products and disabling it in their default settings, in addition to understanding of the problem and its remedies from security staff," NTA Monitor states. ®

Beginner's guide to SSL certificates

More from The Register

next story
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
BT said to have pulled patent-infringing boxes from DSL network
Take your license demand and stick it in your ASSIA
Right to be forgotten should apply to Google.com too: EU
And hey - no need to tell the website you've de-listed. That'll make it easier ...
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.