[ava@sub-rosa.com]

On Mon, 23 Sep 2002, Miron Mizrahi wrote:

> from what I could see (I get these bounces too) it looks like Andrei
> has a cern.ch address that forwards to his real address. this is
> called in internet mail lingo a "relay" - using a mail server to
> deliver emails to an account not owned by the server.

Um, not quite. This is simply an example of mail forwarding.
This has nothing to do with open relays.

To give a very loose analogy here,
email forwarding is pretty much like filling out an official
change of address card at the post office -- do this,
and any mail that they get for, say,  Jane Doe at
1600 Pennsylvania Avenue will automatically be passed along
to your new address at 123 Main Street. Open mail relays, on
the other hand, would be like finding an automated post office
with such lax security that you can get them to accept and
deliver large quantities of mail that hasn't been metered and
stamped -- you're abusing their facilities to deliver mail, even
though you are not a legitimate customer who's paid for that
service.

Mail forwarding is very common, and very legitimately used.
Basically, if you have a number of different email addresses,
you can tell one of your email providers that you want any
mail that comes to one of your addresses to be forwarded
automaticaly to another address. People will do this if they're
travelling, switching from one ISP to another and trying to
make sure they don't miss any mail, wanting to use special
addresses when signing up for mailing lists to keep their
main "private" address from being used publicly, and so forth.

Mail relaying is rather different, and involves the servers
that pass the mail around. When you set up your email program,
you had to tell it what outgoing mail server to use to actually
send the mail; if you're a user of Joe's ISP, you might have had
to put something like "smtp.joesisp.example.com" in that field
when setting up your mail. This server is the one that passes
your mail on out to the outside world. If it's properly secured,
it will only accept outgoing mail that's coming from customers
of Joe's ISP -- it may only accept connections from other IP
addresses within the Joe's ISP network, or it may require you
to authenticate with a username and password -- but one way or
another, if you are not a customer of Joe's, you will not be
able to use that server to send out mail. An open mail relay
is one that does *not* have access restricted in this fashion --
it has nothing to do with forwarding of mail from one email
address to another. If the server is not secure, ANYONE can
connect to it, and use it to send out mail to any place.
Spammers do this to try to avoid detection -- if they used their
own ISP's SMTP servers, their ISP might detect the spamrun in
progress and shut them down.

The issue with open relays isn't that they're "delivering
to addresses not owned by the server" -- outgoing mail servers,
by definition, send mail to the outside world; that's how
somebody using Joe's ISP can get mail to somebody using AOL,
for instance. Open relays are problems because they allow
folks who aren't legitimate users of some system to *send*
out mail. AOL may want to accept mail from users of Joe's ISP,
because they know that Joe's ISP doesn't allow its users to
send junk mail, and will shut down any accounts that are found
to spam. But if Joe's ISP is running an open relay, then that
means that spammers from the world at large can hijack Joe's
mail servers to send their junk -- and the admins at Joe's
can't shut down the spammers, because they aren't actually
customers. If they don't block the outside spammers from
sending mail through their servers, then AOL might end up
blocking mail from Joe's ISP, because the volume of spam
sent through their open relay is greater than the amount of
legitimate email traffic generated by real customers of Joe's ISP.

-- 
 Ava Callison                <ava@sub-rosa.com>                 Alexandria, VA
	       Sometimes the road leads through dark places
		   Sometimes the darkness is your friend
		   -- "Pacing the Cage", Bruce Cockburn