Open Relay Policy
Do I have to read mail from my ISP's server?What is Spam?What is an Open Mail Relay?A Little HistoryWhat is Open Relay Blocking?So what does this mean?Currently:The Change:Will you be affected?How should you reconfigure your mail client?Local SMTP server settingsWhat about the POP/IMAP servers at OSU?What about other open relays on campus?Where can I learn more?OIT's General Announcement on open relays
Frequently Asked Questions About Open Relays
Do I have to read mail from my ISP's server?
No - SMTP rules only affect sending mail - they don't affect where it
is received. To make this clearer, I'll use Eudora as an example; other mail user agents should have similar fields. If you look at the Eudora-->Options-->Getting Started screen, you'll see 3 distinct fields that supply information about mail sending and receiving: Return Address , Mail Server, and SMTP Server. Whatever you put in the Return Address field is inserted in mail messages as the "From" line. The contents of this field are completely independent of the SMTP server chosen. If you want recipients of your mail to send replies to your OSU account, It is perfectly OK to set that field to name.n@osu.edu or some other OSU identifier.
Similarly, the Mail Server field determines where you will read mail. Again, it is independent of the content of the SMTP Server field. It is perfectly legal, for example, to set it to pop.service.ohio-state.edu if you want to read mail on the OSU central server.
Finally, the contents of the SMTP Server field are the only thing that has to change for users of non-OSU services. For a Roadrunner customer, the SMTP Server field cannot contain smtp.service.ohio-state.edu - this would be an attempt to use an open relay. Instead, it should contain smtp-server.columbus.rr.com.
Here is the complete example that will direct replies to an osu address, will let the user read mail on the central server at OSU and will send mail from the Roadrunner SMTP server, thus avoiding open relay issues. Set Return Address to: user.2@osu.edu
Set Mail Server to:pop.service.ohio-state.edu
Set SMTP Server to:smtp-server.columbus.rr.com
Since the user is reading mail on the same central server both at home and at OSU, there is no need to send mail back and forth between a home account
and a work account .
Return To Top
What is Spam? Return To Top
What is an Open Mail Relay? Return To Top
A Little History Return To Top
What is Open Relay Blocking? Return To Top
So what does this mean? Return To Top
Currently: Return To Top
The Change: Return To Top
Will you be affected? Return To Top
How should you reconfigure your mail client? Return To Top
What about the POP/IMAP servers at OSU? Return To Top
What about other open relays on campus? Return To Top
Where can I learn more?
Spam is unsolicited e-mail sent to a large number of recipients - its US Postal Service eqivalent is bulk rate junk mail. Many e-mail users object to spam because they don't like receiving extra e-mail, or because they object to its contents. Administrators of e-mail servers don't like spam because of the extra load that it places on their systems.
Most spam originates from lists of e-mail addresses. It can be extremely difficult to remove oneself from unwanted email lists for several reasons. As in the junk mail world, people who send spam buy and sell lists of e-mail addresses - you might succeed in having your e-mail address removed from one list, only to have your e-mail address sold to several other companies. It can also be very difficult to find the originator of spam because the senders typically send their spam through open mail relays.
Open Mail Relays are e-mail servers that support SMTP (the Simple Mail Transport Protocol) and which allow Internet hosts to "bounce" mail through them to other Internet mail addresses. An e-mail server which does NOT permit open relaying is an SMTP server configured to only accept email in two cases:
- email destined for the domain the SMTP server supports
- email from the IP (Internet Protocol) address range that the SMTP server supports, regardless of the destination addresses.
As an example, consider a departmental SMTP server in the College of Extraterrestrial History. A well behaved server that is NOT an open relay would only accept mail (from any source) sent to members of that department, or would only accept mail originating from the IP address range associated with that department (for any destinations). In contrast, if the same server was configured as an open relay, anyone on the Internet could send mail via the server to anyone else on the Internet.
Spam producers take advantage of open relays to offload the delivery costs to unsuspecting third parties, and to make it harder for people to track the spam back to the source and eliminate it.
In the early days of the Internet, many SMTP servers were intentionally set up as open relays in order to facilitate relaying. This is because the early Internet served as an email gateway between dozens of "closed" email systems, such as UUCP, BITNET, FIDONET and others. After the Internet was opened more widely to commercial use, spam became an increasingly more common occurance, and people started to protect their SMTP servers from abuse as open relays.
In an attempt to reduce or eliminate spam received by their users e-mail system administrators are increasingly using Open Relay Blocking to filter e-mail arriving at their site. Several scanning or filtering approches can be taken; an increasingly common approach relies on outside organizations to detect open relay sites. There are several groups that actively scan the Internet for open mail relays. When an open relay is detected, it is added to a list of known open relays, and the open relay blocking organizations provide a simple interface that allows an SMTP server to determine whether incoming email is coming from a host on their list of open relays - if so, the email is dropped, usually with some sort of bounce message that describes why the mail was dropped. In a classic case of throwing the baby out with the bathwater, ALL e-mail from the"blacklisted" host is discarded, without regard to the content of the e-mail message. Currently, for example, the Xerox Corp. is discarding all mail from OSU, even mail pertinent to the Xerox-OSU business relationship.
A host is typically retained on the "block" list until the mail server administrator closes the open relay and requests that the blocking service rescan the host to check it.
In the old days, the UTS (now OIT) SMTP servers were set up as open relays to specifically make it easier for OSU users to deliver mail from their email client to their correspondants. Open Relay Blocking services were not in wide spread use, and did not cause much of a problem for us.
More recently an increasing number of sites on the Internet have started using one or more of the open relay blocking services to try to reduce their incoming spam. Since the OIT SMTP servers are set up as open relays, we frequently find one or more of them on the Open Relay Blocking lists. Mail sent through those servers to sites that subscribe to the blocking services will bounce with an error. The increasing number of sites using these blocking services is causing an increasing problem for user of the OIT SMTP servers.
As a result of this, OIT has found it necessary to change the configuration of the SMTP servers to disallow open relaying. This will keep them from being listed on the Open Mail Relay lists. The downside is that some users will need to change their email client configurations because they will no longer be able to use the OIT SMTP servers to deliver their email.
Currently anyone, anywhere on the Internet can set use the OIT SMTP servers (smtp.service.ohio-state.edu) as their SMTP gateway for their email client. This is especially convenient for OSU users who travel, and for those who connect to the Internet through service providers other than OSU (for example, through RoadRunner, IBM's dialup service, AOL and so on).
The OIT SMTP servers do require that the From: address for email that they handle end in @osu.edu, but this does not slow down the spammers - their programs can easily create a forged "from" address to satisfy that requirement (and the tools they use to detect Open Relays easily detect this requirement, by the way).
OIT will prevent the SMTP servers under its control from acting as open mail relays. This means that people using non-OSU service providers (e.g. computers that are not directly connected to the OSU network, or Resnet, Homenet, or the OSUWeb.net) will need to start using the SMTP server provided by their service provider.
If you connect through the OSU on-campus network, Resnet, or Homenet you will not be affected by this change. However, if you have reconfigured your mail client to use a specific mail server such as mail1.uts.ohio-state.edu or mail4, you should switch your client back to using smtp.service.ohio-state.edu. This is because smtp.service is a generic name that allows your mail client to use any of the smtp servers that we support, regardless of their specific names or addresses.
If you use a service provider other than OSU, you should check the configuration of your email client. If you list smtp.service.ohio-state.edu as your SMTP server you will be affected and you will need to use the SMTP server provided by your ISP (see below).
To learn how to check your mail client settings follow these links.
Eudora:
Microsoft Exchange:
Microsoft Internet Mail Setup:
Microsoft Outlook 98:
Netscape Messenger:
You should use the SMTP server(s) that your service provider supports. You should be able to find this through customer services for your particular service provider. You should still be able to use a from: address of the form someone@osu.edu.
Here are the proper SMTP server settings for some common service providers.
Access to the pop/imap mail servers at OSU are NOT affected by this change.
In general, other OSU open relay mail servers will not be affected by these changes. One exception is for any mail servers that pass all mail to smtp.service.ohio-state.edu as a "smart delivery host" (sometimes called a "relay host"). These hosts *must not* be configured as open relays, otherwise the spammers will find them and forward mail through them (and so, through smtp.service); and more importantly, the blocking sites scan for this configuration and will block us, which is what we are trying to avoid.
As a result, we will be instituting our own scanning for open relay mail servers on the University networks. Results will be reported to the appropriate Department Network Administrators (DNAs) as advisories. In the case of hosts that forward mail to smtp.service and which are open, we will work with the DNAs to close the open relays.
One of the best sites for learning about this is the Mail Abuse Prevention System (MAPS), at http://www.mail-abuse.org/.
For other references about e-mail spamming, see www.abuse.com under "spam".
