Securing Your Server: Shut the Door on Spam [PDF]

Your organization probably handles lots of Internet traffic every day — both to and from your clients and customers. The settings of your network servers may open your system to misuse.

If your mail server maintains an open door to the Internet, known as an "open relay," someone could access it and pass unsolicited commercial email (spam) through it. And if your proxy server is "open," a spammer could use it to connect to your mail server and send bulk email anonymously. Not only can these abuses overload your server, they also could damage your organization's reputation. That's because it will appear that your system sent the spam.

Now an international group of government agencies says a few quick, easy, and no- or low-cost steps can protect your computer systems from misuse.

How Email Works

To send or receive email, your computer must be connected to a mail server, a machine connected to the Internet that runs software allowing it to process email. When you send an email message from a secure server, software in one part of the mail server checks that you're listed as a user within your organization. If you are, it sends out your mail. When someone sends you an email, software in another part of the server confirms that you're an authorized user and then accepts and delivers the email to you.

But if the server is not secure, and some of its settings allow it to stay "open," it will forward email to addressees who are not listed as users in your organization. Often called open relays, insecure relays, or third-party relays, these open mail servers are configured to accept and deliver email on behalf of any user anywhere, including third parties with no relation to you or your organization. You don't benefit from allowing this email to slip through your server; no one in your organization is receiving it or sending it.

Open relays are a vestige of the early days of the Internet, when many mail servers were kept open to allow email to travel among different networks. Although they helped the Internet grow, they were abused by spammers, who have used them to disguise the origin of their messages.

The Current Problem — Open Proxies

Today, spammers are more likely to use an open proxy server to send their spam. A proxy is usually installed to be the only machine on your network that directly interacts with the Web, providing more efficient Web browsing for your users. But if your proxy is not configured properly — that is, if your server is open — it also may allow unauthorized Internet users to connect through it to other hosts on the Internet. For example, a spammer can use your open proxy to connect anonymously to another mail server. Then, any mail that the spammer sends appears to have come from your system. In addition, an improperly configured proxy server can allow other types of unauthorized — and potentially damaging — network connections, including instant messaging, computer attacks, or file transfers.

Consequences for Your Business

When spam appears to come from your system, your server can be flooded with complaints from frustrated recipients. That could overwhelm your system and cause your server to crash. Repairing it could be time-consuming and costly, both in financial terms and the potential loss of goodwill from those who think you've sent the spam. The bottom line: An open proxy or open relay is an open door to the theft of your computer services and the impression that you're sending unwanted junk email.

Securing Your Servers

To prevent these abuses, and the negative consequences for your business, check — and if necessary, secure — your servers. It usually takes just a couple of commands. To find out whether you have an open relay on your system, evaluate the mail transfer agent software (MTA) your company uses to manage its email.

To determine if your proxy server is vulnerable, consider these questions.

  • Does your proxy allow connections from untrusted networks such as the Internet?
  • Are you using the most current version of your proxy server software and hardware?
  • Have you applied the latest patches or upgrades available?
  • Are you using proper access controls for your server?
  • Is someone regularly checking for unauthorized uses of your proxy server?
  • Do you have and monitor an "abuse@[YourDomainName]" email account where people can report abuses of your proxy server?

For More Information

For up-to-date links to information on securing your server, visit www.ftc.gov/secureyourserver. You also can find resources through your favorite Internet search engine by entering a phrase like "open relay" or "open proxy." Keep in mind that there's no "one-size-fits-all" way to secure your server. The solution is specific to the software and hardware that you use.

The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad. 

January 2004