A mail server that is operating as an open relay allows connections to
its SMTP port that permit the delivery to user on another domain.

If system A is an open relay, system B can connect to its SMTP port
and ask it to deliver mail to domains C, D, E, etc.

The majority of SMTP systems are (these days) configured so that they
will only deliver e-mail to people within their domain. Open relays
permit the delivery of all e-mail directed at them including that for
other domains. They are perfect (therefore) for those in the business
of generating SPAM since they allow the spammer to neatly cover their
tracks and have someone else's system deal with the load impoised by
their bulk mailings.

This is why open relays are considered BAD.

On Thu, 9 Jun 2005 15:00:25 +1200
*gasp* you might even get idiots posting html email

Can you please stop mudering people, and I know its not what its called
but who cares right ?

Please be growing up now. Either that or get off the intarwebnet, its
obviously beyond your capabilities.

So if you don't like it then get off the list. Simple.

I also emphatically agree with with Mark's comment that issues like this
should be raised with Dan in the first instance. It's *his* list that
*he* provides at *his* own expense for *your* use. Please do him the
courtesy of communicating with him directly instead of launching
broadside attacks in a public forum.

You sound like an ungrateful, whining adolescent, please take such
behaviour elsewhere, it does not belong on a technical mailing list.

There are good and valid reasons to have the list set up the way it is. I am
a moderator of one of the major computer security mailing lists
(***@lists.sans.org with many thousand of subscribers ) and that is
the we we run that list. This debate periodically arises and so far has
always been concluded in favour of of keeping the list open, even though
it increases the work of the moderators considerably.

Anyway where is the fire? Where is all the tons of spam flooding in
through the adsl list? I'm a great fan of solving problems as they
arise and not restricting everything because of some low level risks
particularly when the cost of the 'fix' is far from trivial.

If spam becomes a problem on the list then I am sure Dan will do
something to deal with it. He may close the list (i.e. make it subscriber only) or he may choose to
deal with it in some other way, that is his call. For all you know Dan
may already have the worlds best spam filter running to protect you from
such nasty stuff.

Within the university where our list server has over 1000 lists we use a
variety of strategies to deal with spam. Some lists are closed others
are open and some are moderated, all mail is checked for spam and
discarded if it fails and yes a trickle of spam does get through to some
lists but this is judged acceptable price for the utility of keeping
those lists open.

There is no right answer and no "best practise".

Russell
--
Russell Fulton, Information Security Officer, The University of Auckland
New Zealand