Sunday, March 18, 2007
Something Phishy About your Company's Email Server
Author: F. Aldo
The problem of leaky company email servers has been around since the last decade. Considering the length of time it has been around and the ton of information available on how to fix this problem, it boggles the mind that this very problem still exists today.
Just exactly what is this "leaky problem" in email servers? The common term for this problem is "open relay".
Back in the days when the monstrosity known today as "spamming" was yet unheard of, email servers did not have to filter outgoing email according to allowed networks or domains. In other words, email senders from outside of your company's network were allowed to relay through your email server. It was convenient for companies related to one another at that time to share a common email server because most internet access was via dial-up lines and the cost of a dedicated line was still very expensive. Every now and then, an unknown sender would gain relay access but most network administrators would just turn a blind eye even if this act spoke of bad netiquette. After all, the internet was still about sharing during those days.
Over time, the abusers came. The network administrators were slow in plugging the open relay because this kind of activity was yet unheard of and no patch would be available for the server software. The server software makers were just being alerted to this new form of network abuse. When the software makers were able to solve the open relay problem, the damage was too big to contain. The abusers have now discovered a new albeit unscrupulous means of getting their messages across. The cat and mouse chase was on.
A decade later, the chase is still on and it is quite apparent the mouse is running rings around the cat. Spammers are still using their trusty old open relay scanner which scours the net for leaky email servers. But these days, not only spammers are checking for leaks; they have been joined in the hunt by cyber criminals. While spammers send nothing more than annoying marketing pitches, the cyber criminals can actually clean out your bank accounts through the phishing email scams they send out.
If you are new to phishing, it is the method by which scammers send you an official looking email such as from your bank, credit card company or a website that you have done business with. They give you the story that they need you update your account or you risk cancellation. Then you should click a link on the email to take you to a website where you can update your personal information. The link is really a cleverly disguised web server that will gather the personal information that you input. Once the information is in the hands of the scammer, you know what they will do next.
Many phishing email scams' method of operation are taken from the spammers' handbook--utilizing open relays in unsuspecting email servers. Open relays are often the result of the administrator's inexperience, lack of knowledge, carelessness or outright laziness. Most modern unix/linux based email servers have anti-relaying mechanisms built in, and while we have no experience with Windows based email servers, we would like to think that competent Windows based server software makers should have incorporated this feature as well. There is no set formula for configuring an email server, each business has its own unique requirements and policies to follow. But the constant should be that once the requirements and policies are in place, anti-relaying should be turned on.
Email is probably the most widely used tool in the online world. That is basically the reason why spammers and scammers exploit it to the max--the payoffs could be huge. By making sure your company's email server is not an open relay, you are also disallowing the spammers and scammers from eating into your network bandwidth. But more importantly, you are saving many email users from unwanted junk and being victimized by cyber criminals. If you do not particularly care about doing it for others, do it for yourself because the next potential phishing victim might be you.
The problem of leaky company email servers has been around since the last decade. Considering the length of time it has been around and the ton of information available on how to fix this problem, it boggles the mind that this very problem still exists today.
Just exactly what is this "leaky problem" in email servers? The common term for this problem is "open relay".
Back in the days when the monstrosity known today as "spamming" was yet unheard of, email servers did not have to filter outgoing email according to allowed networks or domains. In other words, email senders from outside of your company's network were allowed to relay through your email server. It was convenient for companies related to one another at that time to share a common email server because most internet access was via dial-up lines and the cost of a dedicated line was still very expensive. Every now and then, an unknown sender would gain relay access but most network administrators would just turn a blind eye even if this act spoke of bad netiquette. After all, the internet was still about sharing during those days.
Over time, the abusers came. The network administrators were slow in plugging the open relay because this kind of activity was yet unheard of and no patch would be available for the server software. The server software makers were just being alerted to this new form of network abuse. When the software makers were able to solve the open relay problem, the damage was too big to contain. The abusers have now discovered a new albeit unscrupulous means of getting their messages across. The cat and mouse chase was on.
A decade later, the chase is still on and it is quite apparent the mouse is running rings around the cat. Spammers are still using their trusty old open relay scanner which scours the net for leaky email servers. But these days, not only spammers are checking for leaks; they have been joined in the hunt by cyber criminals. While spammers send nothing more than annoying marketing pitches, the cyber criminals can actually clean out your bank accounts through the phishing email scams they send out.
If you are new to phishing, it is the method by which scammers send you an official looking email such as from your bank, credit card company or a website that you have done business with. They give you the story that they need you update your account or you risk cancellation. Then you should click a link on the email to take you to a website where you can update your personal information. The link is really a cleverly disguised web server that will gather the personal information that you input. Once the information is in the hands of the scammer, you know what they will do next.
Many phishing email scams' method of operation are taken from the spammers' handbook--utilizing open relays in unsuspecting email servers. Open relays are often the result of the administrator's inexperience, lack of knowledge, carelessness or outright laziness. Most modern unix/linux based email servers have anti-relaying mechanisms built in, and while we have no experience with Windows based email servers, we would like to think that competent Windows based server software makers should have incorporated this feature as well. There is no set formula for configuring an email server, each business has its own unique requirements and policies to follow. But the constant should be that once the requirements and policies are in place, anti-relaying should be turned on.
Email is probably the most widely used tool in the online world. That is basically the reason why spammers and scammers exploit it to the max--the payoffs could be huge. By making sure your company's email server is not an open relay, you are also disallowing the spammers and scammers from eating into your network bandwidth. But more importantly, you are saving many email users from unwanted junk and being victimized by cyber criminals. If you do not particularly care about doing it for others, do it for yourself because the next potential phishing victim might be you.
About the Author:
Learn more about phishing email scams and other threats to your computer. Visit www.emailantivirus.info today.
