h2g2 The Hitchhiker's Guide to the Galaxy: Earth Edition

Something I've read about, but you didn't mention, so I'm not sure if I am telling it right is about mail routers.

I think I read it in New Scientist, on their SPAM article. It said one of the main problems with SPAM is that spammers get hold of the address of mail routers. These are servers that do nothing else, other than route email.

By sending a command to it, they can order it to sent 1000's of emails to a series of addresses, and the router just does it. It doesn't even care who is asking it to do this.

The article said that if these routers were made secure, with authentication required, spam would drop instantly.

Also a sat I heard was that currently SPAM = 40% of all emails sent, but it is rising.

If it keeps rising, sometime in July this year, it will exceed "regular" email.

Scary.

Sounds like you're talking about a mail relay, specifically an open relay. Back in the days before spam (yeah, remember those?... I don't) mail servers would pass along anything they couldn't deliver directly to the appropriate server (relaying), no matter who sent the message. Spam-conscious admins no longer allow this, passing mail to other servers only when it's generated internally or comes from a trusted domain, typically using DNS lookups or IP filters. A server which doesn't check is called an open relay, in that it is open to relaying mail from anywhere. This allows a spammer to use it to hop on, send a ton of messages, and hop off. Now combine this with a faked header (trivially accomplished, since mail servers are a bit credulous, doubly so for open servers) and you've got an email with no trace of who sent it except at the open relay... difficult to find buried in a ton of fake headers.

Closing open relays would mean a spammer would have to use his or her ISP's mail server, or the server of the domain he or she wished to spam. Either way you'd have a much easier time of getting the spammer's IP address. If you can nail that down, you can have the spammer's account shut down (unless their ISP is spam-friendly, naturally).

Yes, that's the bugger. I couldn't remember the correct term for it.

As I recall from the entry, most open relays are "open" for no good reason, adding authentication wouldn't affect service, it's just a cost/effort thing.

I actually used this article to report a spammer last night. I felt so proud....

YEAH, glad to here the fight continues