Security threats Toolkit

Network administrators told to secure servers

Tags:
Proxy,
Federal Trade Commission,
Relay,
Spam

Declan McCullagh CNET News

Published: 30 Jan 2004 15:05 GMT

The US government is emailing advice to network administrators: secure your servers.

Starting on Thursday, the Federal Trade Commission and its counterparts in 26 other nations began sending email to tens of thousands of people believed to be responsible for open relays and open proxies that spammers use as broadcast points for massive amounts of junk mail.

This represents an escalation of the FTC's efforts to close open relays, which began last May with notices to operators of more than 1,000 servers.

The new campaign is more ambitious, FTC attorney Don Blumenthal said. "We're doing this on a much larger scale. The one last year was aimed more at open relays. This is much broader. It's open proxies and open relays."

An open relay is a mail server configured so that anyone can use it as a relay point for mail to any recipient. Until the late 1990s, this was normal behaviour for mail servers. But after spammers began to abuse open relays, they began to be viewed as a problem. Open proxies are similar -- they're often misconfigured Web servers -- and can permit spam to be sent anonymously.

The FTC's "Secure Your Server" warning, sent via email, cautions that unless the recipient takes action, "your network connections may become clogged with traffic; your administrative costs may increase; or your Internet Service Provider may shut down your Internet service."

Servers identified in the campaign were collected from existing anti-spam blacklists such as the Open Relay Database and the Open Proxy Database. The notifications will be sent to owners of the range of Internet addresses that the open proxies or relays inhabit -- and not, typically, to end users.

On Wednesday, Blumenthal posted an alert on the popular spam-l discussion list saying the information campaign was about to begin. Some people who responded worried that the FTC's unsolicited bulk email resembled spam. "Sounds like a spam run," one person said.

"I think there are a lot of different definitions of spam out there," Blumenthal said in an interview on Thursday. "Certainly [the Can-Spam Act] focuses on commercial mail. We feel very strongly these are educational pieces. They will hopefully eventually cut back on spam."

Other nations participating in the campaign include the United Kingdom, Canada, Australia, Singapore, Japan, Switzerland and South Korea.