Are Email Vendors Losing the Open Relay Battle?

Share Article

Reports that spammers can use some spam filters as open relays have damaged the antispam industry's reputation. In response, the maker of trimMail Inbox is offering a 200% No Relay Guarantee to its customers. It has also built a website to help administrators keep specific email products from functioning as open relays.

dymeta will refund twice the purchase price to the first owner of a properly configured trimMail Inbox that relays an email message from a non-authorized external sender through the trimMail Inbox to a recipient in an unlisted external domain.

Many network managers have discovered that the email and antispam servers they purchased were not simply overhyped, they fail some of the most basic tests of email management. Case in point: open relaying.

An email open relay permits an unknown, outside sender to pass mail through the email server to unknown, outside recipients, usually without the consent of its manager. This gives professional spammers a ready delivery mechanism for dumping unsolicited commercial email (UCE) on undeserving end-users while avoiding detection. It's easy to see why spammers favor open relays. They can abuse other people's bandwidth and mail servers, without getting blocked, blacklisted or suffering negative publicity.

It's also easy to understand why organizations like the non-profit Open Relay Database (ORDB) exist. ORDB maintains a list at http://www.ordb.org of the IP-addresses of email servers that have been verified as open relays. Lists like ORDB's are known as reverse block lists. System administrators can set their mail servers to consult these lists before deciding whether to accept messages from individual senders. Many such lists exist.

As an adjunct to listing the IP addresses of open relays, ORDB has, along with the Mail Abuse Prevention System (MAPS), long counselled users concerning products that allow open relaying. Other excellent sources include Internet Security Systems' Xforce and SecurityFocus. In addition, various agencies of the US government back sites that help counter open relaying. The Federal Trade Commission promotes Spamlinks, while the Department of Homeland Security funds the Common Vulnerabilities and Exposures dictionary and the Department of Defense sponsors the Computer Emergency Readiness Team Knowledgebase at Carnegie Mellon University.

These sources reveal that many popular email servers have fairly spotty reputations, including Microsoft Exchange, IBM's Lotus Notes, Lotus Domino, Novell Groupwise and Sendmail. That's bad enough. But when products designed to protect email servers allow open relaying, it raises eyebrows.

A review of industry databases turns up just two antispam vendors that have had products labeled as open relays: Symantec and Barracuda Networks. Though reports claim that both companies have since repaired their products, the damage to the antispam industry lingers.

In response, antispam, antivirus and content filtering pioneer, dymeta, has introduced a "200% No Relay Guarantee for trimMail Inbox". The powerful guarantee is simply stated: "dymeta will refund twice the purchase price to the first owner of a properly configured trimMail Inbox that relays an email message from a non-authorized external sender through the trimMail Inbox to a recipient in an unlisted external domain."

"Blocking open relays is one of the prime directives of every email protector," says trimMail Inbox Product Manager Aaron Gillette, "We designed trimMail Inbox from the ground up to stop relays and block spammers."

Gillette says proof must be provided with source code so it can be replicated in dymeta's laboratory. "trimMail Inbox is rock solid. Any customer who can break our box deserves the reward."

dymeta's "200% No Relay Guarantee" is available to all trimMail Inbox owners using trimMail Up2Date Inbox Service. Along with the No Relay Guarantee, dymeta has assembled a searchable web page, http://www.trimmail.com/tools/openrelays/, that links to all the previously mentioned sites and others, to help administrators secure email servers, firewalls and gateways.

Earlier this month, dymeta added an innovative worldwide free trial program for trimMail Inbox appliances. The trimMail Inbox product line of antispam, antivirus and content filters combines unique email traffic management technology with the ability to grant management at the individual and domain levels. No per-domain or per-user licensing fees are required. trimMail Inbox appliances range in price from US$995 to US$9,000. They are available through networking specialists worldwide, or through the company's store.

In a world where feature-hype out-shouts quality, is it possible to stop open relaying 100% of the time? Absolutely. The makers of trimMail Inbox believe their product line proves it.

For additional information on the news that is the subject of this release, contact Randy Miller at 800-432-8638 or 563-355-1212, or visit http://www.trimmail.com.

About dymeta:

The dymeta Division of Comco, Inc. engineers state-of-the-art, highly configurable network appliances for business, government and OEM users, featuring trimMail Inbox. dymeta's parent company, Comco, Inc., has served the needs of IT professionals since 1986.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Brian Gillette
Visit website