By far the most important thing that a service provider can do to reduce spam is to ensure that any mail servers in operation accept only outgoing mail from machines within their own domains. This prohibits SMTP relaying, denying spammers a necessary component of anonymity. By this definition, anyone operating an Internet connected MTA is a service provider. If you operate an Internet-connected MTA, ensure that SMTP relaying is not enabled. This is especially important since most MTA software still ships with SMTP relaying turned on by default.

With SMTP relaying disabled, your MTA can verify that attempts to send mail are coming from inside your own domain. It can do so by examining IP addresses in incoming packets and performing a reverse domain name service (DNS) lookup on them. Any connections from outside listed domains are refused service. You can verify this with any large ISP: telnet to port 25 on a mail server at a large ISP, and note the message that is shown when you try to send mail.

Some administrators feel that they need to use SMTP relaying to meet their business requirements. For example, suppose that a large company had many traveling salespeople who wished to send and receive email from the company mail server. The travelers may reasonably expect to be able to send mail via the company mail server, even though their ISP issues a new IP address each time they connect. The temptation to enable relaying in this situation is extreme. In reality, it is probably better to have each traveller use their ISP’s mail server for outgoing mail.

Nevertheless, shutting off SMTP relaying can engender argument and cause an administration overhead. It is not a problem-free policy. It is best that we leave you with this advice: whenever possible, turn it off! If you must have it on, evaluate that policy periodically to determine if you can turn it off or find a better solution.

We can first determine an ISP’s mail server with the network utility nslookup. We set the query type to mx in order to return mail exchanger information. We then provide a domain name and get a list of DNS records relating to mail service.

[lovelacel$ nslookup
Default Server:  morris.staff.plugged.com.au
Address:  192.168.20.1

> set type=mx
> thehub.com.au
Server:  morris.staff.plugged.com.au
Address:  192.168.20.1

thehub.com.au   preference = 100, mail exchanger = bix.thehub.com.au
thehub.com.au   preference = 10, mail exchanger = smople.thehub.com.au
thehub.com.au   nameserver = smople.thehub.com.au
thehub.com.au   nameserver = bix.thehub.com.au
bix.thehub.com.au       internet address = 203.143.240.9
smople.thehub.com.au    internet address = 203.143.240.10
> exit

Knowing the name of the mail server, we can attempt a connection:

[lovelace]$ telnet smople.thehub.com.au 25
Trying 203.143.240.10...
Connected to smople.thehub.com.au.
Escape character is '^]'.
220 smople.thehub.com.au ESMTP Sendmail 8.9.1/8.9.1; Sat,
 23 Jan 1999 14:27:49 +1000 (EST)
HELO lovelace
250 smople.thehub.com.au Hello in.plugged.net.au [203.20.51.50],
 pleased to meet you
MAIL FROM: [email protected]
250 [email protected]... Sender ok
RCPT TO: [email protected]
550 [email protected]... Relaying denied
QUIT
221 smople.thehub.com.au closing connection
Connection closed by foreign host.

This is a properly configured mail server; It not only determined the host from which we were connecting (in this case, a gateway firewall), but it also denied us the ability to send mail since we were not one of their customers. Any spammer that uses this mail server to send spam is an employee or customer of that ISP. That makes tracking them much easier.

Another MTA configuration option is to ensure that the incoming IP address matches the registered DNS domain name for that address. This can help to prevent spammers from circumventing the anti-relay checks.

Naturally, spammers will simply go elsewhere in order to find a willing relay. Nevertheless, the more MTA operators that stop relaying, the harder it gets, and the more technically savvy spammers have to become. Unfortunately, recent estimates by the Internet Mail Consortium have found that only about one third of the MTAs on the Internet today have properly disabled SMTP relaying.

Service providers may also authenticate senders before mail is allowed to be sent. Several software packages exist to perform this function, but it is not widely implemented.

MTA operators may also choose to block mail from the addresses of known spammers. The quintessential list of this type is the MAPS (the Mail Abuse Protection System) RBL (Realtime Blackhole List) at http://maps.vix.com/rbl. Users of the RBL simply do not receive mail from addresses on the list. This approach seemed to have promise, but has not worked out as well as some have hoped. This is due primarily to the fact that the RBL is based upon IP addresses, blocking the orginating mail server (often an Internet Service Provider). According to the RBL rules for inclusion, only those ISPs who operate an open mail relay will be blacklisted. Unfortunately, this includes both those supporting spam and those who are incapable or unwilling to restrict mail relaying via their servers. The RBL thus both reduces spam and generates much abuse from many of those banned.