E-Commerce Glossary
E-commerce and small business
terms explained.
Search
Search | Careers | Contact us
Home Small Business Electronic Commerce Frequently Asked Questions Services
A wealth of information
Lupra.com is a non-profit website that contains hundreds of articles about doing business online and many other business-related issues.
... thanks for visiting us, Brian Lupra!

Securing Your Server: Shut the Door on Spam

Your organization probably handles lots of Internet traffic every day — both to and from your clients and customers. The settings of your network servers may open your system to misuse.

If your mail server maintains an open door to the Internet, known as an "open relay," someone could access it and pass unsolicited commercial email (spam) through it. And if your proxy server is "open," a spammer could use it to connect to your mail server and send bulk email anonymously. Not only can these abuses overload your server, they also could damage your organization's reputation. That's because it will appear that your system sent the spam.

Now an international group of government agencies says a few quick, easy, and no- or low-cost steps can protect your computer systems from misuse.

How Email Works

To send or receive email, your computer must be connected to a mail server, a machine connected to the Internet that runs software allowing it to process email. When you send an email message from a secure server, software in one part of the mail server checks that you're listed as a user within your organization. If you are, it sends out your mail. When someone sends you an email, software in another part of the server confirms that you're an authorized user and then accepts and delivers the email to you.

But if the server is not secure, and some of its settings allow it to stay "open," it will forward email to addressees who are not listed as users in your organization. Often called open relays, insecure relays, or third-party relays, these open mail servers are configured to accept and deliver email on behalf of any user anywhere, including third parties with no relation to you or your organization. You don't benefit from allowing this email to slip through your server; no one in your organization is receiving it or sending it.

Open relays are a vestige of the early days of the Internet, when many mail servers were kept open to allow email to travel among different networks. Although they helped the Internet grow, they were abused by spammers, who have used them to disguise the origin of their messages.

The Current Problem — Open Proxies

Today, spammers are more likely to use an open proxy server to send their spam. A proxy is usually installed to be the only machine on your network that directly interacts with the Web, providing more efficient Web browsing for your users. But if your proxy is not configured properly — that is, if your server is open — it also may allow unauthorized Internet users to connect through it to other hosts on the Internet. For example, a spammer can use your open proxy to connect anonymously to another mail server. Then, any mail that the spammer sends appears to have come from your system. In addition, an improperly configured proxy server can allow other types of unauthorized — and potentially damaging — network connections, including instant messaging, computer attacks, or file transfers.

Consequences for Your Business

When spam appears to come from your system, your server can be flooded with complaints from frustrated recipients. That could overwhelm your system and cause your server to crash. Repairing it could be time-consuming and costly, both in financial terms and the potential loss of goodwill from those who think you've sent the spam. The bottom line: An open proxy or open relay is an open door to the theft of your computer services and the impression that you're sending unwanted junk email.

Securing Your Servers

To prevent these abuses, and the negative consequences for your business, check — and if necessary, secure — your servers. It usually takes just a couple of commands. To find out whether you have an open relay on your system, evaluate the mail transfer agent software (MTA) your company uses to manage its email.

To determine if your proxy server is vulnerable, consider these questions.

  • Does your proxy allow connections from untrusted networks such as the Internet?
  • Are you using the most current version of your proxy server software and hardware?
  • Have you applied the latest patches or upgrades available?
  • Are you using proper access controls for your server?
  • Is someone regularly checking for unauthorized uses of your proxy server?
  • Do you have and monitor an "abuse@[YourDomainName]" email account where people can report abuses of your proxy server?

 
Home  |  Small Business  |  Ecommerce  |  Glossary  |  Country Information  |  Network Marketing  |  Internet Security  |  Intellectual Property
Business Immigration  |  Equal Opportunity  |  Occupational Safety and Health  |  Marketing and Advertising  |  Industry Information
Copyright © 2004 All rights reserved.

Disclaimer: This website is not intended to provide professional advice or be a substitute for professional advice concerning specific questions or situations. It is our intent to provide general information for educational purposes only. If you have a specific question or situation, we strongly recommend that you seek advice from a properly qualified professional such as a lawyer or accountant. While we take reasonable care, mistakes can happen and we cannot guarantee the accuracy of information on this website. Furthermore, laws are constantly changing and information on this site may not be 100% up-to-date. Laws also differ from country to country and even from state to state. It is thus imperative that you do not rely in information presented on this site, but always check with a qualified professional.