Our open relay is used for legitimate customer use, as are many open
relays. So it is not in violation of the Savvis AUP, and we will not
"secure it". We police its use, and do not permit abuse. Like PBX's,
which also can be configured to "open relay", there is a wide body of toll
fraud law that indicates that abuse of unsecured resources is criminal.
Not to mention theft of newspapers and such from sidewalk newstands.

Open relay is necessary whenever one provides email services to roaming
or outsourced users where SMTP is shared across one or more providers or
the user will be using outside access. SMTP-auth is flawed and
unsupported by most mail agents.

Further, blocking "open relays" which belong to US ISP's such as ourselves
violates the 18 USC 2701(a)(2) which prohibits blocking authorized email.

And last, there is some "Net Rumor" that open relays somehow promote spam.
Quite the opposite. Properly configured spam filters are unaffected by
relay use--open or closed. A simple procmail script checks the headers in
email messages for spam sources if one is using RBL type filters. Vipul's
Razor and similar services are also unaffected by relay use. Spammers can
be using ISP's closed relays as well. Those who use things like ORBZ
actually permit more spam through their filter than necessary, since they
can't block spam sent through closed relays despite the fact that it may
be originating from a reported spam source.

Indeed, we have seeded bogus relays into services like ORBS and found that
they are the ones who solicit relay abuse.

--Dean

On Fri, 22 Mar 2002, Terranson, Alif wrote: