Good Morning Mr. Anderson,

I have taken the liberty of answering this email with inline
commetary, just to keep the comments clear, lucid, and on-point: I hope this
is not to hard on the eyes.

> Our open relay is used for legitimate customer use, as are many open
> relays. So it is not in violation of the Savvis AUP, and we will not
> "secure it".

I am afraid that *any* open mail relay is against the Savvis AUP.
Commensurate with this Savvis policy, the open mail relay must either be
secured, or taken off the network. Failure to do this will result in
connectivity to this server being forcibly removed by Savvis, through the
imposition of null routes.

> We police its use, and do not permit abuse.

According to the logs you have appended, a great deal of illegitimate third
party email was successfully sent from your open relay, if this is
incorrect, please let me know.

> Like PBX's,
> which also can be configured to "open relay", there is a wide
> body of toll
> fraud law that indicates that abuse of unsecured resources is
> criminal.
> Not to mention theft of newspapers and such from sidewalk newstands.

Agreed. Totally. However, this is not a question of law enforcement, it is
a question of adhering to the Savvis Acceptable Use Policy, which is
strictly a ciovil matter, covered only by contract law. As a Savvis
customer, your site agreed to follow our AUP, in order to receive
connectivity services from Savvis.

> Open relay is necessary whenever one provides email services
> to roaming
> or outsourced users where SMTP is shared across one or more
> providers or
> the user will be using outside access.

Open relay is certainly the *easiest* way to support roaming users, however,
it is not the only way, and it is certainly not considered to be a Current
Best Practice. I fully understand how difficult it is to support roaming
users, but a wide-open mail relay is [unfortunately] not an acceptable
answer by itself.

> SMTP-auth is flawed and
> unsupported by most mail agents.

A technical point which I have no argument with.

> Further, blocking "open relays" which belong to US ISP's such
> as ourselves
> violates the 18 USC 2701(a)(2) which prohibits blocking
> authorized email.

Please be aware that, while I am not a lawyer, I believe you are
misinterpreting this subsection. 2701(a)(2) is specifically targeted at
unauthorized use, not by blockage under a valid and enforceable civil
contract. Either way, Savvis will competely block IP connectivity to any
open relay on any network under it's direct or indirect control, where the
owner of the open relay refuses to repair the issue him/herself.

> And last, there is some "Net Rumor" that open relays somehow
> promote spam.
>
> Quite the opposite. Properly configured spam filters are unaffected by
> relay use--open or closed. A simple procmail script checks
> the headers in
> email messages for spam sources if one is using RBL type
> filters. Vipul's
> Razor and similar services are also unaffected by relay use.
> Spammers can
> be using ISP's closed relays as well. Those who use things like ORBZ
> actually permit more spam through their filter than
> necessary, since they
> can't block spam sent through closed relays despite the fact
> that it may
> be originating from a reported spam source.
>
> Indeed, we have seeded bogus relays into services like ORBS
> and found that
> they are the ones who solicit relay abuse.

These are strictly political arguments which Savvis does not address,
regardless of the accuracy or inaccuracy of the underlying premises.

> --Dean

In short, I urge you to examine other technical solutions for your roaming
user issues [possibly an HTTP interface?].

Yours,
Alif Terranson
Savvis Communications
(314) 468-7602 Voice
(314) 208-2306 Pager (24x7)
(618) 558-5854 Cellular (24x7)

[...]