Who's letting the spam in?
According to operators of spam-filtering lists, an alarming number of people are unwittingly helping junk mailers shuttle spam, or unsolicited bulk e-mail. Those unassuming victims are running software meant to allow multiple connections over a LAN (local area network) to the Internet through a single line, or what's known as proxy servers.
Many proxy servers are installed insecurely, and spammers have discovered tricks to tap into them to send junk mail with little trace--an occurrence relatively unseen a year ago, experts say.
The problem has grown so quickly that some blocklist owners estimate that between 30 percent and 80 percent of the spam attacks today are caused by open proxies.
"Anybody on the planet can use (open proxies) to connect to mail servers if only you know how to talk to them," said Margie Arbon, director of operations for MAPS RealTime Blackhole List, a spam-filtering service that identifies IP (Internet Protocol) addresses that are the sources of spam. "The amount of spam going through them is scary," Arbon said.
This is only the latest modus operandi for spammers on a relentless mission to hurl get-rich-quick schemes and salacious e-mail at people with little cost, despite measures by ISPs (Internet service providers) and e-mail subscribers to push back. But with every spam blockade or filter erected, junk mailers dig new trenches to deliver billions of commercial messages to people every year. So far, they are winning the war. Some filtering companies expect spam will soon comprise the majority of message traffic on the Web.
The newest exploit is quickly edging out spammers' standard tactic--stealing resources and bandwidth from insecure mail servers, or "open relays." Many such servers are set up overseas and are regularly tapped by spammers in the United States to funnel messages back into the country. While this practice is still widely in use, open relays are taking a backseat to open proxies, which are known to give junk mailers more anonymity.
Some owners of blocklists--which research spam complaints and list the IP addresses of suspected spammers—-blame software developers of the various proxy servers for leaving them open on installation by default. They also say that consumers need to be more aware of how the systems work to make their machines secure.
Still others hold ISPs responsible.
"The proxy problem could be mostly eliminated by Internet service providers simply scanning their own networks for open proxies," said Steve Linford, president of the blocklist The Spamhaus Project. "If ISPs were pro-active in securing their own networks from the well-known spammer exploits such as open relays and proxies, the spam problem wouldn't be what it is today."
Joe Jared, who runs the blocklist Relays.osirusoft.com and owns OsiruSoft Research & Engineering, said that just about every ISP, including America Online, has open proxies on their network. He held up Road Runner as an example of an ISP that regularly checks its customer base for the issue.
AOL spokesman Nicholas Graham said that the company is taking steps to address vulnerabilities on the systems of its customers.
"We recognize that open proxies are a new challenge in the industry when it comes to fighting spam, and AOL is committed to addressing it. We're taking an aggressive role in blocking the use of open proxies," Graham said.
Graham added that the issue is "most relevant to other online providers, not AOL."
The unseen enemy
Inundated by junk mail, many companies, including AOL, have turned to blocklists such as MAPs, which research spam complaints and list the IP addresses of suspected spammers. Companies who subscribe to the blocklists then have the option of restricting access to those IP addresses.
But such blocklists find their hands tied when it comes to discovering the origin of spam on open proxies.
Proxy servers are servers that act as an intermediary between a PC user and the Internet. The server will receive a request from a user for a Web page and if it passes filtering requirements, the proxy server will either try to pull up a cached page--for faster delivery--or send out the request with one of its own IP addresses, cloaking the identity of the user.
Open proxies allow someone to connect to a Web server on the Web port, such as Port 80, without filtering requirements. From there the person can connect to a random mail server to send e-mail. The daisy chain leaves a relatively untraceable connection so spam-fighters have little recourse to block those mailers.
Malicious hackers used to tap vulnerabilities in proxy servers to stage denial-of-service attacks or hacks into Internet Relay Chat (IRC), for example. But now spammers have caught on to their benefits of anonymity.
"The problem with open proxies, is that they are completely anonymous and spammers can chain multiple proxies together, so there's no hope of anyone ever tracing any spam back to them," said Linford, who warned of the open proxy problem last year on his Spamhaus site.
Rogue mailers develop programs to scan the networks for vulnerable proxy servers. Many such servers are found on the PCs of regular consumers, who may have installed an operating system or software that includes a proxy server open by default. Blocklist executives say those people may be unaware that they are running the servers and if their ISP doesn't scan for vulnerabilities the problem can go unchecked.
"You may think that you are just running a Web server and not realize you're running a Web proxy," Arbon said. She advised that PC users check their operating system and software to ensure that "your computer doesn't talk on any port it shouldn't."
Linford said that for the last year many software developers, who create programs for spammers to send bulk e-mail anonymously, have focused on creating "proxy spamware" for use with open proxies because of high demand. Spam "supermarkets" such as Data-miners.net specialize in scanning the Internet on the hunt for open proxies to sell instructions for using them to junk mailers everywhere, he said.
Previously, spammers' chief mode of shuttling commercial mail was to steal resources from insecure mail servers overseas. Most U.S. and European mail servers are configured to route only those messages addressed specifically to customers, as ISPs fear that security risks and other problems could result from relaying messages for any third party. So spammers have taken to using insecure servers in other parts of the world--particularly in Asia.
Companies such as AOL have worked to shore up problems with open relays and block those subscribers using vulnerable mail servers. Blocklist owners also said that updates in mail server software have helped to improve the problem. Still, they say, there's an uphill battle with this newest ploy.
"The cause of (spam) is social; there will always be people who want something for nothing," Arbon said. "What it does is make it harder to stop when you have the anonymity of the actual sender."