Inundated by junk mail, many companies, including AOL, have turned to blocklists such as MAPs, which research spam complaints and list the IP addresses of suspected spammers. Companies who subscribe to the blocklists then have the option of restricting access to those IP addresses. But such blocklists find their hands tied when it comes to discovering the origin of spam on open proxies. Proxy servers are servers that act as an intermediary between a PC user and the Internet. The server will receive a request from a user for a Web page and if it passes filtering requirements, the proxy server will either try to pull up a cached page -- for faster delivery -- or send out the request with one of its own IP addresses, cloaking the identity of the user. Open proxies allow someone to connect to a Web server on the Web port, such as Port 80, without filtering requirements. From there the person can connect to a random mail server to send email. The daisy chain leaves a relatively untraceable connection so spam-fighters have little recourse to block those mailers. Malicious hackers used to tap vulnerabilities in proxy servers to stage denial-of-service attacks or hacks into Internet Relay Chat (IRC), for example. But now spammers have caught on to their benefits of anonymity. "The problem with open proxies is that they are completely anonymous and spammers can chain multiple proxies together, so there's no hope of anyone ever tracing any spam back to them," said Linford, who warned of the open proxy problem last year on his Spamhaus site. Rogue mailers develop programs to scan the networks for vulnerable proxy servers. Many such servers are found on the PCs of regular consumers, who may have installed an operating system or software that includes a proxy server open by default. Blocklist executives say those people may be unaware that they are running the servers and if their ISP doesn't scan for vulnerabilities the problem can go unchecked. "You may think that you are just running a Web server and not realise you're running a Web proxy," Arbon said. She advised that PC users check their operating system and software to ensure that "your computer doesn't talk on any port it shouldn't." Linford said that for the last year many software developers, who create programs for spammers to send bulk email anonymously, have focused on creating "proxy spamware" for use with open proxies because of high demand. Spam "supermarkets" such as Data-miners.net specialise in scanning the Internet on the hunt for open proxies to sell instructions for using them to junk mailers everywhere, he said. Previously, spammers' chief mode of shuttling commercial mail was to steal resources from insecure mail servers overseas. Most US and European mail servers are configured to route only those messages addressed specifically to customers, as ISPs fear that security risks and other problems could result from relaying messages for any third party. So spammers have taken to using insecure servers in other parts of the world -- particularly in Asia. Companies such as AOL have worked to shore up problems with open relays and block those subscribers using vulnerable mail servers. Blocklist owners also said that updates in mail server software have helped to improve the problem. Still, they say, there's an uphill battle with this newest ploy. "The cause of (spam) is social; there will always be people who want something for nothing," Arbon said. "What it does is make it harder to stop when you have the anonymity of the actual sender."
For everything Internet-related, from the latest legal and policy-related news, to domain name updates, see ZDNet UK's Internet News Section.
Have your say instantly, and see what others have said. Go to the ZDNet news forum.
Let the editors know what you think in the Mailroom.
