An open relay or open mail relay is an unsecured Simple Mail Transfer Protocol (SMTP) server that permits anyone to send messages anonymously. When you have an open relay SMTP server, outsiders can send emails to anyone through it. The outsiders in this case could be anyone on the Internet, including spammers, phishers, and other threat actors.
The mail recipients won’t know who the email is from, so threat actors are accorded anonymity. But their mail servers would know that the message was sent through your mail server and can get it blocklisted as a result. Some blocklists even automatically block open relay servers to protect email users from spam.
Read More about a “Open Relay”
In the early days of the Internet, open relay was the default setting in most mail servers. Keep in mind that the Internet was built on trust, but times have changed, as abuses and attacks became common. An open relay is now considered a misconfiguration that should be corrected immediately to avoid getting blocklisted.
How Does Open Mail Relay Work?
SMTP relay servers are an essential part of the email-sending process. They act as links between senders and recipients, as they forward emails from one mail server to another. The ideal and safest configuration is to have a closed mail relay server, which means that the server would only forward emails sent to the internal network.
Take, for example, Company A that uses a closed SMTP relay server. The company’s server would only route emails sent to employees within the company network. No outsiders can send messages through Company A’s mail server to anyone outside the network.
So if a client sends an email to accounting@companya[.]com, the mail server can route it. But this won’t be allowed if someone else, like a spammer, attempts to send an email to johndoe@gmail[.]com through the company’s mail server.
But what happens if Company A has an open relay server? The company’s mail server would also route messages generated from outside its network. It would forward the spammer’s email to johndoe@gmail[.]com even though that email address is outside Company A’s network.
What Are the Risks of Using Open Relay?
We illustrated how an open relay allows spammers and other threat actors to use a company’s mail server to accomplish their malicious activities. But how dangerous is this for the company? We cite a few negative consequences of using an open relay below.
- Your email marketing may go down the drain: When spammers use your mail servers, email service providers (ESPs), Internet service providers (ISPs), and mail blocklists can tag you as the spammer. They may block you, resulting in hard bounces and more adverse effects on your email marketing efforts.
- Your reputation may suffer: Open relay abuse can be considered a form of cyber attack, which can result in the loss of customer trust.
- You may incur financial losses: Open relay can ultimately affect your bottom line since it could impact your marketing return on investment (RoI). Aside from that, it could also result in income loss, as customers may avoid doing business with a company that suffered from a cyber attack.
How to Close an Open Relay?
Given that open relays are prone to abuse and can negatively damage an organization’s email reputation, it’s crucial to ensure that they are closed. You need the help of an email administrator or ESP to do this. Ask them to make sure that your email server is configured so it can only route emails to and from authorized domain names and IP addresses.
Some of the ideal routing allowed to avoid open relay are:
- Email messages from IP addresses within the network to any mailbox: Users connected to the network should be able to send emails to co-workers within the same network. They should also be able to email customers or partners who are outside the network.
- Email messages from IP addresses outside the network to local mailboxes only: Network users should still be able to receive emails from nonlocal IP addresses. Otherwise, they won’t be able to communicate with suppliers, clients, and other stakeholders who are not connected to the network.
While you may not be an email administrator, learning about open relay can help you protect your email communications.