Antispam campaigners, including New Zealander Alan Brown, are still fingering Xtra for operating or tolerating, among its users, open relays that have been sources of unsolicited commercial email.
But Xtra insists that where holes exist in its network, they are due to users setting up open-relay servers within their own systems, sometimes inadvertently, and that such holes are plugged as quickly as possible.
“For example, if a customer were to set up a mail server on their ADSL account, a process about as difficult as opening an application, that mail server may have been configured to relay mail by default,” says Xtra spokesman Matt Bostwick.
An open relay allows an issuer of spam to give the appearance that the spam message comes from an Xtra address, when it really emanates from a different source.
The mail relay default setting, Bostwick says, reflects a shortcoming in some operating systems.
“Once [an open relay] came to the attention of our mail and security teams, we would contact the customer and point out [the] issue with their server, and offer advice on how to correct the problem. If the customer refused to comply, they would be in breach of our terms and conditions and we would take appropriate action to protect the network and other customers, which may include termination of their account.”
Xtra staff work hard to plug these holes, Bostwick says. Brown, who previously ran an ISP in Manawatu, retorts that there is at least one Xtra user that has had an open relay for more than a month, though he did not name the user.
Brown says Bostwick’s explanation is only part of the story and that there are open servers in Xtra’s own email network. He referred Computerworld last week to internet newsgroups in the news.admin.net-abuse.* hierarchy, where users from all over the world post spam complaints. There are many referring to Xtra, chiefly to its mail servers, mta.rme[n].xtra.co.nz, where n is a number from 1 to 5.
Most complaints, however, refer to these servers as downstream channels for spam. Computerworld, in a scan of the group late last month, could find no cases implicating them as a first injection point of spam; rather the spam seems to be coming from upstream users of these mail servers, which tends to bear out Bostwick’s explanation.
Asked last week to cite specific cases where these servers have been used to start a spam message on its journey, Brown refused to do so.
“I am not helping Xtra in any way or form,” he emailed, “and as far as I’m concerned they can rot in everyone’s personal firewalls until hell assumes a temperature of 0 Kelvin.”
Computerworld found a message from last March, implicating another Xtra server, at the IP address 188.8.131.52, as the “first injection point” of a spam message.
This address is one of a pool allocated to dial-up users, Bostwick says, “so the unsolicited message came from a dial-up customer. It’s the kind of thing that our security team works on everyday and the kind of issue that every ISP has to deal with all the time.” He also points to the age of the message.
“Any incidences of unsolicited mail should be reported to our security team on firstname.lastname@example.org,” Bostwick says. This address is another Brown bugbear; he says messages to it from non-Xtra users get bounced or go unanswered.
A test message sent to the address by Computerworld from a ClearNet address last week did not bounce.
Brown suggests that Xtra’s moving its mail servers to the mta.rme addresses around November last year was an attempt to hide servers that funnel spam among user accounts.
Bostwick says the move had no sinister motives, it was simply part of an upgrade of Xtra’s email network.
Last year, Xtra and fellow ISP Actrix obtained a court injunction ordering removal of the addresses of previous Xtra email servers from the blocking list maintained by the Orbs anti-spam organisation, then run by Brown, and implemented by a number of ISPs.
The blockages were negatively affecting “a significant number of customers”, Bostwick says.