To fight spam, Tivoli has trained its in-house email system to reject up to 5% of all incoming messages, even though the company knows that some of those messages are legitimate business correspondence. Senders of the bounced email get a link to a Web page (www.tivoli.com/spam.html) that explains the policy.
Any resulting inconvenience is a reasonable price to pay for spam protection, says Steve Jones, manager of enterprise network services at Tivoli in Texas. While Jones is not alone in that assessment, the unusually aggressive tactic has sparked debate within the company and among anti-spam experts. "It doesn't make sense to throw away mail that you want unless the cost is so high it's worth the lost business," says Paul Hoffman, director of the Internet Mail Consortium (IMC). "I don't believe that is the case here."
At the heart of the matter is "open relay" spamming, the practice by which spammers exploit an element of simple mail transfer protocol (SMTP) to send junk email through the servers of unwitting companies and service providers. This can sap server processing capacity and also leave the false impression that the victimised server owner actually sent the offensive email, creating the potential for a public relations disaster.
The disagreement surrounds the question of how to treat email from ISP and corporate servers that remain open to relaying because their owners cannot or will not close them. About one third of all SMTP hosts remain open to relaying, according to a 1998 IMC survey. Anti-spam hardliners, such as Tivoli, are choosing to treat email from these open relays as inherently suspect. They are using a "blacklist" database called ORBS - open relay behaviour-modification system (www. orbs.org) - to either bounce or filter out for further inspection any email that arrives from open relays.
Alan Brown, who administers ORBS from his small ISP in New Zealand, relies on public submissions to identify open relays and lists about 100,000 SMTP hosts, a number that has more than doubled in the past six weeks, "thanks to a couple of huge, overlapping spam-trap submissions".
"I'm happy to put up with some legitimate mail being tossed out with spam, because it's the legitimate mail being lost and the users beating up on their network administrators that cause those servers to get fixed," says Brown, who defines "fixed" as closed.