Black Hole Lists

Written By: Richard Lowe

When you send an email across the internet, you must first log
into your ISP’s email system. Generally, you set the login
information (username and password) in some setup screen, then
quickly forget about it. However, behind the scenes your username
and password are used to log in each and every time you send email.

When the email system receives your message it opens a connection
to the recipient email system and delivers the message. This is
the way email normally works, at least on properly configured
email systems.

Unfortunately, many emails systems are not properly configured
(or have older, buggy software). These systems have become the
bane of the internet and are one of the primary reasons that spam
is so hard to fight.

These email servers are known as open relays. You see, email
systems also have the ability to send messages to one another.
This is known as relaying. In the good old days of the internet,
back when it was a small network of universities and military
installations, spam was not a significant issue. During those
innocent times, there was little security because there were not
many offenders. Thus, email systems did not protect themselves
very well.

What is there to protect against? Spammers use open relay systems
to hide their identity. What happens is simple. A spammer sends
messages using one of these open relay systems and bypasses the
normal security. The spammer is basically hijacking the email
server to do his dirty work for him.

You see, email messages are actually enclosed in an electronic
envelope which identifies where the message came from. So if a
spammer sends a message through his own ISP’s email server, then
it could be tracked back to him because he has an account on
that server.

However, if he hijacks an open relay, he can send all of the
messages that he wants without worrying about being tracked. The
email message identifies the open relay as the system where the
email came from; however, the spammer is not a legitimate user.
The open relay does not (unless it goes to great lengths) have a
clue where the messages came from.

A spammer must rub his hands together in glee when he finds one
of these systems. I can just imagine the evil laugh as the spammer
presses the return key to send literally hundreds of thousands or
even millions of messages through the open relay system.

This cannot happen on a properly configured, secured and patched
email server.

Open relays are a big problem, and to combat that problem a number
of services have appeared. These are called Blackhole Lists, and
what they do is simply list all of the open relays that they know
about. ISPs and others can subscribe to these lists and use them
to block email messages.

Here’s the process. A system is determined to be an open relay.
It is added to one or more Blackhole lists. ISPs that subscribe
to the lists will bounce (return to sender) any messages that
originate from the open relay email system. This means ALL users
from that email system are blocked. Every single one of them.

I know that seems cruel, but look at it this way. The open relay
is encouraging spammers and is an unwitting accomplice in their
operations. In fact, many of these open relays do not even know
they are causing a problem, and the first inkling that they get
is when their users complain that things are running slowly or
when problems occur with their servers.

The Blackhole lists are often run by individuals or small groups
who believe in the anti-spam cause. They are often unpaid
volunteers who simply want to help clean up the internet. They
are also extraordinarily successful and many ISPs use their

To give you an idea of how successful this approach has been,
there was a blackhole list called ORBZ. This was run by a young
man named Ian Gulliver, a 20-year-old systems administrator from
Ghent, New York. Ian is an extraordinary person and created one
of the most successful blackhole lists ever.

What ORBZ did is send messages to email systems to determine if
they were open relays. If it determined that the email system had
this problem it added it to it’s list. This was very successful
until the end of March, 2002.

At that time, ORBZ probed the email server of Battle Creek, MI.
Unfortunately, this system used the Lotus email system, which has
a known bug. The probe caused the email server to slow down
considerably, and it was interpreted by the city as a hacker

The poor ORBZ administrator found himself the subject of a
search warrant signed by a Michigan judge that authorized the
search and seizure of all data relating to ORBZ accounts.

Ian almost immediately shut down the ORBZ system (he reopened the
service a few days later with some major changes and a new name),
which led directly to a huge amount of spam suddenly being
received all over the internet. The closure of a single blackhole
list had dramatic and noticeable results.

The upside is that blackhole lists prevent a tremendous amount
of spam from getting sent throughout the internet. They are very
efficient and the concept is simple and straightforward.

On the downside, blackhole lists are not governed by anyone and
answer to no one. They add open relays (and other spam sources)
to their lists using their own rules, and usually assume the
suspected spammer is guilty until proven innocent.

They are, however, a necessary and vital piece in the war against

About the Author

Richard Lowe Jr. is the webmaster of Internet Tips And Secrets
at http://www.internet-tips.net – Visit our website any time to
read over 1,000 complete FREE articles about how to improve your
internet profits, enjoyment and knowledge.

Previous post:

Next post: