Policy Regarding Open Mail Relays
Background
An open mail relay refers to a function of an e-mail server that makes it possible for traffic from a foreign system to be relayed to another foreign system. This capability can be enabled or disabled by the appropriate use of configuration options for the server. This capability is not, in and of itself, currently a violation of law or policy.
It does become an issue when a third party discovers that this capability is present and uses it to propagate spam or other forms of traffic that can be considered by the recipient as offensive.
Being identified as a "spam relay" site can result in being "blacklisted" by certain groups on the Internet. An increasing number of organizations are refusing to accept traffic from sites identified by these lists. This action can seriously hamper effective, legitimate communications.
Policy References
There are a number of university policies that limit the use of computers and network resources, including the Cornell Campus Code of Conduct, the Code of Academic Integrity, the Policy Regarding Abuse Of Computers and Network Systems, and the Responsible Use of Electronic Communications Policy. These policies give the university the right to place restrictions on activities that violate policies or codes. Specific relevant provisions include:
CORNELL UNIVERSITY POLICY REGARDING ABUSE OF COMPUTERS AND NETWORK SYSTEMS,
http://www.cit.cornell.edu/computer/responsible-use/abuse.html
"Members of the University community are expected to follow certain principles of behavior in making use of computers and network systems, in particular, to respect, and to observe policies and procedures governing:
- ...the finite capacity of computers or network systems by limiting use of computers and network systems so as not to interfere unreasonably with the activity of other users.
"Members of the University community also are expected to follow all other policies, rules, or procedures established to manage computers or network systems, including those established to control access to, or the use of, computer data, files, or other information.
"Those who cannot accept these standards of behavior will be denied use of Cornell computers or network systems. Violators may also be subject to penalties under University regulations and under state and federal laws."
CORNELL UNIVERSITY POLICY: RESPONSIBLE USE OF ELECTRONIC COMMUNICATIONS,
http://www.policy.cornell.edu/vol5_1.cfm
"Cornell University expects all members of its community to use electronic communications in a responsible manner. The university may restrict the use of its computers and network systems for electronic communications, in response to complaints presenting evidence of violations of other university policies or codes, or state or federal laws. Specifically, the university reserves the right to limit access to its networks through university-owned or other computers, and to remove or limit access to material posted on university-owned computers.
"The university seeks to enforce its policies regarding harassment and the safety of individuals; to protect the university against seriously damaging or legal consequences; to prevent the posting of proprietary software or the posting of electronic copies of literary works in disregard of copyright restrictions or contractual obligations; to safeguard the integrity of computers, networks, and data, either at Cornell or elsewhere; and to ensure that use of electronic communications complies with the provisions of the Campus Code of Conduct for maintaining public order or the educational environment. ….
"This policy is in accordance with university policies concerning harassment, use of computers and network systems generally, and related judicial codes. Any restrictive actions taken by the university will be in accordance with guidelines and procedures set forth in these policies, codes, or laws."
Other Relevant Policies:
Code of Academic Integrity,
http://www.cornell.edu/Academic/AIC.html
The code includes computer and network related concepts and examples of violations, such as: initiating or encouraging the promulgation of chain letters and other types of electronic broadcast messages, tapping phone lines or other network cables, subverting or obstructing a computer or network by introducing a worm or virus, supplying false or misleading information to access computer or network systems, improperly obtaining or using another's password to access computers or network systems, and unauthorized access to data, computers or networks.
Campus Code of Conduct,
http://www.policy.cornell.edu/CM_Images/Uploads/POL/campus_code_of_conduct.html
"II. VIOLATIONS
"It shall be a violation of these regulations:
"B. To refuse to comply with any lawful order of a clearly identifiable University official acting in the performance of his or her duties in the enforcement of these regulations."
Policy Practice
The policies that govern the usage of computer and network resources outline certain standards of behavior. They also clearly state that the university reserves the right to place limited restrictions on activities that violate policies or codes. A complaint concerning the activity of an open mail relay is evidence of configuration that results in a violation of the policies governing the use of these resources. This interpretation is based on the fact the propagation of spam frequently consumes considerable network resources, adds to the end user's burden in managing and responding effectively to legitimate e-mail, and, in the case of a "blacklisted" server, may seriously impede the ability of an organization to engage in legitimate communications with other institutions. The time and effort required to resolve a blacklist situation can impose a substantial burden on the university's support resources.
References:
- CIT procedures for responding to open mail relay complaints
- http://www.cit.cornell.edu/security/openmail.html
Authority
The Office of Information Technologies is the responsible office for these policies.
Contacts
IT Security Office, security@cornell.edu
IT Policy Office, it-policies@cornell.edu
Security Issues for Network and System Administrators > Open Mail Relays > Policy
January 15, 2001
Last updated: July 29, 2003
Links checked: June 04, 2007