The problem with email is that identity and authentication are an afterthought. Don't forget that (in theory) it is possible to get any email server to relay a message for you. Newer protocols do not have these kind of problems.
>Don't forget that (in theory) it is possible to get any email server to relay a message for you.
That would be an open relay. That is simply not something that mail servers do anymore. If one was to deliberately set up an open relay, one would find that their email server was blacklisted pretty much immediately.
I don't think so, I believe open relays are virtually extinct. People rarely run MTAs those days, and default configurations are quite protective. And if someone still manages to mess it up, they're gonna get famous with all the RBLs in days if not hours.
I self-host my mail for over 17 years. Most of the spam I'm observing those days comes from hacked/broken websites (sometimes it's probably some stolen SMTP credentials, sometimes sent from the server directly). Legit domain name, SPF and even DKIM present, looks totally legit in this regard - only stopped by RBLs and content filtering.
indeed, my ISP only recently closed their open relay for all customers
I remember back in the day having to change your SMTP settings whenever you travelled to whatever the ISP was where you were staying. then you could finally send email from your @homeisp.example email
Open relays were a thing in the early 90's. I remember a friend of mine relaying email through 20 different servers, bang-path style. Any open relays today would immediately be used for spam, so they just don't exist, at least not for very long.
> What was the original intent of open relays? Why allow emails without authentication?
Store and forward.
Do remember that email was THE great federated protocol.
The goal of a mail server was to get your email "at least one hop" closer to your destination. And that wasn't an easy task.
Servers came online and went offline. Users logged in and out. Connections came up and went down. IP wasn't the only transit. DNS? Oh, the hosts file? Even higher things--thing DECnet and Janet.
Email was barely functional most days. Your best bet if you weren't an Internet God and weren't able to write your own super complicated sendmail.cf was to know a sysadmin at a node who had an Internet God and ask him if you could forward emails that you couldn't handle to their server.
Email would be so amazing were it not for the spam problem. In the early days you’d just send a mail to your computer and your address was yourlogin@yourdomain and mail just ended up on your machine in a folder. Relays were like p2p networks. It was actually beautiful in its simplicity and in a perfect world with everyone being good actors could have been incredible.
And it was, back when any hint of "commercial use" could get your machine booted from the mail routes and usenet. After Cantor and Siegel, it was every spammer for himself.
Open relays were offered in the spirit of cooperation that was characteristic of the early internet.
Unfortunately, greedy people soon jumped in to take advantage of this generosity, resulting in a tragedy of the commons.
John Gilmore used to run an open relay, and I used to get spam from it. He was really stubborn about promoting the freedom of the spammers over the peace and quiet of the poor recipients. He eventually got shut down, still complaining.
