Public SMTP Server No Authentication – Using an SMTP Cloaking Service to Protect Your Mail Server

The Simple Mail Transport Protocol (SMTP) is the underlying technology that acts as the bedrock for e-mail delivery. In simple terms it is the language that mail servers use to communicate with each other and to move e-mail messages around the Internet.

According to Wikipedia, 78% of all e-mail messages sent are spam. As a consequence, mail servers need to constantly evolve in order to try and stay ahead of the game.

If you operate your own mail server, there are a number of potential risks you may face:

  • Excessive e-mail message delivery attempts by spammers or other illegitimate users could consume considerable bandwidth and processing power on your mail server.
  • Any security issues with your mail server software (such as buffer overflows or injection vulnerabilities) could compromise the integrity of your entire mail system.
  • If your server is hosted on a cable or DSL broadband connection, there is a chance that your ISP may block port 25 (the SMTP port) in an attempt to prevent spammers from using its network. This would render your server useless as you would no longer be able to receive mail.

An SMTP cloaking service works by placing one or more public-facing SMTP servers in front of your own mail server. The public servers receive all mail destined for your domain, perform any necessary anti-spam and anti-virus checks, and only pass the mail to your own mail server if the message appears to be good.

This arrangement offers some considerable advantages:

  • The outside world has no direct access to your mail server – they don’t even know what kind of mail server software you are running.
  • Your bandwidth is reduced, as only those messages that have passed the tests defined by the public servers will be delivered to your own server.
  • You can run your mail server on a port other than 25 – perfect if your ISP is one of those that blocks connections to port 25.
  • A good SMTP cloaking service will provide multiple public SMTP servers, giving you extra redundancy in the event that one of their servers is down.
  • If your own server is down for any reason, mail will be held by the public SMTP servers and automatically delivered to your own server when it comes back up – effectively providing you with a mail backup system and ensuring you never lose any e-mails as a result of issues with your own mail server.

There is one potentially significant drawback to using an SMTP cloaking service:

If the cloaking service does not have a list of all valid users at your domain, it will need to forward every single mail it receives to your server – regardless of whether the recipient exists or not. Some SMTP cloaking services will let you supply a valid list of mailboxes at your domain – this is certainly a worthwhile exercise as it allows the public servers to reject any mail sent to non-existent recipients. You will however need to think about how you will update this list every time you add a new user to your mail server – this is probably best discussed with your SMTP cloaking service provider, as the procedure will be different for each supplier.

Choosing an SMTP Cloaking Service Provider

  • You should expect to pay between £40-£60 ($55-$85 USD) per year per domain, depending on the features and support provided. Some companies may charge more for premium levels of support or additional features.
  • Watch out for limits on the quantity of e-mail traffic and whether any additional charges will be incurred for excessive mail volumes or bandwidth utilisation.
  • Does the service allow you to specify a list of valid mailboxes on your domain? And if so, how often can it be updated?
  • Does the service include any anti-spam or anti-virus measures? While anti-spam solutions can help reduce spam, those which are too sensitive could unknowingly be rejecting legitimate emails.

If you have any questions that aren’t covered in this article, my best advice is to contact a number of different SMTP cloaking service suppliers to discuss your own specific requirements. Everyone’s needs are different, and the potential benefits you could gain by having an SMTP cloaking service will depend on your own individual circumstances.

Leave a Reply

Your email address will not be published. Required fields are marked *