People have asked us why we are distributing a security scanning tool like mrt that could potentially be used by spammers, and other parties with evil intent, to find and then exploit various improperly secured mail servers scattered around the Internet.

Our answer to this question is the same as the answer that the builders and maintainers of the SAINT security scanning tool would undoubtedly give if they were asked why they distribute this much more comprehensive network security scanning tool. As anyone who is well versed in computer security matters will tell you, security through obscurity is no security at all. In other words it is really very pointless to hope that evil people will not find and exploit security weaknesses just because you have made these weaknesses slightly more difficult to find. Anyone who is determined enough will find and exploit the weaknesses in the network anyway.

And in the case of unsecured mail servers that allow relaying of e-mail from anyone and to anyone, this is exactly what we have already seen happen. Long before mrt was ever released to the public, the Mail Abuse Prevention System, LLC (MAPS) had already built up a very sizable list of tens of thousands of unsecured mail servers all over the world that had already been found and exploited to relay unsolicited junk e-mail to people to didn't ask for it and who didn't want it.

Based upon this history, it is quite clear that anyone who still hopes that spammers can be prevented from finding and/or abusing unsecured mail servers hopes in vain. The genie is already out of the bottle, the cat is already out of the bag, and the toothpaste is already out of the tube. Spammers and other people lacking scruples have already been scanning the Internet for weak link mail servers for quite some time now, and with a great deal of success. Nobody can fully prevent them from doing this. All that can be done now is to try to help the many harried and overworked system and network administrators, all around the globe, who are trying hard to properly secure their servers and networks, but who lack adequate software tools to tell them where the remaining trouble spots are.

Mrt is a tool meant to help these people. It is available for free (click on the download button at the left) and with no license fees for non-commercial use. In some cases, permission for royalty-free use may also be granted to commercial organizations wanting to use the tool strictly to secure their own networks. (Please click on copyright for more information.)