Mach 4 Network Server-Side SPAM Filtering

October 30, 2006  (See also multiple addenda at the end. Scroll down.)

This pertains to email servers hosted by Mach 4 Network. Not applicable to clients hosting their own email on-site, with messages delivered (MX records) directly to Exchange Servers, or clients with hosting services from other providers.

Up until now, we allowing clear passage of in-bound email, and let clients perform filtering, at their control and discretion. Deteriorating SPAM conditions now warrants mandatory server-side filtering. Today, we activate 2 DNSBL subscriptions at our email server feli.bravotech.net:

• relays.ordb.org
• bl.spamcop.net

Both are considered extremely conservative (non-aggressive) lists maintained by highly regarded organizations, targeting only the most serious and confirmed offenders. False positives virtually non-existent, while false negative is fairly high.

Should you experience problem in receiving email, keep this in mind when troubleshooting. If the sender's smtp server (or their relay/proxy) is listed on any of those blacklists, their mail will be rejected by us at the time of transmission. They will receive a rejection notice from their own smtp server. Please be advised that they are responsible for perusing  delisting from those international blacklists.

As always, the most effective measures against SPAM is a holistic, multi-prong approach: Start with SPAM Prevention best practices, followed by mild server-side filtering, and finally, content-based (dictionary/Bayesian) filtering at the email client level, where threshold can be adjusted, and false positives can be reasonably managed.

Addendum: Change in DNSBL Subscription

January 3, 2006

As ordb.org is no longer actively maintaining their relays.ordb.org list, we deactivated its use, and in its place, added two (2) DNSBL from SPAMHAUS:

• sbl.spamhaus.org
• xbl.spamhaus.org

Addendum: Banning Servers from Policy-Based Netblocks

January 29, 2007

Effective immediately, we do not accept any email transmitted from netblocks (subnets) where the ISP has designated as not authorized to operate smtp servers―namely, all consumer-class access lines with dynamic addresses, and certain static address lines that are specifically marked as no-smtp.

Essentially, we're joining the ranks of providers assisting ISPs enforce their no-smtp policies. Locally, in Rochester, NY, Frontier and TimeWarner had been enforcing smtp bans since December and October 2003, respectively. Elsewhere, some ISPs have yet to implement port 25 ban. It's possible that some consumer-class access users are operating their own smtp servers on-site. In order for their email to reach us, they will now be required to utilize the smtp server from their ISP, or one of the hosting providers' which are professionally operated and monitored. Of course, senders from business-class access lines are not affected.

This represents a philosophical and policy change on our part. We took this stance after weighing the overwhelming benefits vs. the one-time, trivial and inevitable change over required on the part of those few senders.

The latest DNSBL added: pbl.spamhaus.org

This measure effectively protects against SPAM from almost all zombies* of the world!

*zombies (or bots) are (typically) consumer machines that are improperly setup and poorly  maintained. They're compromised, and under control of criminals. These bot armies are being rented to perform SPAMming, launch D-DOS attacks, commit click fraud, spread spyware, and other commercial exploits.

SEE ALSO: