Spam Stopping Techniques (Anti-Spam)

MailXServer implements a host of spam blocking techniques. The use of the different techniques can be customized to suite every company's individual needs. Most of the methods will reject invalid Email after receiving only the Email headers, thus saving a huge amount of internet bandwidth.


Some of the techniques include:

- RBL (Real-Time Block List)
Real-time Black Lists (RBL) is a very effective way to manage spam. Problem sites are added to different RBL sites almost instantly when spam becomes a problem, and are removed quickly once the problem is dealt with (depending on the specific RBL).

Some RBL sites will only list open relay servers, while others are listing known spam sending servers. Different RBL databases over the world have different policies on adding or removing a site from their RBL lists.

MailXServer allows the operator to specify a score for every enabled RBL. The mail will only be dropped if the sum of the enabled lists is higher than the predefined total allowed score.


- Greylisting

Greylisting is a very powerful method to combat spam. Due to the huge number of Emails that spammers need to send, they normally do not follow Email protocol to resend any Email after receiving a temporary failure from the receiving host.

If greylisting is activated all Email from unknown hosts will be temporarily failed for a predefined time (blacklist time). Hosts following Email RFC's will resend the Email message at regular intervals. When the same Email message is received after the blacklist time expired it will be allowed and the sending server will be whitelisted for a custom number of days. Email from whitelisted servers will not be delayed.

All valid Email servers should follow the relevant Email RFC's. Thus no valid Emails will be lost due to greylisting.


- SPF (Sender policy framework)
Sender Policy Framework (SPF) is a new Email standard to stop the forgery of illegal FROM: addresses. For SPF to work, domain owners must identify sending mail servers in DNS as a text record. On the recipient side, SMTP receivers verify the envelope sender address against the DNS information.

Currently many SMTP servers do NOT have SPF entries in DNS. MailXServer will not drop any messages without SPF records in DNS, but can distinguish forged messages and will drop them if SPF records are published in DNS.

SPF has the potential to totally stop email FROM forgery. This will also have a huge impact on email viruses that uses their own SMTP engines that normally forge the FROM address.

For more information reference: http://spf.pobox.com/


- Manual White or Blacklist
System administrators can manually blacklist or whitelist relay servers. Manual entries will override the above mentioned tests. This feature is very handy to stop specific virus sending servers after only Email header information is received, thus saving bandwidth and increasing server performance. Virus sending servers can be detected using the reporting functions of MailXServer.


- Forward Email Lookup
MailXServer can be configured to do a forward lookup to determine if an Email account exists on a remote system. If this test fails the mail will be dropped before the data part of the message is received. This can significantly save internet bandwidth.


- Intelligent Email analysis
Emails passing the above tests can be scrutinized even further by intelligently analyzing the Email for spam. More than a 1000 predefined rules will be tested against the Email, each rule adding a predefined score when triggered. Emails with a score higher than a predefined total allowable score will be dropped or quarantined. The score of predefined rules can be modified by the system administrators.


- Custom Email Rules
Custom rules can be created as a very powerful way to stop specific spam. Regular expressions are used to detect rule hits in a message. Simplified rules can automatically be created using the supplied interface. Power users can modify (update) the created rules using regular expressions. The custom rules will analyze the total message, thus unwanted words in the message, headers, attachment names, etc. can be detected.

This feature is not only handy to stop spam, but also to allow certain messages that would normally trigger rules by allowing for negative scores.
 

- Filter Teaching: Bayes Scanning
MailXServer can be configured to learn if Email is spam or ham (non-spam). The system can be configured to automatically and/or manually learn spam. The manual mode allows the system administrator or users to teach the filter what messages should be tagged as spam.


- SURBL Scanning
SURBL's with custom scores can be configured to stop Email messages that contain links to known spam URL's.


- Custom Subject Blocking
Messages containing specific wording in the subject can be dropped or quarantined.


- Custom Domain or Email Blocking
Messages from specific senders or domains can be dropped or quarantined.