Our server scans all incoming email for viruses, and blocks any that it finds (SMTP reject, error code 554)
We also have a many virus definitions, which will detect a large number of spam messages as well (and it will reject them as a virus because almost all spam is from a virus infection).
We use the sanesecurity rules, along with 200+ of our own custom definitions.
Here is a summary of viruses blocked in one day:
| 329x | Sanesecurity.Junk.17573.UNOFFICIAL |
| 196x | Sanesecurity.Spam.10533.UNOFFICIAL |
| 175x | Sanesecurity.Spam.10561.UNOFFICIAL |
| 169x | Sanesecurity.Casino.11500.UNOFFICIAL |
| 157x | Sanesecurity.Spam.7672.UNOFFICIAL |
| 104x | Sanesecurity.Spam.10285.UNOFFICIAL |
| 94x | Sanesecurity.Spam.10082.UNOFFICIAL |
| 69x | Sanesecurity.Spam.10263.UNOFFICIAL |
| 56x | Sanesecurity.Hdr.9802.UNOFFICIAL |
| 46x | Sanesecurity.Spam.10563.UNOFFICIAL |
Our server also checks incoming messages against various "DNS block lists", which help to identify spam sources. Any incoming message found to be from a known spam source will be rejected (SMTP reject, error code 553) with a note telling them to visit our DNSBL page for more information
If you find that a message you are trying to send is blocked by our DNSBL checks, please contact us to discuss possibilities; we do have whitelisting capabilities.
Where a site repeatedly fails this test, they will be temporarily blocked at our firewall in order to save resources
Here is a summary of spam sources blocked in one day:
| 45 | from | 91.168.213.206 |
| 27 | from | 71.80.53.88 |
| 24 | from | 200.175.25.51 |
| 23 | from | 93.188.83.13 |
| 22 | from | 24.91.86.56 |
| 21 | from | 210.210.120.123 |
| 19 | from | 97.124.40.230 |
| 19 | from | 88.224.227.62 |
| 19 | from | 210.201.188.241 |
| 19 | from | 187.13.22.6 |
For clients who collect email directly from our server (ie POP3, not forwarding), we check all messages using spamassassin.
We do, naturally, have several custom rules which are identifiable by starting with 'Y_'
We also regularly update our scoring for certain tests in order to tag as much spam as possible without tagging non-spam messages.
We do not delete messages which spamassassin decides are spam, for the simple reason that it sometimes gets things wrong (false positives)
Our server will either block messages at SMTP time, with a 5xx reject, or will deliver emails - we never just drop emails programmatically (except for our blackhole address).
Some customers have found that our spam rules are highly accurate and the shear volume of spam they receive has become too unwieldy to even attempt to find false positives; for these customers we file all spam with a score of 7 or above into a separate mailbox, which can be accessed with webmail in the event of a legitimate email being mis-tagged.
To cut down on the most spam possible, we use several techniques and programs:
When a particular remote computer/server has sent a vast number of spam messages, or has tried to compromise our server some other way, we will block connections within our firewall. This is reserved for the most drastic cases and is not a measure we take lightly.
Our first main line of defense is to check incoming connections against DNS black lists (see above)
We then check messages using clamav for viruses and known significant spam signatures
For customers who have their email forwarded to another address, this is all we do.
For customers who collect directly from our server (POP3) however, we also check messages with spamassassin, including:
several custom rules and custom scoring:
checking the message with Vipul's razor (i.e. cloudmark),
the PDFInfo module to detect spam sent as a pdf attachment,
running OCR software against included pictures to extract text which is then also checked against a black list.The OCR process was hammering our server too much, so it has now been disabled
Each test is assigned a score; if the total score is high enough then the message is tagged to make it easily identifiable and easily filtered. A large proportion of our customers simply have a filter rule set up to delete all tagged messages, although we do recommend checking the deleted items for incorrectly tagged messages.
If any of our customers' legitimate email is tagged, we will look at ways of rectifying this, including whitelisting specific senders and recipients.
Here is a summary of spam tagged messages in one day:
All tagged messages: 1305
All razor2 tagged spam: 1185