Spam mails are a large part of global e-mail traffic and accordingly cause a lot of damage, such as:
- Lost working time spent sorting out spam mails
- Expenditure for the implementation and the operation of anti-spam measures
- Higher costs due to increased internet traffic caused by spam
Hostpoint too is affected by this situation. Approximately, 93 million e-mails and connection requests arrive at our mail servers every month (data from April and May 2011). Of those, only 16 million messages are ‘clean’. This results in the following graphic illustration of the ratio between spam and legitimate mails (ham):
To optimally protect our clients from this flood of spam mails, we take various measures within a multi-level system.
Before our mail system accepts an SMTP connection to an external server, it checks whether the IP address of the external server is listed on any DNS blacklists. One thing we try to find out during this check is whether the sending host has a dynamic (changing) IP address. Most hosts with dynamic IP addresses that send mails to port 25 are trojan and virus-infested PCs in living rooms and offices around the world that are being misused to send out spam. Experience over recent years shows that the use of DNS blacklists reduces spam mail significantly.
Our mail system receives approximately 17 million mails each month – and a proportion of these mails still have to be classified as spam in spite of these measures. Therefore, in a second step, we verify whether the sender’s address (Envelope-From) is a valid address by using the sender address verification process. If this check fails because the sender has used a non-existent e-mail address, the mail will be filed in the spam box with the note “*** Sender address does not exist ***”. Users can turn this verification on or off in the Control Panel mail settings of the account.
There are, of course, spammers who will put a valid sender address to their e-mails. Therefore, as a next step, we analyze the complete e-mail, including header, content, and attachments, with a spam scanner (SpamAssassin) to determine spam and filter it out. This way, the e-mail will be assessed on the basis of characteristic features and rated with points. The higher the number of points, the greater the probability that it is spam. Users can specify how many points are needed to define an e-mail as spam – and what to do with it (move it to the spam box or the inbox) by changing the spam scanner settings in the Control Panel.
By deploying these different technologies and constantly developing and refining them, we are able to filter out the larger part of incoming spam e-mails. Since spammers are developing new tactics all the time, there will unfortunately never be 100 percent protection from spam.
Spam in outgoing mail
Hostpoint recognizes its responsibility as an e-mail service provider and takes all necessary measures to prevent the distribution of spam through its infrastructure. This is a balancing act, since we want to make the distribution of spam as difficult as possible, but do not want to interfere with clients’ legitimate e-mails.
Considering our clients’ requirements, we have implemented the following measures to prevent – or at least mitigate – spam:
- The number of e-mails that can be sent through our SMTP server (smtp.ihredomain.ch) is limited to 1,000 per 24 hours. Clients who reach this limit can have it suspended for that day through the Hostpoint Control Panel – thus making it possible to distribute legitimate newsletters.
- Mails sent through the web server – for example, by using PHP mail() – are deliberately delayed. The delay will be activated in case of a large number of outgoing e-mails at the same time or if those e-mails are addressed to a large number of recipients.
Mail queues are monitored day and night, which makes it possible to quickly recognize an increase in the flow of e-mails. In an emergency, our on-call experts will be informed to prevent the distribution of spam. In addition, we check regularly if mail or web servers are listed on any blacklists.
In spite of all these measures, cases of spam or spamvertising (advertising for domains) pop up from time to time. Therefore, Hostpoint operates an abuse desk at firstname.lastname@example.org, which engages significant staff resources, processes incoming cases and takes appropriate measures at short notice. We can guarantee that Hostpoint meets its responsibilities and rigorously prevents spam distribution, thus ensuring that our clients’ e-mails reach their destinations and don’t end up in a recipient’s spam box.