Our filtration system consists of multiple filter
methods to scan
incoming email. The entire process takes an average of 2 seconds per email.
Below is an explanation of the main filter method sections.
Whitelists:
Our system allows "safe" emails through our system before it checks the
blacklists etc. This ensures that legitimate emails are not affected by
any delays or incorrectly blocked.
- IP & Sender Whitelist
We list the IP addresses of servers which we consider safe and unlikely
to issue spam due to their anti-hacker and anti-spam measures.
Any emails from these servers are allowed through the system and are
immediately delivered to the recipient.
- Auto Sender Whitelist
The system automatically analyses details of everyone our client sends
emails to. The system then allows any emails from those sources to
send replies back without interference. This means that our clients
get emails from those they regularly are in contact with.
- Bonded Sender Program
This is a third party certification program that subscribing companies can
use to ensure that their emails are delivered without blocking. For
information about how the system works please visit
www.bondedsender.org, or
alternatively if you would like to register for this service please visit
www.bondedsender.com. Please
contact mailhost@snmail.co.uk for
details of discounts for registering with the Bonded Sender Program.
Blacklists & Filters:
Our system then analyses the information embedded within the email and
correspondence with sending servers to discover whether the emails are
legitimate or not.
- HELO Blacklist
The first step of an email being sent by an SMTP server is to send an
introduction, e.g. "HELO" or "EHLO" to the recipient server. Well
setup servers carry out this task without any problem, however spammer
software sometimes introduces itself incorrectly. We are also able to
block emails from servers based on the details provided in the "HELO" and
"EHLO" introductions.
- IP Blacklist
We are able to list computers/servers by internet IP address
to block spammers not
listed by the DNS blacklists. This filter also allows us to take steps
against computers/servers infected by viruses. We are then able to take steps to get these additions added to
the DNS blacklists.
- Client Checklist
Any email addressed to a user not listed on our server is automatically
rejected.
- Sender Policy Framework (SPF)
This is an anti-forgery solution in which the system checks with the owners
of the domain listed as the sender that the email is in fact being sent by
one of their legitimate servers, rather than being fraudulently used by
viruses or spamming software.
- DNS Blacklist
We use a number of DNS blacklists. These are lists created by users around
the world who in working together to pinpoint computers/servers that are
purposefully sending spam. Any computer/server listed as being the sender of the
email which match these databases are bounced.
- Subject Title Analysis
Subject titles are analysed for
containing programming scripts, characters not used in human languages,
adult related words and phrases, non-legitimate marketing words and phrases,
and character strings used by spammers to avoid detection.
- Email Contents Analysis
In a
similar way to the Subject Title Analysis the filtration system is able to
analyse the contents of emails for regularly used words, phrases, scripts or
website links.
- Anti-Virus Filter
At this stage the file types listed below are automatically removed from all emails and all emails and their attachments are scanned for known viruses.
File Types Include:
.bat .bhx .class .cmd .com .cpl .exe .gz .hqx .hta .mim .ocx .pif .rar .scr .tgz .tmp .uu .uue .vba .vbs .xxe
.z .zip
- DNS Record Checks
and Reverse DNS Checks
The lack of internet based DNS records indicate that the domain name sending
the email has not been registered and therefore is not a legitimate sender
and is subsequently bounced. These checks also highlight other issues
however are of a technical nature.
Further Anti-Spam & Anti-Virus Measures
The market is always changing and so we do all we can to keep abreast of the
spam and virus trends.
- Spam Catcher Accounts
Specific accounts have been created by SNMail to attract and catch spam for
analysis. The capture and analysis of emails from these accounts help
ensure that the system is kept up to date and in advance of the regularly
changing spam problem.
- Daily Updates
The anti-spam and anti-virus filtration is system is updated on a daily
basis. This allows the system to adapt to the ever changing problem.
- Client Submissions
In the event the system fails to block a spam message, we encourage
subscribers to submit such emails as quickly as possible. This
provides feedback to our staff and allows the system to be updated with the
new information that is able to be farmed from the submission.
- Protection against False-Positives
False-Positives is the phrase given to legitimate emails that are blocked by
an anti-spam system. Although our ratio of False-Positives to Spam is
1:10,000 we ensure that all emails filtered are checked by human beings to
ensure that the system is working correctly. All filtration scripts
are controlled by SNMail staff and therefore these checks also ensure that
no human error has been made in the creation of these new scripts.
|