Our Anti-Spam Email Service

A client recently contacted us complaining about the amount of spam he was getting, upon investigation, he was actually getting lots of marketing emails from legitimate web sites (play.com, gumtree.com etc.) but was finding them a nuisance.  To reassure him, I sent a description of how we process email to combat spam and thought I’d share that with all our customers here.

As a mail service provider, we’re doing everything possible to stop spam and viruses reaching clients WITHOUT any false positives.  We don’t want to block any mail that you might want to receive.  So we do err on the side of caution.
The things we have in place to combat spam are
  • Reverse DNS lookups.  Connecting Mail Transfer Agents (MTA, the external mail server trying to send  our mail server an email) are checked out, to see if the IP address has a real domain name – if it doesn’t it is likely to be a virus infected computer on an adsl connection and we will disconnect the MTA without receiving any part of the email.
  • CBL check.  The Composite Block List is a check on the connecting IP address of a mail server sending mail, if the IP address is in the CBL then we refuse to accept the mail.  For more on the CBL, see http://cbl.abuseat.org – essentially, it’s a constantly updated list of internet locations that are known to be sending a lot of spam.
  • Grey list check.  We check the email sender address to see if they’ve sent the recipient an email once before, if so, we deliver the mail.  If not, we temporarily store the mail senders address and tell the sending mail server that we’re too busy to process it’s email. A legitimate mail server will resend the mail in the next 5 minutes or so.  Most spam email is never resent, so the mail is dropped.  This is the most effective anti-spam measure we’ve ever implemented.
  • Spam content database. Our mail server checks a database of known spam emails, if the email being sent to us is on there, we drop it.
  • Spam Assassin. This is software that uses heuristics to calculate the likelihood of email being spam.  Various factors taking into account all aspects of mail (technical and content) produce a spam probability.  A high probability means we drop the mail.  Medium means we deliver the mail but add headers that say we think it’s spam (these are used by mail clients).  A low probability means we will deliver the mail.
  • Virus checks. Any attachments that could cause problems or are known viruses are dropped.
  • Phishing checks. Links in emails are checked to make sure the link text actually does go to the URL that people see.  Email scams often try and disguise bogus links to look like legitimate bank or ecommerce links.
If the email passes all the checks above, then it’s delivered to the mail box.
You should never rely on our mail service or any other to fully protect you from spam and viruses. Please research and buy a good virus and spam checking program for your computer.  Whilst I am proud of how well our mail server works, I personally still get around 50 spam emails a day but my spam detector on my Macbook (part of Apple’s Mail program) puts them all in my junk folder.  Every now and again, I check the folder and one or two emails are legitimate marketing emails I’ve signed up for, allowing me to mark them as “not junk”.

Three things you can do to reduce your spam count

  1. If your email is already getting lots of spam, change your email address.  Don’t pick short common names such as john@ jane@ or info@ as spammers will just guess these.  Use full names, e.g. jane.p.doe@ or customer.services@ – far less likely to be guessed.
  2. Don’t use display your email address in any public forum, twitter, blog post or other medium where internet robot spiders can scrape that email address straight from the screen.  For example, if you’d like to email me, use “c” followed by “birch” at the domain of this web site.  A human being will manage that but an internet robot won’t see it as an email address.
  3. If you don’t trust someone that’s demanding your email for a service, create an alias.  Services such as gmail, hotmail, yahoo and others will allow you to create an email alias, e.g. mydodgyemail@gmailer.com – then if you start to receive spam from that email address, simply delete the alias.