Fox Network Computer Solutions

Home Shop on Fox Send SMS About us WebMail Bookmark

Domains

Services

Tools

SSL Certificates

RSS Feeds

Shop on Fox Feed

Effective Spam Filtering

For an average Email Service Provider in North America, Europe and Australasia, today's incoming email traffic consists of approximately 24% legitimate email and 76% spam. [1]

The main problem for mail system administrators is how to filter out the spam while not losing legitimate email, and how to keep mail queues flowing without spam-filter processes slowing the queue. The main problem for ISP executives is also how to do this cost-effectively.

2-Stage Filtering

Using the Spamhaus DNSBLs (SBL+XBL) you can very safely reject the vast majority of spam at SMTP connect time and before your mail server accepts the message, and most of the remainder of what gets past by checking the IPs of URLs (web sites) advertised in spam against the SBL in a second stage.

Using the setup described below, UK ISP uxn.com achieves a catch rate of 299 out of every 300 spams (99.6%) with zero false positives.

1st Stage

The first stage is to install the Spamhaus blocklists SBL and XBL on your incoming mail relay(s). These will identify and reject more than half of a normal mail relay's incoming mail traffic (in our experience approx 63% combined: SBL 12%, XBL 51%). [2]

Incoming mail from servers listed on SBL-XBL at this first stage should be rejected at RCPT TO, terminating the SMTP transaction before the message body is received.

This is cost effective - more than halving your incoming mail bandwidth and the subsequent mail queue - and is the safe way to handle message filtering, because in the event a legitimate Sender is ever blocked in error they are immediately notified by the reject notice of the reason why their message could not be delivered as well as what to do and who to contact about it. [3]

2nd Stage

Over 87% of spam contains URLs of spammer web sites whose IPs are listed on the SBL. [4] Therefore the second stage is to scan the 37% of mail which gets past first stage IP filtering, looking for URLs (web site addresses) in the message body and testing their host IPs against the SBL.

This is done by installing an application capable of scanning message bodies for URLs and checking them against the SBL.
There are a number of free/open source applications - such as SpamAssassin, SpamBouncer, and there is also a free Sendmail milter with this feature.

If using SpamAssassin, we recommend you increase the value of the SBL-check feature, URIBL_SBL to at least 5 or 6 (by default it's set to 1 which in most cases is too low to trigger the spam flag).

Spamhaus lists the IPs of spammers' web servers and DNS servers, in addition to spam sources in the SBL for this purpose. Spammers may find fresh sources not yet on our DNSBLs, but they have to advertize a web site hosted somewhere.

The final small amount of remaining spam can then be caught with further filters, such as DCC or Baysian content filters, to almost completely eliminate spam before it reaches users' mailboxes.