Reducing Spam

Introduction to Spam

Unsolicited Bulk E-mail (UBE), also known as spam, costs organizations and individuals billions of dollars each year. It consumes time and resources while delivering content of limited, if any, value. Among the primary tools of spammers are third-party E-mail servers with open relays. This means anyone can send an E-mail through the server to anyone else, even if neither the sender nor the receiver has an account on the server. Spam can also come from authorized users with accounts on a server.

To help control spam, Shasta.com E-mail servers are configured to perform a variety of tests that eliminate unwanted E-mail.

Blacklists

When a sender’s Mail Server attempts to connect to your Mail Server to deliver E-mail, we first check the sender’s Mail Server against our Blacklist of known abusers (Brute-Force Hackers, E-mail Harvesters, and High Volume Spammers) . If they are listed then the connection is dropped as if your Mail Server does not exist. We routinely block between 30,000 - 250,000 connections every day from a list of 127,000-500,000 known abusers that are continuously updated. In addition, we also use subscribed blacklist from multiple providers for various level of filtering.

Identity

If they pass this primary test, we then say “HELLO” to the sender’s Mail Server and ask them to identify themselves and who they are sending mail for. If the identity of the sender’s Mail Server is not a FQDN (Fully Qualified Domain Name) and cannot be verified through a rDNS (Reverse Domain Name System) lookup then their E-mail is not accepted for delivery. However, if the identity of the sender’s Mail Server checks out as valid then the sender’s address is also checked against a list of known Spam domains and E-mail addresses. If the sender is listed then their E-mail is not accepted for delivery. If they fail either verification then the sender should receive a NDR (Non-Deliverable Response) from their Mail Server telling them that the message was undeliverable due to Spam Filters. If, on the other hand, either the sender’s E-mail address or their Mail Server is recognized as “Trusted Sender” then the message still gets tested and scored, but is guaranteed delivery to your Inbox.

Greylisting

If the sender’s E-mail address seems okay but your Mail Server does not recognize the sender as either a Trusted Sender or as having sent E-mail to you in the past year (365 days), then we ask the sender’s Mail Server to please try again in 60 seconds. This waiting period is called Greylisting and is really effective at stopping Spam because most spammers do not attempt redelivery, whereas legitimate Mail Servers are required to attempt redelivery a minimum of 4 times, and typically many times for up to 4 days. A one minute waiting period for an E-mail from an unrecognized sender might seem to be an inconvenience but Greylisting can be 90% effective at reducing Spam. Most spammers use bots and scripts to attempt to deliver to an many people as possible, and this means they are not typically using legitimate mail servers that will attempt the redelivery. There are three qualifiers that are checked against for greylisting: the To: address, the From: address, and the IP address of the sending server. All three of these must match to get stored as a prequalified sender. So even if someone has sent you an E-mail in the last year, it might still need to qualify if it comes from a different IP address.

Other Anti-Spam Checks

Once the message passes Greylisting, or is recognized by your Mail Server for having sent E-mail to you in the past year, then the message is subjected to dozens of internal tests and a supscription filter service to determine if it is Spam (Junk E-Mail). Each test assigns the message a score, ranging from a maximum of -10 for each HAM (the opposite of Spam) and Whitelist checks it passes to 1-20 (with an average of 5-10) for each RBL (Realtime Block List), URIBL (Uniform Resource Identifier Block List), Checksum, Content Filter, or Bayesian/Statistical check it fails. After all of these tests are run the total score is tallied and an action is determined based on a scale of -100 to +100 as follows:

Total Score
Threat Level
Default Action
-100 to 10
Good
Deliver to Inbox
11 to 13
Low
Prefix Subject with “*** SPAM ***”. Deliver to Inbox
14 to 49
Medium
Quarantine in Junk E-mail Folder on Server
50 to 100
High
Delete the message. No delivery

E-mail clients (Outlook, Windows Mail, Mac Mail, Thunderbird, etc.) can be configured to use either POP or IMAP to receive E-mail. POP will not be able to see the Junk E-mail folder on the server, and so to check it you would need to login via the webmail portal here: https://ShastaEmail.com. IMAP does sync the status of folders in addition to the Inbox and you should be able to see the contents of the Junk E-mail folder.

If desired, you can override the way that your Mail Server handles Low, Medium, and High probability of Spam messages. For more information we have a "How To..." available here: Server Side SPAM Settings

If you are having trouble with the Spam filtering, please visit our Customer Portal at https://my.Shasta.com to see the available "How Tos" or create a support ticket.