Enhancements to Email Security and Anti-Spam

Over the weekend we made a number of enhancements to email security and the anti-spam systems that operate on our email servers.  These new system will help to improve the identification of spam while reducing the number of false-positives (legitimate emails that are incorrectly identified as spam).  These changes will also help to protect our email servers from the threat of potential hackers or spammers exploiting our services.

The changes we've made include:

Improvements to the Anti-Hijack System
We've changed the way the anti-hijack system operates, and rather than use the "from" address or the IP address to track and monitor potential spam, the new system monitors the authentication address being used to logon to the email server to send emails. This is an important and significant enhancement and has closed a potential loop-hole in the anti-hijack system.

We've also significantly reduced the trigger thresholds for when the anti-hijack system temporarily, and then permanently, holds emails from being delivered. We will closely monitor these thresholds over the next few weeks to ensure that normal day-to-day business emails are not affected.

The anti-hijack systems are important because they reduce the chances of a spammer using our systems, and reduce the damage they can do if they did use them.  A spammer could easily cause our email servers to be listed on an anti-spam blacklist. If this happens, EVERYONE using our email servers will have problems having their emails delivered and it can take hours - or days - of hard work to have any listing removed from these blacklists.  In this case, prevention is always better than the cure.

Additional realtime Blacklists, Hamlists, and Bonded lists being used
We added the checking of more realtime lists. Additional Blacklists - particularly those providing confirmed zero-hour spam information - will help to improve the identification of spam and spammers.  The use of Hamlists and "Bonded Sender" lists will help to reduce false-positives.

New Content Filtering and IP Reputation Filters
We've added some significant content filtering for all incoming emails. These systems monitor the content of an email to assess the likelihood of it being spam.  Although these new filters are very fast, they provide some significant improvement in identifying spam from new spammers or email accounts.

Introduction of Spamassassin Software
Spamassassin is an well-known anti-spam tool, and we've added this software to our email server as an additional filter for all incoming email.  The effectiveness of this system will be monitored to see if it provides any additional spam filtering accuracy over existing methods. 

Improvements to DoS (Denial of Service) and Email Harvesting Protection
We've made a number of improvements to increase the protection of SMTP, POP, and IMAP accounts from denial of service attacks. We've also added increased protection (and longer ban periods) for people attempting to harvest email addresses from our servers.

Automatic Rejection of Connections from Email Servers with no rDNS record
Our email servers will now reject a connection from another email server if it does not have a rDNS (Reverse DNS) record set up.  This process is also used by most large ISPs and by most email server administrators.  Although a rDNS is not REQUIRED by IETF RFC1912 section 2.1, they do warn that "failure to have proper rDNS for every IP address used to send email from your server will result in your e-mail being blocked".  

It is unlikely that any legitimate emails will be blocked by enforcing this setting but we will work with any email server administrator who is having a problem delivering emails to our system due to this setting, and will help them with setting-up a rDNS record for their email server.

If you're aware of any email server that is affected by this rule, please contact our support team with the details.

Closed a loophole from that allowed some incoming emails to bypass anti-spam checks
Emails sent via the backup email servers for a domain were able to bypass most anti-spam checks because backup email servers had to be whitelisted (trusted) by the primary email server.  Spammers were aware of this weakness and many purposely sent emails to backup email servers to improve the chances of their emails being delivered.

We've now closed this loophole, and emails delivered via our backup email servers will be subject to the same anti-spam measures as emails sent directly to the primary email servers. 

Improved the processing speed of emails
We've made some changes to the way incoming emails are processed. This has reduced the average time an email spends in our spools (the processing area in the email server) from around 8 seconds to around 2 seconds. 

Increase in Greylisting time-outs and retention periods
Greylisting is an old, but still very effective, anti-spam measure and is responsible for eliminating a very large percentage of spam. We've increased our initial time-out period from 2 minutes to 3 minutes to help eliminate more spam emails, but we've also increased the amount of time we retain greylisting data from 36 days to 144 days for emails that have passed the initial greylisting time-out.

Addition of "Internal Spammer" notification thresholds
In addition to our existing anti-hijack methods, we've added extra "internal spammer" thresholds and notifications that should help us to identify any potential spammer-like behaviour on our servers very quickly. Our initial thesholds are set quite low and will adjusted so that normal day-to-day business emails do not trigger the system, but spammer-like behaviour will.

Adjusted User Account and Domain Email number and bandwidth thresholds
As an additional security measure, and early-warning sign of potential spammers, we've adjusted the user account and domain email number and bandwidth thresholds so that we get earlier warnings of potential spammer-like activity.  These thresholds will not affect day-to-day emails, but will provide us with early notice of potential spammers on our system.

Update to the re-try periods of outgoing emails
The IETF (International Engineering Task Force) requires that all e-mail servers must retry sending an e-mail message for up to a minimum of four [4] days if the message is not deliverable the first time.

Our email servers are fully compliant with that requirement but we have increased the number of times our email servers will attempt to re-deliver any delayed emails to increase the chances of an email being delivered as quickly as possible.

Most people view email as being instantaneous, but the IETF requirements are for a much slower and relaxed delivery process. We know that people want to know as quickly as possible whether their email has been delayed so we will inform you after 4 failed attempts if your email has been delayed. 

In almost all cases delivery delays are caused by the receiving email server (the one we're attempting to send the email to) being unavailable or too busy, or else there is a problem with the domains DNS records. Unfortunately, all these factors are outwith our control.

Coming Up 

Introduction of High Security Communications
Over the next week we will be adding "communication security" for all protocols on our email servers. That means you will be able to connect to SMTP, POP, and IMAP via TLS, and the web mail interface via SSL (https).  Most modern email clients such as Outlook provide support for TLS communication.

These new protocols will offer a choice of secure and encrypted communication on these system - if you want to use them.  Use of the new secure channels will not be compulsory and you will not need to make any changes or updates to your existing set-up if you prefer not to.