Thursday, April 19, 2007
Greylisting - A new antispam feature
GREYLISTING
Our most recent addition to our spam scanning servers is to add greylisting to our spam scanning servers.
Greylisting allows us to delay the acceptance of email by 5 minutes for hosts and domains which are not known to us. Once the 5 minute delay has expired email from the host/domain is accepted immediately and will continue through the usual scanning processes.
A normal mail server sending mail will have no problems in retrying the mail delivery after 5 minutes has expired. Where the inbound mail is being sent from a compromised server or PC, the spam software does not normally run a queue for delayed mail and so the mail is never resent. The statistics of the last 48 hours suggest as many as 50% of the servers attempting to deliver mail which pass the RBL tests are not genuine mail servers as they never attempt to deliver the mail a second time.
Customers should be aware that mail will only be delayed by 5 minutes where that sender has never sent mail to our network previously. Our servers have already whitelisted many popular servers and mail addresses including hotmail, msn, yahoo and ebay.
For customers still seeing occasional spam mails it is worth ensuring that you do not have a catchall on your mail address. Where a catchall is unavoidable, identifying specific aliases that are targeted by spammers is a useful option. These aliases can then be set via our support site with a target of :fail: (include the colons) which will cause all future mail to those aliases to be rejected to the sending server.
Finally it is worth noting that the vast majority of the spam that we see can be traced back to mailto: links on websites that have been harvested by spammers. Remember, if you need to include an email address on a web page, avoid using a mailto: hyperlink
Our most recent addition to our spam scanning servers is to add greylisting to our spam scanning servers.
Greylisting allows us to delay the acceptance of email by 5 minutes for hosts and domains which are not known to us. Once the 5 minute delay has expired email from the host/domain is accepted immediately and will continue through the usual scanning processes.
A normal mail server sending mail will have no problems in retrying the mail delivery after 5 minutes has expired. Where the inbound mail is being sent from a compromised server or PC, the spam software does not normally run a queue for delayed mail and so the mail is never resent. The statistics of the last 48 hours suggest as many as 50% of the servers attempting to deliver mail which pass the RBL tests are not genuine mail servers as they never attempt to deliver the mail a second time.
Customers should be aware that mail will only be delayed by 5 minutes where that sender has never sent mail to our network previously. Our servers have already whitelisted many popular servers and mail addresses including hotmail, msn, yahoo and ebay.
For customers still seeing occasional spam mails it is worth ensuring that you do not have a catchall on your mail address. Where a catchall is unavoidable, identifying specific aliases that are targeted by spammers is a useful option. These aliases can then be set via our support site with a target of :fail: (include the colons) which will cause all future mail to those aliases to be rejected to the sending server.
Finally it is worth noting that the vast majority of the spam that we see can be traced back to mailto: links on websites that have been harvested by spammers. Remember, if you need to include an email address on a web page, avoid using a mailto: hyperlink
# posted by Netserve @ 4:10 PM 
