Spam, spam, eggs, chips and spam
We’re often asked how customers can get the best out of their spam filtering, and conversely, how they can avoid the pitfalls of messages they send going to junk folders. Here are a few tips that should help you get the best out of your spam filtering and improve mail delivery.
Incoming spam protection
This is mainly aimed at our Mercury mail platform. If you are on our old Atmail system, do contact us should you wish to be moved over. We’re moving all clients over in due course, but would be more than happy to move individual domains ahead of schedule on request. Resellers having problems with spam should contact us for directly advice specific to the Plesk system.
The first time a message is received from a sending server, it will be asked to resend after a short delay. Viruses that hijack mailboxes have no concept of queuing, so won’t know how to handle the re-queue request. Do be aware that depending on the configuration of the sending server, this can cause mail delays though, as it MUST be resent with a minimum of 5 minutes between first and second try. Some administrators configure their servers not to retry for several hours.
Once a verified e-mail has been received from a server it will be added to a whitelist, and future messages from that server to any of our clients will be passed through without delay. As we handle a large volume of e-mail, it is very likely that any legitimate sending server is already on our whitelist. Greylisting can be toggled on and off by logging into account.34sp.com > manage sites > DOMAIN > e-mail and you will see the toggle button towards the bottom right of this page. We recommend leaving greylisting enabled.
SPF spam protection
A domain which publishes an SPF record in its DNS records lists those servers which are permitted to send e-mail on behalf of that domain, thereby increasing the likelihood of spoofed messages being dropped. It is particularly useful to publish an SPF record if you are receiving bounces to messages that you never sent (i.e. they are spoofed) as any receiving server will drop messages that come from servers not on your “allowed” list if you publish this record.
Do note that if you use MailChimp or any external service that sends mail on behalf of your domain that you will need to add their servers to your SPF record – please contact your (other) mail provider to find out what that record is.
An increasing number of providers are checking domains for SPF records before accepting messages these days, and they will increase the spam score of any domains that do not publish a record. To enable SPF with a set of default records that allow the 34SP.com servers to send on behalf of your domain, log into account.34SP.com > manage sites > DOMAIN > DNS > SPF records > Add SPF record (you will need us to be managing your DNS for this option to be available).
DKIM is an e-mail authentication method through which e-mails are digitally signed on a per-domain basis. Enable this on outgoing mail, ensures end-to-end integrity of the message, i.e. it can be verified that an e-mail has not been modified in transit.
Again, domains which digitally sign their mail messages are less likely to have messages tagged as spam. To enable this option log into account.34sp.com > manage sites > DOMAIN > Advanced > DomainKeys Identified Mail and you can enable this from here.
SpamAssassin based spam score (via webmail)
SpamAssassin will examine components of a message such as content and place of origin and assign every message a score that’s made up of all the individual hits added together, for example, it might score 1.2 for an e-mail originating in a region or IP known to send a lot of spam, and 0.6 for the mention of the word “gambling” (these aren’t the actual numbers, they’re just listed to give an example). This would give a message a score of 1.8.
The higher the score, the more likely the message is to be spam. You can make the filters more aggressive with messages so they get flagged as *****SPAM***** by lowering the number in the spam filtering section of webmail. Do remember – we’re not after filtering EVERY message, we just want to get most of them, so if you’re finding that you’ve lowered the score and spam is still coming through, you can just lower it a little bit more.
If you want to have a look at what score any given spam message receives so you can compare this to your rejection level, have a look at the headers of one of these spam messages. You should see a line that gives both the score the message received and what score it would be flagged at. e.g.
X-Spam-Status: Yes, score=105.0 required=9.0
this indicates a message that has been tagged as spam as it has scored 105, and the score required for it to be tagged is 9.0.
X-Spam-Status: No, score=0.1 required=9.0
this indicates a message that has passed spam filtering as it only scored 0.1.
To adjust the spam filtering level, log into http://mail.34sp.com > Settings > Spam > General Settings. Remember that by default it is set to 11 which is effectively OFF. Lower the number to make the filtering more aggressive.
Bayesian filtering webmail
This system learns from your actions! Using the “Spam” button at the top of the webmail interface to tag a mail as spam will move it to the Spam folder (as will using the “Not spam” button move it from Spam to the main Inbox). From there the system begins to learn what you feel is spam e-mail.
It will take several hundred messages to start to learn the correct patterns, but the more messages you flag using this button, the better it will get at predicting what is and isn’t spam specifically to your account.
Outgoing spam protection
We’ve seen an increase in the number of messages that gmail and hotmail are sending to the spam folder over the last few months. We’re currently advising users that if they do NOT use any mail providers other than ourselves to add both SPF and DKIM records, as this will greatly reduce the likelihood of this happening.
- Don’t publish your e-mail on websites. Unscrupulous people looking for your e-mail address send out automated scripts (bots) that search web pages for anything that looks like an e-mail address. If it contains a dot and the @ symbol, chances are it’s an e-mail address and they want it.
- Even worse is to publish a link that directly opens a message in people’s mail programs. Best practice would be to use a contact form (preferably with ReCAPTCHA protection to stop this being spammed too) and if you really must put your address out there, disguise its format – e.g. support at 34SP dot com.
- NOT AN OBVIOUS ONE, BUT DON’T CAPITALISE ENTIRE SENTENCES. They add emphasis, but they also add a big amount to the spam score of a message.
- In and ideal world (or at least an ideal world from a mail server’s perspective) one message would only ever be sent to one recipient at a time. If you do need to send to multiple users, avoid the use of CC and BCC – again, these are characteristic methods of spammers to get their message out to as many people as they can, after all, it only takes one out of hundreds to respond for their message to have been worthwhile.
We limit CC and BCC to 50 recipients per message as a method of reducing the fallout should your mailbox password be compromised, but best practice would be not to use it at all.