Tim

Footprints in the snow of a warped mind

Blog Home About Me Photo Album The Site Doctor Blog Feed by Email Portfolio

Tag Cloud

AJAX (4) ASP (6) ASP.Net (40) Error Reporting (2) Web Service (1) WSDL (1) Atlas (2) Business (67) Business Start-up Advice (24) Client (12) Expanding Your Business (15) C# (11) Canoeing (4) Canoe Racing (5) Cheshire Ring Race (5) Racing (2) Training (4) CIMA (1) Cisco (1) 7970G (1) CSS (3) dasBlog (2) DDD (1) Design (9) Icons (1) Development (8) General (39) Christmas (6) Fun and Games (11) Internet (20) Random (44) RX-8 (8) Home Cinema (2) Hosting (1) IIS (8) iPhone (1) JavaScript (2) Marketing (3) Multipack (1) Networking (2) Nintendo (1) OS Commerce (1) Photography (1) PHP (1) PowerShell (1) Press Release (1) Security (1) SEO (5) Server Maintenance (3) Server Management (8) Software (9) Office (5) Visual Studio (8) Windows (4) Vista (1) SQL Server (12) Testing (1) The Site Doctor (94) Turnover Challenge (1) Umbraco (10) Web Development (42) WebDD (33) Wii (1)

Atom 1.0 RSS 2.0 CDF 

Search

<August 2007>
SunMonTueWedThuFriSat
2930311234
567891011
12131415161718
19202122232425
2627282930311
2345678

Recent Comments

Total Comments: 221
View all 221 comments

Blog Archive

Various Links

Blogs I Read

 Google Blog
Official Google Webmaster Central Blog
 Matt Cutts
Gadgets, Google, and SEO
 Ol' Deano's Blog
My mate Dean's blog on my space, equally as random as mine but not off on as much of a tangent!
 Sam's Blog
Sam is one of my younger brothers studying Product Design and Manufacture at Loughborough, this is his blog :) Enjoy!

Recent Tracks

last.fm - The Social Music Revolution

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

newtelligence dasBlog 2.0.7226.0

Send mail to the author(s) Email Me (Tim Gaunt)

© 2009 Tim Gaunt.

Sign In

Get Windows Live Alerts

 Friday, August 24, 2007

Understanding email server connection checks

Friday, August 24, 2007 4:59:42 AM (GMT Standard Time, UTC+00:00)

One of the reasons I'm fanatical about Rackspace as a hosting partner is that if you're unsure about something, you know you're able to ask an expert and get a top-notch response to your quandary.

I was recently speaking with another host who was talking about greylisting their emails -in short this is the process of rejecting the first email from a given email address/server and waiting for it to be (automatically) resent by the server later as unlike genuine email servers, most spam servers do not try to re-send an email if it's rejected by a server. We're not able to greylist our emails so I thought I would check that our spam filter settings were up-to-date.

The guys at Rackspace had a look through our spam filter settings and recommended we disabled the statistical filters as they were somewhat outdated technically and increase our connection checks -more importantly, deleting the email after it fails a number of checks. Historically I've been adverse to deleting emails on the server as there's no way to recover them so I asked how accurate connection checks were and thought I would share their easy-to-understand response about what the connection checks do.

Tim,

In order to understand the unlikelihood of false positives for this case, you must first understand what each check does.

Verify HELO/EHLO domain.

This will create a test in which the domain passed during the HELO/EHLO is used to perform a DNS query to verify that the domain specified has an A record or an MX record. (All valid domains should have a valid HELO/EHLO domain, only mis-configured and spam mail servers fail this test)

Perform Reverse DNS Lookup for Connecting Server.

This will create a test in which the IP address of the connecting server is used to perform a reverse DNS lookup to determine the domain name. If a domain has a valid PTR record, the message is accepted. (Not all valid domains have a PTR record)

Verify MAIL FROM Address.

This will have the "From" address of the connecting server verified for each message to ensure that the user is a valid user on the mail server. If the user or server does not exist, the message is identified as spam. (This is a definite give-away that the message is a spam message).

We can then set the delete threshold to 4. The "Delete message after X matches" will delete the message after it matches 3 of the above rules and/or black lists. This will almost guarantee that the message is spam. If the message fails all Verification checks, it is spam. If the message fails 2 connection checks and a DNS Blacklist check, it is spam. If an email fails both DNS Blacklist checks, and 1 verification check, it is spam. You are pretty much guaranteed that a message is spam. If you want to make extra sure, you could set the delete threshold to 4 that way it will have to fail all verification checks and one blacklist, or both blacklists and two verification checks.

Thank you,

Roberto M Chapa

Understanding email server connection checks
Useful Links:  #  digg it!  del.icio.us  Technorati  email it!  Post CommentsComments [0]  Trackback Link
CategoriesTags: Business | Server Management | The Site Doctor
    Template based on a design by Arcsin. Valid CSS & XHTML.