Red Cube Hosting

Archive for the ‘Hosting Service’ Category

Since we wrote last week about our updated spam filtering, we have been rejecting more spam than ever. In the last 7 days we have rejected 189,956 junk emails - that’s almost three every second.

Messages that are rejected are ones we know are spam - these fall into three main categories:

• Emails which are malformed or are sent in a way which is non-standards compliant, these are either spam is emails being sent via a broken mail server.
• Mail from computers known to be used by spammers - we use DNSBL’s to find out if the computer sending email through our servers is a known spammer or not.
• Messages which our spam filtering software is very confident are spam, such as those which match a Distributed Checksum Clearinghouse, or have a very high combined score from all the tests we carry out.

Further to this, our software identified 6,611 emails which were likely to be spam but weren’t confident enough about to reject - these are the ones which are arrive with “***SPAM***” in the subject line.

We also identified 302 viruses in emails*; this may seem low - but this is because the majority of viruses were rejected before they got as far as the virus scanner.

Spam and virus filtering statistics for the past week (click to enlarge).

* Please note, although we do check incoming emails for viruses, we strongly advise our customers to run anti-virus on their machines, especially if they run Windows.

We have just put the latest version of our webmail system live. This version is a significant update, and includes some long-outstanding features (marking email as read/unread) as well as some useful enhancements such as HTML message message composition and a preview pane.

We’ve also made further improvements to our spam filtering system over the last few days. Initial indications are that the new filtering we have put in place has made a significant improvement to our “hit rate” so we are now rejecting (rather than tagging - emails that arrive with *** SPAM *** prepended to the subject line) more spam than ever.

We are pleased to announce we have completed the implementation of DomainKeys for all email domains hosted on our email servers. Whilst DomainKeys will not stop you from receiving any more spam, it will help others to identify emails sent by you as being legitimate. This makes it more difficult for people to send email pretending to be from you.

You can read more about DomainKeys at Wikipedia, or in the RFC.

We’ve made some more improvements to our anti-spam service. The most important one being the introduction of Greylisting.

Greylisting works by temporarily rejecting email from people who have never emailed you before. Any legitimate, standards compliant, mail server will retry delivery of the email after a short period. Many spammers use non-standard mail servers which are simply designed to “fire and forget” in order to send the most spam in the shortest period of time - they rely on volume.

This also has the advantage that it increases the likelihood that the realtime blacklist (RBL) and distributed clearing houses we use will detect any spam.

This means that the first time (and only the first time) you receive an email from somebody it may take a few extra minutes to arrive. There is, however an increase in performance on our mail servers gained by reducing the amount of spam we process. We continue to monitor the situation and will as always work to ensure we are providing the best service to our customers. Please do contact us if you think this is causing a problem for you.

We have made several improvements in our control panel software, including adding the ability for customers to password protect their website statistics. Customers can also setup mailing groups, this provides the ability to email groups of people via one email address and is ideal when you don’t need the advanced functionality our mailing list software offers.

We offer two kinds of statistics with our hosting packages. Firstly we offer comprehensive statistics using Webalizer which are updated daily for each of your domains. Secondly, our control panel offers you up-to-the-minute details of the total hits and bandwidth usage of your sites (it also tells you how much of your disk space you have used).

We’ve been making even more improvements to the spam filtering for our hosting customers.

We’ve added some of the rules from SARE to enhance the spam scoring carried out by SpamAssassin. Along side some other small changes to the SpamAssassin configuration, we are seeing a significant improvement in the quality of the filtering. More spam is being rejected outright (rather than being simply tagged as suspicious).

We have also started using the Razor and DCC clearing houses. These work by taking checksums of certain portions of email and comparing them to recent known spam. Don’t worry, we don’t send your email or any personally identifiable information to third parties to do this - we simply send a hash or fingerprint of the information.

As part of our recent upgrade to our hosting service, we introduced a control panel which allows customers to setup and manage domains, email accounts, ftp accounts, databases and alike. A few customers have contacted us asking if this means we will no longer manage their accounts for them. Please don’t worry - use of the control panel is optional, you can still ask us to do these things for you.

Image spam is annoying, hard to detect and it’s on the increase. We have made some improvements to our spam filtering which allow us to detect image spam and block it.

We are now using the FuzzyOCR plugin to SpamAssassin to scan images in emails which match certain criteria. FuzzyOCR carries out several image-specific checks to look for characteristics typical of image spam. It also uses optical character recognition (OCR) to find words within pictures and calculate the probability of the image containing spam. This is a resource intensive process, so there are several optimisations in place in our configuration to ensure we only scan images that really need scanning. This technology is pretty reasonably to false positives - so unless you’re taking pictures in a pharmacy or on a trading floor you shouldn’t notice any difference other than a cleaner inbox.

To help reduce quantity of spam arriving in customers mailboxes, we are now checking all inbound email against Sane Security’s phishing and scam filers. These are specifically aimed at so called phishing emails and scam emails (such as 419 scams).

We are have also added the MSRBL blacklists, on a trail basis. This is an attempt to filter our as much image-base spam as possible. We are currently quarantining any email caught using these filters and checking regularly for false positives (we had none during testing).

This is in addition to the existing measures we use (such as various RBLs and statistical analysis of email).