Red Cube Hosting

Since we wrote last week about our updated spam filtering, we have been rejecting more spam than ever. In the last 7 days we have rejected 189,956 junk emails - that’s almost three every second.

Messages that are rejected are ones we know are spam - these fall into three main categories:

• Emails which are malformed or are sent in a way which is non-standards compliant, these are either spam is emails being sent via a broken mail server.
• Mail from computers known to be used by spammers - we use DNSBL’s to find out if the computer sending email through our servers is a known spammer or not.
• Messages which our spam filtering software is very confident are spam, such as those which match a Distributed Checksum Clearinghouse, or have a very high combined score from all the tests we carry out.

Further to this, our software identified 6,611 emails which were likely to be spam but weren’t confident enough about to reject - these are the ones which are arrive with “***SPAM***” in the subject line.

We also identified 302 viruses in emails*; this may seem low - but this is because the majority of viruses were rejected before they got as far as the virus scanner.

Spam and virus filtering statistics for the past week (click to enlarge).

* Please note, although we do check incoming emails for viruses, we strongly advise our customers to run anti-virus on their machines, especially if they run Windows.

We have just put the latest version of our webmail system live. This version is a significant update, and includes some long-outstanding features (marking email as read/unread) as well as some useful enhancements such as HTML message message composition and a preview pane.

We’ve also made further improvements to our spam filtering system over the last few days. Initial indications are that the new filtering we have put in place has made a significant improvement to our “hit rate” so we are now rejecting (rather than tagging - emails that arrive with *** SPAM *** prepended to the subject line) more spam than ever.

We are pleased to announce we have completed the implementation of DomainKeys for all email domains hosted on our email servers. Whilst DomainKeys will not stop you from receiving any more spam, it will help others to identify emails sent by you as being legitimate. This makes it more difficult for people to send email pretending to be from you.

You can read more about DomainKeys at Wikipedia, or in the RFC.

Unethical companies monitor the publicly accessible WHOIS database and obtain registrant contact information as well as domain expiry dates. Using the information, they mail domain Registrants an official looking document, months in advance of the renewal date, encouraging the Registrant to renew the name now to protect themselves from losing that domain name. When the Registrant renews the name by paying the invoice, the domain is not only renewed, but a Registrar transfer is initiated to the unscrupulous Registrar. Depending on just how unscrupulous they are they could then increase their charges or attempt to hijack your domain.

The easiest way to avoid these scams is to check very carefully that any domain renewal notices come from us. If you are unsure, please contact us via the contact details on our website and check. The other people who may legitimately try and contact you about your domain will be Nominet, the UK domain name registry.

How to avoid these scams:

1. Ask us to enable our free WHOIS Privacy service for your domain. This hides your name, address, email address and telephone number from would be scammers and spammers. Legitimate contact can still be made via the WHOIS Privacy system.

2. Ask us to enable Domain Locking - this will prevent your domain being transferred until it is disabled again. You will always have the ability to remove the domain lock yourself from our control panel.

All our hosting packages include the following features as standard:

General Features
Hosted on very fast, reliable Linux servers.
Choice of managed or self managed service.
Email and telephone support.
Powerful control panel to manage your account, domains (including DNS), email users and much more.

Email Features
POP3 or IMAP mailboxes - or SMTP delivery direct to your own mail server (some of the features below are only available for POP3/IMAP).
Email forwarding and “out of office” messages.
Virus scanning of email.
Powerful spam checking and tagging of email.
Phishing/scam email scanning.
Control panel for each email user to allow setting of personal options.
Webmail for access to email out of the office.
Set individual quotas for your email users.
Optional catchall mailbox.
Create and manage mailing lists or distribution lists.

Web Features
Add and manage sub-domains though the control panel.
Domain aliases.
Add and manage separate FTP users (for web designers etc).
PHP5 and CGI support.
MySQL databases (with control panel access).
Comprehensive statistics

We provide complete hosting services aimed at small to medium sized businesses, and consultancy for enterprises.

Our hosting platform runs entirely Open Source software.

We offer a powerful control panel, comprehensive virus/spam/phishing filtering and both realtime and detailed statistics for your websites.

You can keep up to date with the latest developments in our blog.

We’ve made some more improvements to our anti-spam service. The most important one being the introduction of Greylisting.

Greylisting works by temporarily rejecting email from people who have never emailed you before. Any legitimate, standards compliant, mail server will retry delivery of the email after a short period. Many spammers use non-standard mail servers which are simply designed to “fire and forget” in order to send the most spam in the shortest period of time - they rely on volume.

This also has the advantage that it increases the likelihood that the realtime blacklist (RBL) and distributed clearing houses we use will detect any spam.

This means that the first time (and only the first time) you receive an email from somebody it may take a few extra minutes to arrive. There is, however an increase in performance on our mail servers gained by reducing the amount of spam we process. We continue to monitor the situation and will as always work to ensure we are providing the best service to our customers. Please do contact us if you think this is causing a problem for you.

We offer two different ways for you to access your email - via POP or IMAP. This article explains how each works, and gives some guidelines as to which is likely to be best for you.

POP (Post Office Protocol v3 or POP3)

POP downloads email from a single folder - your Inbox. When you check your email in your mail program, it downloads the email from the server to your local computer. In most email programs, you can choose to leave the email on the server for a a number of days so you could choose to leave mail on the server for 30 days and then use our webmail to see recent email and new email when you are away from your computer. As email is moved from the hosting servers to your computers each time you check your email, it does’t use up as much of your hosting space.

POP is ideal if:

you read/reply to your email on one computer most of the time.
if you have very high volumes of email (particularly email with attachments).
you use dial up, or a pay-as-you-go internet service provider.
you only want to look new/recent email via webmail.

IMAP (Internet Message Access Protocol v4 or IMAP4)

When you access your email using IMAP, it remains stored on the server in multiple folders (including folders you can create yourself, and your sent items). This means that you can connect to the mail server from any computer and see your email in the relevant folders. Most email programs allow you to work “offline” from a local copy of your mailbox so you can still read/reply to email when you are not connected to the internet.

IMAP is ideal if:

you read/reply to your email on several computers (including via webmail).
you use a mobile email device such as a BlackBerry or our webmail service.
you don’t receive a huge volume of email, or many large attachments.
several people share a mailbox (for example a generic “sales@” email address).

As your email is stored on the server, it counts towards the space allowance on your account - if your account becomes full you will need to delete some email, download it to your computer or upgrade your account to give yourself more storage space.

Generally, we advise people to use POP unless there is an overriding need to use IMAP.

One more option… SMTP

Beyond the scope of this article, with mentioning SMTP. If your company has it’s own mail server on it’s network (such as, Microsoft Exchange), we can arrange for email for your domain(s) to be delivered and provide a backup server incase your network or server is unavailable. Please note email delivered by SMTP does not get filtered for viruses/spam on our servers - so you will need to make alternative arrangements.

Information in these guides and articles is provided free of charge and without warranty.

We’ve been making even more improvements to the spam filtering for our hosting customers.

We’ve added some of the rules from SARE to enhance the spam scoring carried out by SpamAssassin. Along side some other small changes to the SpamAssassin configuration, we are seeing a significant improvement in the quality of the filtering. More spam is being rejected outright (rather than being simply tagged as suspicious).

We have also started using the Razor and DCC clearing houses. These work by taking checksums of certain portions of email and comparing them to recent known spam. Don’t worry, we don’t send your email or any personally identifiable information to third parties to do this - we simply send a hash or fingerprint of the information.

Image spam is annoying, hard to detect and it’s on the increase. We have made some improvements to our spam filtering which allow us to detect image spam and block it.

We are now using the FuzzyOCR plugin to SpamAssassin to scan images in emails which match certain criteria. FuzzyOCR carries out several image-specific checks to look for characteristics typical of image spam. It also uses optical character recognition (OCR) to find words within pictures and calculate the probability of the image containing spam. This is a resource intensive process, so there are several optimisations in place in our configuration to ensure we only scan images that really need scanning. This technology is pretty reasonably to false positives - so unless you’re taking pictures in a pharmacy or on a trading floor you shouldn’t notice any difference other than a cleaner inbox.