Red Cube Hosting

Since we wrote last week about our updated spam filtering, we have been rejecting more spam than ever. In the last 7 days we have rejected 189,956 junk emails - that’s almost three every second.

Messages that are rejected are ones we know are spam - these fall into three main categories:

• Emails which are malformed or are sent in a way which is non-standards compliant, these are either spam is emails being sent via a broken mail server.
• Mail from computers known to be used by spammers - we use DNSBL’s to find out if the computer sending email through our servers is a known spammer or not.
• Messages which our spam filtering software is very confident are spam, such as those which match a Distributed Checksum Clearinghouse, or have a very high combined score from all the tests we carry out.

Further to this, our software identified 6,611 emails which were likely to be spam but weren’t confident enough about to reject - these are the ones which are arrive with “***SPAM***” in the subject line.

We also identified 302 viruses in emails*; this may seem low - but this is because the majority of viruses were rejected before they got as far as the virus scanner.

Spam and virus filtering statistics for the past week (click to enlarge).

* Please note, although we do check incoming emails for viruses, we strongly advise our customers to run anti-virus on their machines, especially if they run Windows.

We have just put the latest version of our webmail system live. This version is a significant update, and includes some long-outstanding features (marking email as read/unread) as well as some useful enhancements such as HTML message message composition and a preview pane.

We’ve also made further improvements to our spam filtering system over the last few days. Initial indications are that the new filtering we have put in place has made a significant improvement to our “hit rate” so we are now rejecting (rather than tagging - emails that arrive with *** SPAM *** prepended to the subject line) more spam than ever.

We’ve made some more improvements to our anti-spam service. The most important one being the introduction of Greylisting.

Greylisting works by temporarily rejecting email from people who have never emailed you before. Any legitimate, standards compliant, mail server will retry delivery of the email after a short period. Many spammers use non-standard mail servers which are simply designed to “fire and forget” in order to send the most spam in the shortest period of time - they rely on volume.

This also has the advantage that it increases the likelihood that the realtime blacklist (RBL) and distributed clearing houses we use will detect any spam.

This means that the first time (and only the first time) you receive an email from somebody it may take a few extra minutes to arrive. There is, however an increase in performance on our mail servers gained by reducing the amount of spam we process. We continue to monitor the situation and will as always work to ensure we are providing the best service to our customers. Please do contact us if you think this is causing a problem for you.

We offer two kinds of statistics with our hosting packages. Firstly we offer comprehensive statistics using Webalizer which are updated daily for each of your domains. Secondly, our control panel offers you up-to-the-minute details of the total hits and bandwidth usage of your sites (it also tells you how much of your disk space you have used).

We’ve been making even more improvements to the spam filtering for our hosting customers.

We’ve added some of the rules from SARE to enhance the spam scoring carried out by SpamAssassin. Along side some other small changes to the SpamAssassin configuration, we are seeing a significant improvement in the quality of the filtering. More spam is being rejected outright (rather than being simply tagged as suspicious).

We have also started using the Razor and DCC clearing houses. These work by taking checksums of certain portions of email and comparing them to recent known spam. Don’t worry, we don’t send your email or any personally identifiable information to third parties to do this - we simply send a hash or fingerprint of the information.