From the 18th of March we will be making some changes to the way we handle spam emails sent to your Hosted Exchange mailboxes and those mailboxes protected by our Email Security service. It’s called ‘Mail Server Profiling’.
As you’ll know, the battle to keep one step ahead of spammers is constantly evolving, and we’re currently seeing a significant increase in what we call ‘spam storms’, meaning short high-volume bursts of spam sent to email networks to try and circumnavigate spam filters before the definitions can be successfully updated and protect users.
Whilst we do indeed score emails based on sending server reputation, we have decided to ‘raise the bar’ for those wanting to send spam to your mailboxes by introducing ‘Mail Server Profiling’ now at the gateway to our email platform ahead of the existing filters. These rudimentary checks are currently used to score each message within our filtering system, however we’ve decided to deny access to emails that do not pass the following basic criteria. This will increase your protection from ‘zero-hour’ from spammers…
Block Addresses without a Domain
We will reject email addresses that don’t have a valid domain name. For example ‘james@example?com’
Block Mail Servers using Dynamic/DUL IP space
We will reject email from mail servers using dynamic IP addresses. For example, IP addresses that are reserved for home-use broadband connections. Mail servers should only reside on static IP addresses, therefore we will assume emails from dynamic IP address ranges are from compromised PCs.
Require Mail Servers to have rDNS configured
We will reject email from servers that don’t have a reverse-DNS or PTR DNS record. All legitimate mail servers should have a reverse DNS record.
Sending Server must identify itself (HELO)
We will reject email from servers that don’t offer a ‘helo’ command when negotiating with our servers
Server Identification should be “sane” (FQDN HELO)
We will reject email from mail servers that don’t include a valid domain name in the ‘helo’ command. All legitimate mail servers should include a valid domain name in the ‘helo command.
Strict Email Address Parsing (RFC Compliance)
We will reject email addressed using an invalid email address. All email addresses should RFC complainant, and those that are not will be rejected.
Valid FROM domain (A or MX Record)
We will reject email sent from an email address that has an invalid domain name or a domain name that has not been registered.
PTR record should be FQDN
We will reject email from mail servers that have a PTR record that contains a domain name that is not valid or not registered.
Whilst these measures will not impact any sender with a correctly configured mail server, those sending from mail servers that are not set-up in a correct way will be rejected. The above changes are now commonly adopted across most ISPs so any sender failing to meet the above basic criteria will fail to send email to many other destinations.