Spam and Virus FAQ
This page will explain some of the most common questions from our users regarding the spam and virus defenses on our network which affect them directly.
Frequently Asked Questions regarding Spam
What spam tests are done by the mail servers on incoming emails
How many types of Spammers are there?
When I receive email, why does it have **POSSIBLE SPAM** in the subject line?
What are "Email Headers" and how do I check mine?
How do I "white list" senders
My emails are being bounced by hotmail
What Spam Tests are done by the mail server on incoming mails?
The email servers will perform over 650 different tests on incoming emails using a variety of internal and external methods.
Click here to see the full list of DNS Based Databases that are used in testing
|
|
ip4r spam tests (Well-known IP-based spam tests, such as DSBL) |
|
|
rhsbl spam tests (public domain-based spam tests) |
|
|
dnsbl spam tests (public spam tests other than IP- or domain-based) |
|
|
External spam tests (such as Message Sniffer) |
|
|
TXT DNS record lookups (determines the reason the test failed) |
|
|
Filtering (Lets you add your own keywords to detect spam) |
|
|
Header Analysis (Looks for broken and forged E-mail headers) |
|
|
Custom IP blacklists (Lets you block IPs of your choice) |
|
|
Custom sender blacklists (Lets you block return addresses of your choice) |
|
|
Geolocation (lets you block E-mail based on the country of origin) |
|
|
Anti-filter Detection (Detects tricks spammers use to bypass filters) |
|
|
Bogus return address test (Blocks E-mail with invalid return address) |
|
|
Reverse DNS test (Can block mail from servers with no reverse DNS) |
|
|
Bogus server name test (Blocks E-mail with a bogus 'HELO' server name) |
Types of Spammers
Out there on the www there are many types of spam and spammer. This list is not definitive but includes the majority of the types of spammers that we know of and have to deal with on a daily basis.
- Zombie Spammer - A spammer that hijacks other's computers where the spam is sent directly from the hijacked computer to one's server.
- Zombie - A computer that has been hijacked and is a member of a bot-net.
- Bot-net - A group of zombies under one group's control, typically used for spamming and for DDoS attacks, but also sometimes used to relay through legitimate servers using either AUTH hacking or trusted IP space.
- Open Relay - A mail server that allows un-authenticated E-mail to be sent through it.
- AUTH Relay - A mail server that has accounts where either AUTH has been hacked to send spam, or allows trusted IP space to relay spam.
- Relay Spammer - A spammer that uses either Open Relays or AUTH Relays to send spam.
- Static Spammer - A group dedicated to spamming that uses their own servers (contracted or owned).
- AFF Spam (Advance Fee Fraud) - Consists of scams where the object is to get the recipient to hand over cash in expectation of a return. This typically consists of Nigerian spam, Lottery spam, "buy from your store" spam, and "representatives wanted" spam.
- Phishing Spam - Scams designed to trick the recipients into handing over valuable information. These messages are typically sent through sites using content management tools (Wiki's, message boards, blogging software, and PHPNuke-type content management tools). The content is also often hosted on the same.
- Bulk Mailers - Companies that are not committed exclusively to spamming, but most of which will leak spam from time to time. Some are better than others at preventing spam, and some have service designs that lend themselves to abuse.
- Niche Spam - Small-time spammers that generally target a very specific demographic such as a region or a type of business. They often use either their own official E-mail server or that of their ISP, and they can be hard to catch without manual blacklisting.
- Backscatter - Messages that result from automated responses to forged addresses, typically resulting from gateways that don't validate recipient addresses, but also caused by auto-responders, vacation messages, open relays, AUTH relays and AV blocking mechanisms.
- Form Spam - Spammers that target contact forms to send their spam to the hard coded recipients, or in some cases attempt to recode the recipients if that value is specified within the form.
- Spim - Instant messaging spam. Typically sent by zombies.
- Blog Spam - Also affects things like guestbooks, comment mechanisms and message boards. Used either for spamdexing or to directly advertise one's products. Primarily done by zombies.
- Spamdexing - The act of spreading links to a site by posting them in blogs, guestbooks and message boards with the goal of improving search ranking of the sites listed.
When I receive email, why does it have **POSSIBLE SPAM** in the subject line?
The most common comments from 123 Marbella Users regarding this issue are...
"I sent an email to someone in my office and when they got it, it was marked as spam"
"A friend of mine sent me an email and it was marked as spam"
"I sent an email to myself and it was marked as spam"
 |
When someone sends an email to you, the email goes through a multi-layered defence system in order to protect you against spam and virus attacks which are more and more common everyday, costing you time and money.
The JunkMail Layer will intelligently catch spam sent to your mail server and perform certain actions depending on what it finds.
The JunkMail system uses a unique weighting system (scoring system) based on the results of various tests. |
The Junkmail system uses various internal and external tests to determine the following...
1) What is definetely Spam
2) What could be Spam but its not 100% sure
3) What is definetely not Spam
When the JunkMail system analyses an email and its not sure if its spam or not, its marks the email with **POSSIBLE SPAM** because the email has scored between 14 - 19 points which means that the email failed various tests and or contains spam elements.
It places **POSSIBLE SPAM** in the subject line as a warning so that when the email is delivered to your INBOX, you can filter or place a rule in your email program so that you can put the email into a spam folder.
It does not necessarily mean that the email is spam. The email failed various tests and the JunkMail filter is simply telling you that's its possible that it could be spam, but its not sure.
The weighting system works as follows...
| Weighting Score |
Server Action |
Delivery Action |
| Score of 0 to 13 |
Warning in Headers |
Deliver to User |
| Score of 14 to 20 |
put **SPAM** in the subject line |
Deliver to User |
| Score Over 20 |
Hold Email on Server |
Dont Deliver to User |
If an email scores over 20 points its spam.
If you have sent an email from your account to another user on the same domain and the recipient receives the message with **POSSIBLE SPAM** in the subject line, its possible that the email contains certain criteria that it considers to be spam, although its not.
Some possible reasons the **POSSIBLE SPAM** was inserted...
1) The Email contains more than 3 html elements the JunkMail filter considers spam
2) The IP address on your ISP's network could be blacklisted because someone on your network may have sent spam in the past resulting in the IP being blacklisted. Its very common for ISP's to share a single ip amongst several hundred subscribers. It only takes one subscriber on your network to send a spam which gets reported, resulting in all subscribers getting blacklisted.
3) The dns settings of the sender may not be configured properly
What are "Email Headers" and how do I check mine?
Firstly, a more advanced explanation of email headers is here , but read on for a more simple version.
Every single Internet e-mail message is made up of two parts, the "header" and the "message body".
The message body is the part that you see when you open and read an email.
The headers are the hidden code and details that contain all the information about where the email originated and is very important in troubleshooting if there is a problem.
This is an example of what headers look like in Outlook. (Note the "Internet Headers")
To get this screen in your email programme, please select one of the following..
Outlook Express 6
1 Right click on a message.
2. Select 'Properties'.
3. If you have already double clicked on a message, drop down the 'File' menu and select 'Properties'.
4. Click on the 'Details' tab.
5. You can click 'Message Source....' and supersize the resulting window be able to read the header better.
Outlook 2002 /2003
1. Right click on a message.
2. Select 'Options...'
3. If you have already double clicked on a message, drop down the 'View' menu and select 'Options...'
4. The full header will be in the 'Internet headers:' field.
5. Click 'Close' to go back to reading your email.
You will then be able to copy and paste the header information.
How do I whitelist senders so they bypass my spam filtering?
If someone has been sending you emails for a long period and suddenly they dont come through anymore, its quite possible that they have been blacklisted and their emails will not come through due to the security settings on our network.
The only way to solve this is to "whitelist" them using your address book.
1) Login to your Web Mail
2) Once Logged in, Look for the Account Option Box in the top right hand corner of the page
3) Select the "Address Book".
4) Then Type in the Name and Email Address of the person you want to whitelist
4) Once you have added the user, they can send you emails without problems even if their domain, ip is blacklisted.
My Emails are being bounced by Hotmail. How can this be solved?
There are two things that are possibly happening to you.
1) Email from your email account are bounced by hotmail or never arrive.
2) Email sent to hotmail by a form on your web site are being bounced or never arrive.
Hotmail uses Sender ID to identify legitimate emails destined for their email servers. If your domain or mail server does not have sender id set up, then the likeliness that your emails will be bounced increases significantly. What is the solution?
We (123marbella) will have to create SPF and Sender ID on your domain name. This is usually done through the dns settings for your domain. There may be a small administrative charge to create and implement the spf and senderid policies to your domain and dns setting.
Contact Us for more details More information on SPF and Sender ID can be found at the following web sites:
Microsoft Sender ID Web Site OPENSPF (Sender Policy Project)SPF Wizards
Microsoft SPF WizardOpen SPF wizardSubmissions to Windows Live Mail/MSN Hotmail
You are encouraged to e-mail Microsoft after you post your SPF record to the DNS. This will help ensure that your record is automatically included in the SIDF cache and reduce DNS latency. Send an e-mail message with your domain name in the body of the message (for example, mydomain.com) to senderid@microsoft.com.
Other Relevant Sites related to Hotmail & SPF
Authentication and Online Trust AllianceMSN Postmaster > Senders FAQMSN Postmaster > Smart Network Data Services for ISP's MSN Postmaster > Troubleshooting
end of spam and anti virus faq |
