How it Works
The mail coming into the server is controlled by your DNS MX records for your domain. Mail is guided through the gateway first, before reaching the normal mail servers. Below is the process in which a message will take before reaching the intended recipient.
Step 1 - The Gateway to the Gateway
Before mail reaches the filtering mechanisms inside the gateway server, mail is first checked against three blacklist networks:spamcop.net & Secure Foundations. Spamhaus.org is a composite list of known spammers & spam virus infected computers. Spamcop.net is a composite list of known spammers and spammers reported by end users. Secure Foundations also employs it's own blacklist system, this blacklist is compromised of known spammers local to our servers. Mail coming from any IP address in their lists is automatically rejected by the server. The powerful combination rejects 70% of all spam received.
Step 2 - The Reject List
Once the message is cleared by the blacklists, it enters the server. Once again, before reaching the filtering mechanisms, mail is checked against the reject list kept by Secure Foundations. This is an ever changing list of known spam operators. If the sender's IP Address matches an entry on the list, mail is immediately rejected.
Step 3 - The MailScanner
Once the message is cleared by the blacklists, it enters the Mailscanner. The Mailscanner is a powerful Open Source scanner that incorporates the Anti-Virus engine ClamAv & the spam detection software SpamAssassin and it's plugins.
Step3a. - ClamAV
ClamAv is the leader in Open Source Virus Protection. All mail coming into the gateway is checked for viruses. ClamAv also peers into .zip attachements for hidden viruses. The virus detection rulesets are auto-updated evey hour.
Step3b. - SpamAssassin
Once the virus check is complete, the message is then checked by SpamAssassin. SpamAssassin is a self learning anti-spam engine that incorporates many different rulesets & plugins to accomplish its task of identifiying spam mail. SpamAssassin works on a point scoring system. Points are assigned to the message either by the bayesian self learning engine, a ruleset, or one of the many plugins that Secure Foundations has installed. Once the rule threshold is reached, the mail is identified as spam, and redirected to the Secure Foundations spam repository. Below is brief overview of some the the plugin features.
Bayesian Filters
Mail is first checked by the powerful self learning bayesian filters. These filters are self learning and assign points to spam that it has already seen. This is the main engine of SpamAssassin, all of the following plugins assist the bayes filters in identifying spam.
Custom Rulesets
Rulesets identify key words and phrases in email messages to assist the bayes filters in spam determination. Keywords and phrases translate into point scoring which are assigned to the overall message score. Spamassassin includes a very robust ruleset by default, but we also employ custom rulesets from SARE and we also program our own rules which target spam messages specific to our servers.
Blacklists
The message is now checked against a different set of blacklists. This list includes Sorbs and many others. If the sender'ss IP Adresss is listed, points are assigned.
URIbl & SURbl
The URIBl & SURbl are spam identifying networks that do not check the sender's IP Address, but instead check the links inside the message. If the links found inside the messge belong to a 'spamvertised' site in the list, points are assigned.
Vipul's Razor & Pyzor
The Razor & Pyzor networks are spam identifying networks kept by mail server administrators. If the sender's IP address is listed in these networks, points are assigned.
FuzzyOcr
This is probably the most unique feature offered by the system. When mail is scanned, it is checked for images. If an image is detected, it is subjected to Optical Recognition tests. FuzzyOcr scans the image, checking for keywords hidden inside the image. Points are assigned according to what words were found and how many. Sending image files is how spammers get 90% of spam around filters as normal filtering cannot detect text inside images. Here are few:
Spam Image 1Spam Image 2
Step 4 -Final
The mail has been processed by the gateway and it is either clean mail and is forwarded to its proper destination or has been identified as spam and is sent the the spam repository at Secure Foundations or to a local account on the server. Spam mail may also be forwarded to another email account of your choosing. Spam mail sent to the repository has a final review from a Secure Foundations admin, then is deleted. If on a rare event that a legimate email is caught in the filters, it is redirected to its proper destination. The filter respository is dumped every 2 hours. The repository is a great solution for those who simply do not wish to review hundreds of spam messages.
Legitimate Mail
Secure Foundations maintains a current 'whitelist' of legimate sender's. Any Sender's in the list are granted passge through the gateway. This list is always being updated to include new sender's. New sender's may be added anytime at your request.
Habeas
Secure Foundations also supports the Habeas List of Legimate senders. Any sender listed with their services is granted access to our servers. Click here to learn more about the Habeas Listing Service.
Who can use the gateway?
All Secure Foundations hosting customers may use the gateway. There is no addtional charge for its use. The gateway is also available to others outside of the Secure Foundations network and may be applied to any email system. Many businesses run 'on premise' Exchange Servers for their email. Mail may be filtered by the gateway before being sent to the Exchange Server. For more information, please contact an Administrator at Secure Foundations.
Redundancy
The question most asked of us is,"What happens if the gateway server goes down"? "Will I lose my mail"? Absolutely not. The gateway has a dedicated backup server that takes over in the event of an emergency. Mail will be 'queued' on the backup server until the gateway comes back online. A gateway failure will be automatically detected by the backup server.
What do we Consider Spam?
The word "Spam" as applied to Email means Unsolicited Bulk Email ("UBE")
Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content.
A message is Spam only if it is both Unsolicited and Bulk.
- Unsolicited Email is normal email (examples: first contact enquiries, job enquiries, sales enquiries)
- Bulk Email is normal email (examples: subscriber newsletters, customer communications, discussion lists)
Technical Definition of Spam
An electronic message is "spam" IF:
(1) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients;
AND
(2) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.
Spam is an issue about consent, not content. Whether the UBE message is an advert, a scam, porn, a begging letter or an offer of a free lunch, the content is irrelevant - if the message was sent unsolicited and in bulk then the message is spam.
Spam is not a sub-set of UBE, it is not "UBE that is also a scam or that doesn't contain an unsubscribe link", all email sent unsolicited and in bulk is Spam.
This distinction is important because legislators spend inordinate amounts of time attempting to regulate the content of spam messages, and in doing so come up against free speech issues, without realizing that the spam issue is solely about the delivery method.
WC3/CSS
WC3/XHTML