How XMission spam and virus filtering works.
Today I would like to go a little deeper than the typical “4 reasons” type articles I commonly post.
As a pioneer of Internet services, XMission has been providing particularly amazing email services for 20 years. We are very good at it and dedicate a tremendous amount of resources to keeping our customers’ in-boxes free of junk mail and providing quality SMTP feeds for many mail servers on the Internet. As the Product Manager for our Zimbra Unified Email & Collaboration Suite I am commonly asked what methodologies are implemented by XMission to protect customers from junk mail. This post will answer those questions.
Let’s dig in.
XMission uses a combination of internal and external RBLs (IP and URI), a cluster of SpamAssassin servers running a large custom ruleset, and the ClamAV virus scanner. This combination filters all mail service provisioned by XMission which include SMTP Spamcatcher feed for mail servers, traditional @xmission.com email accounts, and our hosted Zimbra Unified Email & Collaboration service.
Spamhaus RBLS: Real-time Blackhole List
Any IP address in Spamhaus’s SBL, XBL or PBL blocklists gets rejected on connection. These IPs are essentially foolproof–we’ve been aware of only two false positive attempts to send mail to XMission since 2006. These blocklists reject over two million spam messages a day.
You can see our real-time postmaster stats here: http://postmaster.xmission.com/
We operate two internal IP RBLs as well. One is to reject IP addresses that appear to belong exclusively to spammers, and the other is to reject IPs that have made known attempts to compromise users (phishers, IPs attempting to authenticate via brute force, etc.).
There are a number of other RBLs (both with IPs and URIs) that do not cause rejections, but will affect the spam score of the associated message.
SpamAssassin is a popular Open Source spam scanning package. It uses a wide variety of tests to identify spam signatures ultimately making the filters very difficult for spammers to bypass. XMission operates a cluster of SpamAssassin servers. SpamAssassin uses “rules” made up primarily of regular expressions (“meta” combinations of rules and rules determined by the output of custom perl plugins are also used) and a heuristic Bayes database of tokens from messages previously scanned as spam or non-spam to assign each scanned message a score measuring it’s “spamminess”. External RBLs, DCC (a service to identify bulk mail), and Botnet (a plugin identifying characteristics comment to compromised client machines) are also used as input to determine the spam score.
SpamAssassin itself simply adds some headers to the message, identifying the message’s spam score and the rules that were hit. Email interfaces such as Outlook, Zimbra webmail, Thunderbird or Mac Mail then use those headers to determine the ultimate fate of the message in a fashion that users have some control over. Within our systems the default spam score is 8, meaning that any message that has a score of 8 automatically gets filtered to the Junk folder. The score can be raised or lowered as our user desires, and additionally, Zimbra (or other email application) filters can be created to respond to specific SpamAssassin rules. For example, if a user receives a lot of stock spam, rules that indicate stock spam could be identified and used to filter those specific messages into Junk, regardless of whether the numeral score was high enough to filter the spam.
Finally, ClamAV, a popular open source antivirus engine designed for detecting viruses, malware, Trojans, and other malicious threats, is used on our incoming mail servers. It has an excellent detection rate and allows us to create custom signatures for new viruses.
Running your own server?
Filter emails through XMission before they hit your own mail server using our Spamcatcher service. For only $15 per domain per month, you benefit from all of XMission’s spam-blocking tools, and reduce strain on your own servers.
XMission’s privacy pledge applies to email, SMTP feeds, hosted Zimbra Unified Email & Collaboration, and all products we offer. http://xmission.com/privacy-pledge
XMission Spam filtering and SMTP wiki documents:
- RBLS: http://en.wikipedia.org/wiki/DNSBL
- Spamhaus: http://www.spamhaus.org/
- SpamAssasin: http://spamassassin.apache.org/
- ClamAV: http://www.clamav.net/lang/en/
Thank you for your time today. If you have questions on any of this please leave them in the comments. I look forward to hearing from you.