Summit Internet Services is a small domain host provider in the Mesa/Gilbert area of the Phoenix Metro Area.
Our main focus is providing web/mail hosting for small businesses seeking a host that strives to reduce the daily influx of SPAM. To that end we have fairly aggressive filters installed to combat this scourge. However we do err on the side of allowing some SPAM through (false-negative) so as to minimize the impact that might be seen from a “false-positive” (a valid email marked as SPAM).
Our mail servers combat the threat with a multi-tiered approach.
Step 1: Grey-Listing. The first time a piece of mail is received from a particular sending mail server our server will refuse delivery forcing the sending server to re-queue the message and make another attempt (re-queuing is standard practice with a “real” mail server). On the second attempt our server will compare the sending server, sender and reciepient. If they match the mail is allowed through for actual SPAM testing and the sending server is given a pass for Grey-listing for 90 days (at which time the above step is repeated)
Step2: Anti-Virus. Once accepted the message is subjected to anti-virus scanning. If the message is found to be infected the server deletes it
Step 3: SpamAssassin. Accepted mail is subjected to testing by SpamAssassin. you can read more about this project here. Once this step is competed the message is assigned a numerical score as to its probability of being SPAM.
Step 4: Bayesian Filters. These are filters that actually learn over time what SPAM looks like so that it can be recognized. You can read more about these type of filters here. Once this step is competed the message is assigned a numerical score as to its probability of being SPAM.
Step 5: SPF Records. Many valid mail servers are participating in this project. Having a record results in a positive numerical score be adding to our SPAM testing. You can read more about this project here. Once this step is competed the message is assigned a numerical score as to its probability of being SPAM.
Step 6: Reverse DNS. A valid mail server will have a record that basically acts as something like “Caller-ID”. If the sending server does not have this record we do not reject the message out-of hand like other services do (AOL for instance will refuse mail from a server without this record) but we do attach a high probability score to the message. Once this step is competed the message is assigned a numerical score as to its probability of being SPAM.*
Step 7: DNSBL: “Domain BlackList”. There are many services that have “honey-pot” email addresses. These addresses are never used nor advertised. If mail is received at such an address the probability that it is SPAM is considerable. Other DNSBL lists contain IP address ranging operated by known “SPAM-gangs” or addresses where legitimate mail servers would not normally be found. We consult 8 different DNSBL services. Some services we “trust” more than others and give different scores to the message based on this fact. Learn more about DNSBL here.
Step 8: The Tally! All the scores (positive and negative) that were assigned to the message are totaled. We have the following thresholds for determining what happens to a message
Score less then 15: The message is delivered
Score between 15 – 24: The message is delivered with SPAM-LOW added to the subject line*
Score between 25 – 34: The message is delivered with SPAM-MED added to the subject line*
Score between 35- 45: The message is deleted
Score above 45: The sending mail server is blocked/rejected from delivery for 1 full hour
* As part of our on-going adjustments to our filters and anti-spam testing we are no longer adding the SPAM-LOW or SPAM-MED tag’s to the subject line of messages. We are however now rejecting mail from servers without RDNS.