Anti-Spam Policy and port 25 blocks
This article contains the best practices for outgoing email from your server to the internet and our Spam Policy. These practices must be followed so that your emails do not get filtered, blocked, or marked as spam by First2Host or other anti-spam organizations or partners.
For every IP available with First2Host products and services, as an internet service provider, First2Host will register and reserve it with organizations such as RIPE or ARIN. This means that we appear as the IP abuse contact for litigation in the WHOIS database. If an IP is reported to organizations such as Spamhaus and SpamCop, which work to combat spam, malicious websites, and phishing, then the reputation of our entire network is at stake. It is, therefore, important that First2Host takes care of the reputation, quality, and security of the network, which also forms an important part of your service.
How does the Spam Policy protection system work?
Our system is based on the Vade Retro anti-spam system and comprises of three main areas of focus.
Malware is usually sent by email as an attachment in the open of tricking the end user into opening the attachment. Usually, these emails will contain text like “attached if your purchase order”. Once the attachment is opened the malware then infects the computer causing a loss of data. Our system will also scan each attachment for malware or viruses and if its found you are sending Malware an immediate block will be placed on all outgoing and incoming mail.
Each email that is sent from one of network IPs gets scanned by an automated program. The content is then analyzed and attached a score of 0 to 500. Any email with a score over 100 will be classified a spam. During the scanning of the outgoing emails our system checks the words used in the email for spamvertised content, word like “buy now” “% discount” “summer sale” are classed as spamvertised content and if these words appear to often in your email message it will gain a higher spam score which could lead to your email port being blocked.
Phishing is a process of trying to trick end users into logging into a “fake” website like online banking. Usually, users will receive an email asking them to login to the fake website to change there passwords, the email looks like it’s been sent from a reputable establishment like “Santander”. We also check all links in emails and if we find likes to Phishing sites in your email content then an immediate email block will be put in place.
Unblocking an IP blocked by our Spam Policy
If your emails have been blocked from being sent them you must follow these steps before we will consider removing the block. Users who do not follow these steps will not have their port 25 email block removed.
- stop sending email (e.g. stop all mail software such as qmail, Postfix, Sendmail etc.)
- check the email queue (e.g. qmHandle for qmail, postqueue -p for Postfix)
- analyse your logs using the Message-ID found in the block alert
- Take a copy of a random few email messages open a ticket with our support team and provide the email content inside the ticket for us to analyse.
NOTE: Whilst there is no human intervention in our anti-spam process and no human will ever see the content of the emails being sent we do record the message IDs of each email sent, the destination it was being sent to, the time and date and the score we assigned it.
You can now unblock port 25 from your control panel if your server is located in Canada or France. Hit “Manage IPs” then click the cog next to the ip address that has had its port 25 blocked. Click Unblock and then the block will be removed.
If you continue to send spam and remove the block from your control panel too many times port 25 will become permanently blocked and can not be removed
Can you whitelist me?
Our Spam Policy is to not whitelist any users, i.e. a filtering exclusion on the outgoing emails from your server. We can only assist you with the logs diagnosis, if the Message-IDs are unknown and not part of your legitimate emails or mailing lists. Our Spam Policy and protection system is 99.9% accurate its very unlikely our system will block your email ports if you are sending legitimate emails
If you have checked and found that the Message-IDs are from your legitimate email, you should then ensure that your email messages comply with the RFC and the Best Practices indicated below. If they do comply, you can inform us by sending a sample of your email (including header). Our technical support team will then assist you with the next steps. Simply open a support ticket or respond to the ticket that’s been opened for you.
RFC and Best Practices
RFCs (Request For Comments) are documents intended to describe technical aspects of the internet. They are produced and published by the IETF (Internet Engineering Task Force), a group which basically produces and defines standards.
Best practices are recommended methods which are often based on these documents and are intended to advise you on the best way to proceed. In this instance, this means the basic rules to follow so that your emails are not marked as spam.
If your outgoing email volume is over 100 emails per hour, you are advised to:
- reserve an IP block dedicated solely to email usage
- provide an ‘abuse’ address on this block in order to receive complaints
- configure reverses on all IPs correctly
This operation will enable you to simultaneously isolate the IP and domain reputation if you send emails for various domains, to receive the complaints, and thus do what is necessary to get unblocked by various organisations. It also enables you to locate a problem more quickly on a form that uses domain X or Y, as the emails are not sent out from the same IP and don’t have the same reverse.
Avoid using spammer keywords in your emails such as “buy” and “last chance”, and avoid capital letters, impersonal subjects, exclamation marks, and % discounts. Don’t forget to provide an unsubscribe link for people who have not requested to receive your email or who believe it to be illegitimate.
FBL – Feedback Loop
This system will enable you to follow up on feedback provided by some internet service providers directly, informing you that their users have marked your message as illicit, and that it has thus been classified as spam. This will enable you to interact with these ISPs directly concerning your reputation. Some FBLs:
- AOL Postmaster
- Outlook & live.com
Some authentication services enable you to protect your reputation.
An email authentication technology developed by Microsoft which validates the authenticity of your domain name by verifying the IP address of the sender. This technology is based on the IETF standard: RFC4406
Sender Policy Framework is a standard for verifying the domain of the sender. It is based on RFC4408 and consists of adding an SPF or TXT field to the domain DNS, which contains the list of IPs authorised to send emails from this domain.
Reverse enables your IP to be “translated” into your domain. That allows the domain associated with the IP address to be found.
DKIM This standard is described in RFC4871.
AOL, Google (Gmail) work on this basis. Official website: DKIM
How was this article?
You might also like
More from Dedicated Servers
Open And Close Ports In FirewallD - Manage Zones In FirewallD Like IPtables, FirewallD is a Linux firewall that filters packets …