Spam Filtering & Bulk Email Policy: Microsoft Exchange
The following guide will give you a rundown on Rackspace's spam prevention system, and spam settings to help you keep your data safe and secure.
Rackspace uses the latest and best in technology to combat and reduce unsolicted email (spam). We estimate that over 95% of all email traffic is spam. Spam is not only a distraction; it can serve as a vector for viruses, malware, and phishing attacks. Our email spam filtering system is a continuously-updated, multi-layered process that eliminates 98% of all spam with near zero false-positives. Below is the layering process:
Layer 1: The Gateway Scan As soon as an email arrives the sending IP address is compared to an aggregated spam blacklist compiled from multiple spammer tracking systems. Our gateway servers also analyze the email message in the context of other arriving mail. If a large number of emails are coming simultaneously from a single IP or are addressed to random addresses that do not exist in our system, it could signify a spam attack and the email will be blocked. If the sending address is from a domain in our system but the mailbox does not exist the email will be blocked. This last case is called “spoofing” and it is the reason you may have received spam from your own email address or domain.
Layer 2: Cloudmark® Scan All email is scanned by Cloudmark’s industry-leading spam detection software. Cloudmark uses Advanced Message Fingerprinting™ to detect spam, phishing, and viruses. Instead of relying on a spam blacklist Advanced Message Fingerprinting examines algorithm patterns that expose spam across all languages and character formats. These patterns are updated every 60 seconds based on worldwide feedback loops and the latest spammer tactics.
Layer 3: The Message Sniffer Scan Email is then scanned with Message Sniffer from ARM Research Labs. Message Sniffer relies on pattern recognition and machine learning technology to detect spam and malware. It searches the entire message for spam, virus, and malware features including unusual headers, structural artifacts, message source behaviors, obfuscation techniques, email and URL targets, binary and image signatures, unusual code fragments, and even coding styles.
Rackspace also uses the latest and best in technology to make sure your data isn't compromised. Our antivirus system scans all inbound and outbound emails using a multi-stage process. The process is broken down into the following four stages:
Stage 1: Restricted Attachments Virus protection starts with scanning messages for dangerous types of file attachments. Dangerous files are those that can execute code, which can be used by malicious persons to spread viruses or do harm to your computer. Restricted file types include, but are not limited to, program files (.exe, .com), script files (.bas, .vbs, .js), and shortcuts to files (.lnk, .pif). When an email is sent or received that contains a restricted file attachment, the email is rejected and the sender receives a "bounced" email notification informing them of the restriction.
Stage 2: Normalization This stage of the email antivirus process searches for email formatting vulnerabilities that can be used by viruses to hide from virus scanners. If any vulnerability is found our system corrects the formatting of the message so that it can be thoroughly scanned for viruses. This is called "normalizing" the message, and most notably this process protects against known Microsoft Outlook security threats.
Stage 3: Decompression Next, if the email contains any compressed attachments such as zip files, the compressed attachments are temporarily unzipped so that the contents can be scanned for viruses. Many of today's viruses use compression as a way to sneak their way past virus scanners, sometimes even compressing themselves in several layers to try to hide from scanners. If an attachment cannot be decompressed, as might be the case for password-protected zip files, the original file is scanned for virus signatures that occur within compressed attachments.
Stage 4: Virus Scan After the above preprocessing is complete an email antivirus scanner is used to scan the email and all of its uncompressed attachments. Everything is scanned to ensure maximum protection against new virus threats. ClamAV (www.clamav.net) is the current scanner of choice, although our system was designed to be able to plug-in any virus scanner on the market should the need to do so arise. Updated virus definitions are automatically pushed to our system. This gives our customers protection from new viruses within minutes. Virus definitions are updated hourly. In contrast, most desktop and server anti-virus programs are configured to check for new virus signatures only once per day.
Bulk Email Policy
Our Bulk Email Policy is simple: Customers may not send email of similar content to more than 250 recipients. In our effort to make our email hosting services as reliable as possible we must restrict our customers from doing anything that could jeopardize the reputation of our mail servers. Thanks to our strict Acceptable Use Policy (AUP) our mail servers have a strong reputation for consistently sending legitimate email. Our customers benefit from this directly; email sent from reputable mail servers will be delivered promptly and effectively—arriving in their recipients’ inboxes rather than their spam folders.
One of the most important ways we protect the integrity of our mail servers is to restrict bulk email. Our AUP’s Bulk Email Policy restricts customers from sending any email of similar content to more than 250 recipients—even if the email is sent in batches over time or is sent using multiple email accounts. These restrictions are tough but they are necessary to protect our mail servers from potential blacklisting. If an ISP or another email host detects that unsolicited or undesired email has been sent from one of our servers (even just one email out of a thousand) the server may be blacklisted - which results in email delivery delays and may cause legitimate email to end up in recipients’ spam folders. This affects not just the offending customer but all customers sending email through the mail server. Though we have safeguards in place to promptly replace blacklisted servers, we must preserve our mail servers’ reputation for always sending legitimate email.
When email hosting companies compromise and allow their customers to send bulk email it negatively affects everyone. In fact, many businesses turn to us because of our strict AUP. They’re tired of having their email flagged as spam by their recipients’ email providers and they know that our AUP will prevent this from happening. It’s one more way that we’re Fanatical for our customers. We do recognize that many businesses need to send legitimate bulk email—and we are here to help. We have identified iContact, a leader in the email marketing industry, as a company that not only specializes in permission based, CAN-SPAM compliant, bulk email services, but that also shares our commitment to high quality products and reliable email delivery. To learn more about iContact and how they can help with your bulk email needs, please visit them at www.icontact.com/rackspace/
© 2015 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License
See license specifics and DISCLAIMER