Anti-spam methods

Anti spam methods

hMailServer includes a number of anti-spam features, which can be found in hMailServer Administrator, under Settings -> Anti-spam. This page describes the different options.

Use SPF

SPF stands for Sender Policy Framework. Domain owners can, by means of a TEXT record in their DNS, identify the email servers that are allowed to send email from their domain. If you enable SPF in hMailServer, hMailServer will check if the sender's IP address matches the IP address in the DNS-TEXT record. If not, the email message will be treated as spam. More information about SPF can be found on http://spf.pobox.com/. hMailServer only treat SPF FAIL-result as spam.

Check host in the HELO command

When another email server delivers an email to hMailServer, it has to identify itself by sending its own host name. If you have configured hMailServer to check the host in the HELO command, hMailServer will do a DNS lookup and confirm that the sending server has given a correct host name.

The downside with this method is the risk of false positives. While this method can be used to detect spam, a lot of legitimate domain owners do not configure their server correctly.

Check that sender has DNS MX records

If you enable this option, hMailServer will check if the domain name in the sender's email address has DNS-MX records. For example, if bill@microsoft.com sends you an email, hMailServer will check if the domain, microsoft.com, has DNS-MX records. If it has, the email is accepted. If it hasn't, the email is dropped (if the spam score reaches the spam delete threshold). Some spammers send email from bogus domains that do not exist. Turning this feature on prevents hMailServer from accepting them.

The downside of this option is that the server may reject legitimate email. For example, if an automatic email is generated by cgi.domain.com and cgi.domain.com does not have valid MX records, the email will be deleted (assuming the spam score reaches the delete-threshold).

Verify DKIM-Signature header

DKIM, Domain Keys Identified Mail, is a method to sign the content of messages. The recipient can verify that the message is sent from a server authenticated to send from the senders domain, and that the message content has not been modified in transit.

If DKIM verification is enabled, hMailServer will look for a DKIM-Signature header in every message. If the header is found, hMailServer will verify that the content of the message matches the signature. If no DKIM-Signature header is included, no DKIM verification will be done.

This test is expected to catch little spam, since spammers can simply skip including the DKIM-Signature header.

SpamAssassin

SpamAssassin is a popular 3rd part y spam system. It does hundreds of checks on the email message to determine whether the email message is spam.

To use SpamAssassin with hMailServer, you must install SpamAssassin separately.

DNS blacklists

Blacklists are lists of email servers that are known to send spam. Blacklists are maintained by different organizations or individuals. If you enable blacklists in hMailServer, whenever hMailServer receives an email message it will check the sender's IP address against the blacklists you have chosen to use. If the IP is found to be in any of the blacklists, hMailServer will not accept the email message.

Varying statistics exist, but it is known that blacklists can cut your spam by around 15-25%, simply on the basis of the sender's IP address. Please be aware that blacklisting can block legitimate emails; for example, if a spammer uses a particular ISP's email server and gets it blacklisted, and your friend uses that same ISP, your friend's emails will also be blocked.

SURBL servers

SURBLs differs from DNS blacklists in that they're used to detect spam based on message body URL (usually web sites). SURBLs are not meant to identify spam senders by their message headers or connection IP addresses. Instead they allow you to identify messages by the spam sites mentioned in their message bodies. This means that when you have enabled SURBL, hMailServer searches the e-mail message for links. If any links are found, hMailServer checks with the SURBL server whether these links normally exists in spam messages.

Greylisting

Grey listing allows you to prevent spam by temporarily rejecting email to your server. Grey listing benefits from the fact that properly configured email servers will try to resend messages later, while spammers normally will give up immediately if your server rejects an email.

When a sender tries to deliver a message for the first time to your server, hMailServer will save the senders IP address, the senders email address and the recipient email address. This information is called a triplet. hMailServer will reject the message and kindly ask the sending server to retry later. The next time the sending server tries to deliver an email which matches the triplet, hMailServer will accept the message.

External tools

External tools, such as ASSP or SpamAssassin, can be used alongside hMailServer to prevent spam. Both ASSP and SpamAssassin are specialist software with the sole purpose of detecting whether an email is spam. They therefore offer much richer spam protection functionality than the one included in hMailServer.

Search documentation