Anti-spam

hMailServer includes a number of basic anti-spam features. They can be found in hMailAdmin, under Settings -> Protocols -> SMTP -> Spam protection. This page describes the different options.

Use SPF

SPF stands for Sender Policy Framework. Domain owners can, by means of a TEXT record in their DNS, identifiy the email servers that are allowed to send email from their domain. If you enable SPF in hMailServer, hMailServer will check if the sender's IP address matches the IP address in the DNS-TEXT record. If not, the email message will be deleted without any notification. More information about SPF can be found on http://spf.pobox.com/.

Check that sender has DNS MX records

If you enable this option, hMailServer will check if the domain name in the sender's email address has valid DNS-MX records. For example, if bill@microsoft.com sends you an email, hMailServer will check if the domain, microsoft.com, has valid DNS-MX records. If it has, the email is accepted. If it hasn't, the email is dropped. Some spammers send email from bogus domains that do not exist. Turning this feature on prevents hMailServer from accepting them. The downside of this option is that the server may reject legitimate email. For example, if an automatic email is generated by cgi.domain.com and cgi.domain.com does not have valid MX records, the email will be deleted.

Allow empty sender address

This option lets you configure whether or not hMailServer should accept email messages that do not have a sender email address. Turning off Allow empty sender address might lead to legitimate email messages being rejected. For example, some servers might send email with an empty sender address, so-called bounce-email. Also, turning off the option is in violation of some RFCs.

Tarpitting

Tarpitting can be used to slow down the communication hMailServer makes with spammers. Some spammers may stop sending email to your server if it is responding very slowly to their requests. The feature assumes that the spammer sends one email to several recipients on your server during one SMTP session. If the number of recipients exceeds the Tarpitting count, hMailServer will delay the response of every subsequent recipient, for the specified number of seconds.

DNS blacklists

Blacklists are lists of email servers that are known to send spam. Blacklists are maintained by different organizations or individuals. If you enable blacklists in hMailServer, whenever hMailServer receives an email message it will check the sender's IP address against the blacklists you have chosen to use. If the IP is found to be in any of the blacklists, hMailServer will not accept the email message.

Varying statistics exist, but it is known that blacklists can cut your spam by around 15-25%, simply on the basis of the sender's IP address. Please be aware that blacklisting can block legitimate emails; for example, if a spammer uses a particular ISP's email server and gets it blacklisted, and your friend uses that same ISP, your friend's emails will also be blocked.

External tools

External tools, such as ASSP or SpamAssassin, can be used alongside hMailServer to prevent spam. Both ASSP and SpamAssassin are specialist software with the sole purpose of detecting whether an email is spam. They therefore offer much richer spam protection functionality than the one included in hMailServer.

IP ranges

It is possible to turn off hMailServer's spam protection functionality per IP range. For example, one normally does not have to check for spam on one's local network. Consult the IP range documentation for more information on this.

Search documentation