SurgeMail Spam and Virus protection

The best spam prevention techniques on the market today use SPF in "strict mode" (and to a lesser extent mechanisms such as ORBS) to only accept mail from someone confirmed to be who they say they are, combined with trainable message content based filtering.

For essential information on spam prevention using surgemail see notes on stopping spam and spam prevention guide .

SurgeMail offers advanced features to identify undesirable spam email, block virus infected mail and prevent abuse of your mail server by spammers. Incoming mail is scrutinised as shown in the diagram.

SPF + Open Relay database check

SPF (Sender Policy Framework) allows you to check that someone sending you mail is who they say they are. Surgemail has unique features that combines SPF with grey-listing and the allow mechanism to ensure there is minimal impact on valid mail. In particular, using greylisting surgemail will to automatically start accepting mail from real mailservers, and using the allow mechanism any valid end users whose message has been blocked is able to add their IP address so that subsequent messages are accepted.

It is important that you have SPF settings correctly configured. If they are not correctly configured you may conclude that SPF is "ineffective" or "stops too much real mail". Make sure that you follow the spam prevention guide.

SurgeMails integrated and flexible open relay database checking can be used enforce a servers blacklisting or whitelisting in one or more ORBS databases. In addition this can be used to mark messages with a header which can then be taken into account in the ASpam "SpamDetect rating" calculation. An ORBS database is simply a DNS server that returns a positive response if a server is listed in the database. A variety of services are available online that can maintain blacklist databases. Normally you would maintain your own whitelist database that overrides the blacklist listings.

Scan messages for viruses

SurgeMail has a variety of mechanisms for integrating with external virus scanners .

Any of these mechanisms can be used but it is recommended that Avast is used as this is closely integrated with surgemail, is efficient and is less prone to errors under load.

ASpam spam scoring system

SurgeMail has built in support for Aspam. This is a message "spamminess" scoring system based on the sum of the following:

- Locally customisable rule database maintained by netwin staff Approx 60% accurate on common spam
- Auto training database of recent messages that "look like spam" based on poly and multi symbol statistical word matching. Approx 90% effective if no local training is done, approx 99% effective if local training is done.
- Auto training database of recent messages that "look like spam" based on message parameters such as URL and content Approx 40% effective if no local training is done, approx 99.5 effective on trained data.
- Catcher addresses that should never receive genuine mail If mail is received on these addresses it a known a spammer.
- Optional modification of scoring based on ORBS and SPF checks

The auto training databases consist of a base set of rules maintained at netwinsite.com combined with local training based on messages submitted by the users of your system as uncaught spam or as a false positive.

Based on this "SpamDetect score" messages can be filtered at a serverwide level or at a per user level allowing individual users to fully customise their filtering setting up a totally customised "personal antispam policy" based on their chosen level of spam 'tolerance'. One of the more useful techniques is to use the Friends "Challenge / Response" only on messages that look almost certain to be spam.

Custom Filtering rules and Advanced mail rules

A variety of mechanisms exist in surgemail to setup custom filtering rules, exceptions to spam filtering and custom mail handling policies at a per user or serverwide level.

Examples of what the per user filtering allows users to is:

- take action (accept / reject / forward / move to special folder) based on message parameters
- take action (mark/bounce/move to folder/etc) on messages that look like spam
- send challenge response requests to certain messages (look like spam/ from certain domains/etc)

At a domain or serverwide level customised policies can be setup for:

- configuration and customisation of each spam prevention mechanism and default
- mail forwarding, redirection, archiving options
- default per user rules that are applied if user has no rules defined
- mfilter based advanced mail filtering

Other techniques

Some of the other surgemail techniques that can be used in preventing spam and virus infected emails getting to end users include:

Friends only system

The friends only system is a challenge response system allowing users to opt to receive messages only from friends. Non friends are automatically questioned to determine if they are human. All mail from non friends is held pending on the server until the user decided what to do with it. Status reports are sent to the user on a regular basis to provide information on the Friends system and any mail pending delivery.

Further information on configuring the friends system.

Message attachment renaming

Surgemail can disallow or rename certain message attachments as a basic antivirus tool.

Sender behaviour limitation

SurgeMail has many configuration options to directly block or tarpit users or servers identified as abusing the your mailserver. Some settings are: