How our spam zombie protection works.
Between our unlimited aliases, multiple domains, and free domain hosting, we host tens of thousands of domains and so must
employ protection against the flood of spam and backscatter from spam zombies. Spam zombies are virus/trojan infected
end user machines that are used to send vast quantities of spam. Spam zombies are are estimated responsible for approximately 80% of the spam. Without protection, these infected clouds of machines (millions strong) can
quickly overwhelm our servers, making mail completely unavailable to you or delaying desired mail for days.
Spam zombies are responsible for the majority of the 500 connections a second
we process. Some of the ways they are identifiable: by rdns or lack of, slamming (sending data before prompted
by server), receipt flooding (many messages sent to non-existent accounts all at once), or the sending machine
is in known end user space where a mail servers should not be (some ISPs publish lists of these for their network). We also employ a fingerprinting method we'd like to keep proprietary, but it's very fast and accurately identifies infected machines sending spam.
Our goal with the Spam Zombie Milter is to provide our users with the most protection possible in a very unobtrusive and very easily whitelisted manner. That is why any rejection has a One Click Whitelist that can be triggered by anyone who reads the message. Could spam zombies be programmed to click these links? Probably, but they don't. So currently this works very well.
Note: some of these infected spam zombies send a virus/trojan payload, trying to infect your machine so it too can become a spam zombie. The milter helps to block these.
Aside: One of our users has a domain that has become such a spam and backscatter magnet because of it's name that we are the only host that can handle it. He once moved the domain only to return saying "it was unusable" at his new host. The difference is our milter.
Our custom Spam Zombie Milter uses a proprietary passive fingerprinting method to determine a probability for whether
or not the connecting machine is an infected zombie. If it is a high probability (i.e. matching multiple spam
zombie characteristics) to be an infected end user machine, the machine is temporarily blocked (blocks are aged using a tiered process with new additions aged out fast and repeat offenders aged out more slowly (ie. the milter learns and remembers)).
If blocked, a rejection message with a One Click Whitelist will be received by the sender.
Every rejection message contains a link that when clicked will automatically whitelist the sending server for all future messages. Whomever reads the rejection message and clicks the link whitelists the sending server.
Our spam zombie milter also identifies and blocks backscatter. Backscatter happens when a spammer forges a domain name and uses random account names (they do this to get past the e-mail requirement
that the from address be a valid domain). The spammer then sends millions of e-mails with those forged from addresses. Servers receiving and bouncing undeliverable messages to the from address flood the from address with bounces for a message they did not send. This is backscatter.
With our unlimited aliases, every account is it's own domain, many domains
in fact. If a spammer forges one of them you could end up receiving over 10,000 bounces a minute for a message
you did not send. The Spam Zombie Milter blocks this for you, only allowing bounce messages that originated
from our servers (i.e. any bounces for mail that you sent).
Sender Address Verification:
SAV (Sender Address Verification) is an abusive practice where an e-mail connection
is opened and the from address is checked to see if the account is valid before the remote server will accept an e-mail it is receiving. SAV does not work. Ask Verizon, they tried it once and learned all about it's pitfalls. Thousands of screaming admins rose up and whacked them with a clue by four. Verizon no longer runs SAV. SAV is indistinguishable
from backscatter and so is blocked by our backscatter blocking. However, even those ignorant enough to insist on using SAV can still be easily addressed by you just clicking the URL you see in the rejection (this will allow their sender verify to work).
Does this mean no spam?:
Unfortunately, no. We have other filters available to you should you begin receiving spam. What this does is cut 80% of the spam you might see. This is because that spam is delivered by botnets, or clouds of infected home PCs all controlled by one spammer using them all to send tens of millions of spam messages. The milter targets these machines and is very effective against them. As more spammers use botnets, which seems to be the trend, this milter cuts more spam.
Don't want your account protected by the milter?
We don't see why, considering how easy it is to whitelist anything accidentally caught by it. However, we can place an account in front of the backscatter block or the entire Spam Zombie Milter checks, completely bypassing it for all mail destined for the account (contact helpdesk if desired). We do recommend against this, you get a lot of protection from our Spam Zombie Milter with virtually no risk. The Spam Zombie Milter has been protecting tens of thousands of accounts and learning for over eight years now, it does not catch many (if any) valid mail servers and if it ever should...One Click Whitelist.