  
|
||||||
|
|
|
|||||
|
||||
|
|
| |||||||||||
|
|
Spam elimination is a current technology that works, but everybody has to co-operate to make it a reality!
E-mail spam is a real time consumer and is often offensive and insulting. If you get 15-20 spam e-mails a day that consume 10 minutes of your time to scan and delete, and you have 6 employees at your company each receiving spam, your company is wasting an hour a day on spam. We have the ability to almost eliminate it. But it requires our customers' co-operation. Once we implement this feature some legitimate mail may be eliminated because the sending mail server is set up incorrectly. To avoid this you can find tips to prevent this before we turn our filters on.
When you receive mail on the HeffComm mail servers and bring it down to your mail reading program, certain information contained in each new mail message tells us if it is real or bogus. We can turn on the filter to eliminate the bogus ones so they never reach our mail server, never mind your PC. Most people use the free copy of Outlook Express that comes with Internet Explorer and Windows.
Open your mail program (Outlook Express) and allow it to download your mail. Now single click on a mail message to highlight it. Now Right click on it and click on properties as shown below:
This will open a new box with two tabs on it labeled General and Details. Click on the details tab and read the first line:
You will note that this mail message says it was sent from (Received: from 45274628 ([59.36.228.20] ) a system called 45274628 at Internet address 59.36.228.20. But the significant part is the phrase that follows that indicates (45274628 ([59.36.228.20] RDNS failed) ) RDNS (or Reverse DNS) failed. This means there is not a system called 45274628 at Internet address 59.36.228.20. So this is most likely a bogus E-mail. 4 out of 5 spam e-mails fail the reverse DNS lookup. Rejecting mail that does not pass the reverse DNS lookup is the primary method of eliminating the bulk of SPAM!
The second method is content filtering. We have a Microsoft Exchange Server which also has content filtering. We can set the level of what gets filtered. This works much better in conjunction with rejection of messages that failed reverse DNS lookup because it has fewer messages to scan for Spam content probability. If you have any legitimate mail that indicates in the message details that RDNS failed, We will be more than glad to work with their system administrators to correct the setup of their mail system. But you must make us aware of them NOW!
We plan on turning our filters on February 1st, 2006!!!
Their mail servers should also have an SPF1 record in their DNS. That stands for SPam Filter 1. This is a text record that indicates what the Internet Address and name of the severs authorized to send mail on behalf of their domain name (url).
These Internet mail standards were adopted in 2004 by the major players in the Internet industry. For details on this visit the following links:
SPF1 Records http://postmaster.info.aol.com/spf/ http://www.microsoft.com/mscorp/safety/technologies/senderid/resources.mspx
Below is an E-mail used to correct the problems with the correspondence with one of our customers and one of their vendors.
Dear Dan,
We at Heff Communications have a mission of cutting back spam for our customers, as do most ISP’s. We are about to turn on our spam filters in a block and delete mod rather than a mark and allow mode. It has come to our attention that one of our clients, Parkway Ford, receives mail in the form of sales leads from your company. Unfortunately your Internet department has made some error in the way your Domain Name Server (DNS) records are set up and are missing some important records. We would like to help you resolve these problems so your mail continues to flow into our mail system after we turn our filters on.
In October of 2004 the major players in the Internet community signed an agreement to implement an initiative to help block spam including the use of Reverse DNS lookup (RDNS) of the sending mail server to verify it is a valid mail server and a lookup of the SPF1 record to validate that the mail server is authorized to send mail on behalf of the domain the mail was sent from. These two initiatives can cut out 90% of spam right at the front door. This rejects the mail and it never enters our mail system. This means we no longer have to process it through our content filters, nor does the client have to process it through their client side filters for junk mail content.
The details are as follows:
Mail Header from a message from your system:
Received: from autonetmail.com ([207.41.74.17] RDNS failed) by Mail1.Heffcomm.net with Microsoft SMTPSVC(6.0.3790.1830); Tue, 15 Nov 2005 22:04:39 -0500 Received: from DotNet [204.118.63.20] by autonetmail.com (SMTPD32-8.00) id A77237610100; Tue, 15 Nov 2005 20:28:50 -0700 thread-index: AcXqXNnAwjxfK5yeR3iD3DFs7YRPRg== Thread-Topic: AutoNetUSA.com Direct Lead - Stock #: 51242B From: <wanted_lil_angel06@hotmail.com> To: <Internetsales@parkwayfordga.com> Subject: AutoNetUSA.com Direct Lead - Stock #: 51242B Date: Tue, 15 Nov 2005 20:21:36 -0700 Message-ID: <00f101c5ea5c$d9c081d0$0104a8c0@DotNet> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft CDO for Windows 2000 Content-Class: urn:content-classes:message Importance: normal Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830 X-IMAIL-SPAM-VALHELO: (929104128) X-IMAIL-SPAM-VALFROM: (929104128) X-IMAIL-SPAM-VALREVDNS: (929104128) Return-Path: wanted_lil_angel06@hotmail.com X-OriginalArrivalTime: 16 Nov 2005 03:04:39.0371 (UTC) FILETIME=[7BBA99B0:01C5EA5A]
You will note the first line above states the mail is from a system called autonetmail.com who’s DNS is IP 199.1.22.7 The IP address given is that of your mail server (Mail.autonetmail.com) who’s IP address is 207.41.74.17
Basically you are using the name of one system, but the correct IP address of another. The resolution to this problem is to change the public name of your mail server to the correct Fully Qualified Domain Name (FQDN) which is Mail.Autonetmail.com. I don’t know what mail program you are using, but in Exchange 2003 it is a simple clerical change.
When you hypertem to the mail exchanger on port 25 it identifies itself as autonetmail.com and it should identify itself as mail.autonetmail.com (the FQDN)
The last thing is the SPF1 record. You don’t seem to have one.
An example of an SPF1 record for Parkway Ford is below:
v=spf1 ip4:216.88.28.2 mx:mail1.heffcomm.net –all
this is located in the DNS entry for ParkwayFordGA.com and indicates that the only mail server allowed to send mail for ParkwayFordGA.com is mail1.heffcomm.net and the only IP address that is allowed is 216.88.28.2. This means any variation to these two parameters is fraudulent mail spoofing and should be rejected.
For more information on SPF1 records see the following
http://www.dnsreport.com/tools/dnsreport.ch?domain=autonetmail.com Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF1 records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004).
http://www.microsoft.com/mscorp/safety/technologies/senderid/resources.mspx
http://postmaster.info.aol.com/spf/
Please let me know if you intend to comply with these anti-spam initiatives and if so, when you have the corrections made so we can turn our spam filters back on. Thank you for your co-operation in this matter.
Michael Heffernan, President Heff Communications 368 Brisbane Drive Acworth, GA 30101 (678) 574-9652 Voice (678) 574-9892 Fax
|
|
