Thursday, November 22, 2012, 15:05
Why am I still receiving Spam?
Solution ID: 00000179
Why am I still receiving Spam?
There are a number of reasons why the amount of Spam you receive does not go down immediately after implementing PerfectMail.
Here are the most common reasons along with suggestions on how to fix the problem:
- You may be receiving e-mail from unprotected mail accounts. It is quite common for people to have multiple e-mail accounts. Modern mail clients (e.g.: Outlook) can poll for mail from many sources and consolidate it into a single in-basket. PerfectMail will block Spam from your protected accounts but not from unprotected accounts. If all of your e-mail accounts are on local servers, then you can solve the problem in one of 2 ways:
- Be sure that PerfectMail filtering is configured for all of your domains. To do this, create domain records in PerfectMail for all local mail servers and all of their respective domains. Be sure to indicate that each domain has filtering enabled (Domains > Your Domain > Filtering Enabled is checked).
- Ensure that all mail is directed to your PerfectMail server. This may involve updating DNS mail exchanger (MX) records so that they direct mail to your new PerfectMail server or changing the SMTP port forwarding rules at your firewall to direct all traffic to your PerfectMail appliance.
- You may be receiving e-mail from remote mail servers. PerfectMail can only protect e-mail traffic directed to local mail servers. Often people use a mix of e-mail accounts on both local and remote mail servers. PerfectMail cannot protect remote mail servers or popular Web based mail services like HotMail, MSN or Yahoo Mail.
- You may have insecure mail relays. PerfectMail can be told to accept all e-mail from a trusted source. If this trusted mail server also accepts mail from the Internet, then you are providing a back door through which Spam may arrive. To solve this problem, ensure that your internal trusted mail relays do not accept e-mail directly from the Internet. Stated another way, all internal relays must be outbound only mail relays, not inbound mail relays.
- Spammers may continue to use your old IP address. A common implementation strategy is to provide PerfectMail with a new IP address and then redirect e-mail to the new address via DNS MX record updates. This strategy works well for legitimate senders but may result in no immediate decrease in Spam.
Our research has shown that Spam engines do not do DNS queries for each message they send. Instead, they query DNS once and then remember (cache) the answer - sometimes for months. Since DNS queries take time and mail servers rarely change IP addresses, caching IP addresses helps Spammers send out much higher volumes of junk mail.
Often the old IP address is still a legitimate pathway to your mail server. If true, and spammers have cached your mail servers' IP address, then Spam will continue to show up in your inbox.
You can solve this problem by migrating all of your domains to PerfectMail as quickly as possible. Once this is done, configure your firewall to shut down mail handling on the old IP address.
Another solution is to configure your local mail server so that protected domains may only communicate with the mail server from the IP address assigned to PerfectMail (as that is their only legitimate pathway). The local mail server should not accept SMTP traffic for protected domains directly from the firewall.
Tags: spam, e-mail, antispam, filtering
Link to this article: kb/why_still_receiving_spam
Updated: Thursday, November 22, 2012, 15:05
-- David Rutherford