I have a client who is interested in finding a host with better spam prevention capabilities. They are asking about if there is a way to implement a captcha in order to allow any new senders to deliver to their inbox. I think they saw this method used when emailing domains from earthlink, which is the only place I think I have seen such a service in action. I told them that I forward all my mail to gmail and let their filters handle it, which works great for me, but in this case that solution is not being considered. They want to keep their email more private.
Are there any hosts that offer more than a basic level of protection against spam?
People do expect email to be instantaneous - but a little education quickly solves that one. Plus its only the first mail from a new user that gets delayed.
Passing through filtering itself takes time anyway and with more complex mail setups it often takes time for email to arrive. I know very few users who have their outlooks / thunderbirds check email more often than every 5 minutes - so that is often another delay that isn’t thought about.
Grey listing blocks far more spam for me than the filters
Getting the sender to verify email is a royal pain in the backside. So many just never get it.
Personally, if the customer is that bothered about filtering, you would be better looking at passing their email through a 3rd party hosted service that filters email for you. Or doing it yourself and setting up a custom mail server with filtering.
This is the option I went for myself, I’ve got a setup now where by very little to no spam gets through but I’m yet to be told about a false positive (where a legitimate email has gone walkies).
Try dealing with a dedicated e-mail hosting provider like PolarisMail. They have very advanced filtering that doesn’t require captchas or greylisting which simply slows e-mail down.
Greylisting was one of the best things I did with my mail server - It cut down the number of emails being filtered by the scanners which reduces load massively. It only delays the first mail from a new user, a tiny niggle in the grand scheme of the amount of spam it cut out!
Greylisting does work indeed but I would not recommend it in a business environment. Mail delivery should be instantaneous and succeed from the first try. Any delays are usually a bad thing especially when filtering works very well and can deliver very good results.
If google feel greylisting is worthwhile for their paid postini service, then I’d tend to agree.
In a strange coincidence, the CEO of ‘advanced spam filtering’ software PolarisMail is also a ‘George B’
Postini does use greylisting but that’s just their opinion. It doesn’t make it right. I have a lot of experience with e-mail and greylisting is not only unnecessary but it causes e-mail delays which can cause other problems.
Second of all, yes, that is me. I did not realize I could not make a valid suggestion just because I happen to be involved with that company. I read the Term of Usage and I did not see that as being forbidden. If it is and I overstepped, please accept my apologies and delete/edit my post as you find appropriate.
edit: just wanted to add that I made no effort to disguise myself as I was not trying to spam the thread. Some boards allow users to have a tag such as “Representative of XYZ.com” which I find very useful.
Hi George and welcome to Sitepoint.
Self promotion is generally frowned upon here, but it’s always useful to hear opinion from people involved at the cutting edge of these topics. Once you’ve been a member for 90 days you can add a signature - see more here: http://www.sitepoint.com/forums/faq.php?faq=youraccount#faq_signatures
I’ve used greylisting on servers because like Tim I’ve found it an ‘easy win’ that doesn’t consume resources. I’ve never particularly found any issue with the delay, but interested to know if there are reasons why it could cause other problems.
Thanks for the tip!
To my knowledge greylisting does not cause e-mails to be undeliverable, so there is no risk of e-mails actually getting lost because of that. There are however many fields where e-mail delivery should be instantaneous and not be delayed even by a few minutes. It’s indeed not the role of e-mail to be instantaneous but many people expect it to be and are using it in many situations where immediate delivery is necessary.
Another problem it can cause is with user perception. To give you an example, some services allow you to receive a delivery receipt right after you sent your message. This is not be confused with the read receipt which can be bypassed by the receiver. A delivery receipt happens like so:
User 1 -> Mail Server1 -> Mail Server2 -> User 2
When Mail Server 1 has passed on the message to Mail Server2 successfully, it usually gets a 250 code back ( or a 4XX for temp failures or 5XX for permanent failures ). The moment Mail Server1 receives that code, it notifies the sender ( User1 ) on the status of his message. It can either tell him “Your e-mail was delivered successfully” or “Your e-mail was temporarily/permanently rejected”. Needless to say that a temporary rejection due to greylisting can be very confusing.
I use this feature myself since I need to know when my e-mails were delivered - successfully - to a remote server and I always cringe when they get greylisted.
Like I mentioned in my original post, greylisting works but I think very good filtering can be achieved without it.
Furthermore, spammers use real mail transfer agents themselves, such as Postifx, Exim, Qmail which will retry sending a message upon receiving a greylist notification. Back in the 90’s or early '00 spammers used custom applications which did not even look at the return codes, but as anti-spam methods got better so have the spammers.
We are using a custom script at our websites’ support page to get genuine emails, though we receive junk once our identity is exposed. To prevent this we are using BoxTrapper and SpamAssassin. Apart of this we insist to use our script to communicate instead replying the emails. Finally we use ePrompter to get all our emails. If there is anything junk, we remove that manually and then go through our mailbox (this is just to avoid viruses etc.).
It’s fairly likely that the OP’s user has their email listed on a website, hence why they’re getting spammed out of existence. If they are getting heavily spammed, use a filter service such as Postini. Or find a host that knows how to filter spam - which won’t get as good a result as Postini, but will be better than you have now.
Please stop promoting the products.
Sorry, what are you talking about?
By the way - if the user is getting spammed a lot, and has listed their email address on a website, the best thing is to remove it and to shift to contact forms, which if correctly set up, don’t get spammed as much, and even if they do the spammers don’t have your actual email address.
If an email address is getting very high spam levels, another valid approach is to cancel that email address and create a new one, and don’t publish the new one anywhere on the web where spammers can harvest it. The problem is, once it’s in their databases, it’s impossible to get it out. If you want, it’s usually possible to set up a failure message which would tell a human what your new email address is (cpanel uses forwarder syntax like: :fail: new email address is ne-w-ema-il at domain dot com - remove dashes
You said above that you are using BoxTrapper. This is a bad strategy as it will get the server listed as a source of spam, through the responses it sends. That in turn will cause worse problems than it solves.