Frequently Asked Questions
- What's wrong with your system? Dnsreport.com/Dnsstuff.com says your mail servers are down
- How do I pay for my account?
- What do you do with my personal information?
- Do you offer a money back guarantee?
- Do you have any bandwidth restrictions?
- Is there any limit to the size of attachments or email messages that I can send or receive?
- Do you support SSL encryption?
- Do you support SMTP authentication and SSL/TLS SMTP connections?
- Can I use any envelope address when I send email through your SMTP servers?
- How does the storage quota work?
- What servers should I use?
- Do you notify the sender of a virus that the email has been discarded?
- Do you notify the recipient of a virus that the email has been discarded?
- Can I get a copy of a virus infected email?
- What does MX mean?
- What is your backup procedure?
- What kind of disk storage do you use?
- What are remote box polls?
- How do you implement forwarding to another email address?
- What would be an appropriate SPF record for my domain?
Account Manager Questions
- Why don't I see a menu selection to create addresses when I login?
- Why don't you have aliases?
- How do I create, edit, or delete addresses?
- How do I forward email?
- How do I forward email to a cell-phone or PDA?
- What is a reject address?
- What is a catchall address?
- How do I add a domain to my account?
- Why do the some select boxes disappear when my mouse is over the drop-down menu area?
- What is the IMAP folder separator?
- Why do messages I have deleted show up as crossed out or have an X beside them?
- Do you delete a message once it is delivered to a mailbox?
- How can I stop you from deleting messages in my Trash and Junkmail folders?
- My INBOX is empty but I'm still over quota?
- My account is over quota and I can't delete anything?
- What is your backup procedure?
- Can you recover mail that has been deleted?
- Why does Windows Mobile not work with Tuffmail?
Spam Control Questions
- What are MX restrictions?
- Why is email that scores as spam delivered to my INBOX?
- What spam related headers are added to a message?
- How can my friend send email to me when his Exchange server is an open proxy?
- What is subject tagging?
- How do I accept mail from selected senders only?
- What is the format for Allow/Deny list entries?
- How can I disable all MX restrictions and spam scoring?
- Where can I get a list of SpamAssassin scores?
- What is Greylisting?
- How does the Bayes classifier work
What's wrong with your system? Dnsreport.com/Dnsstuff.com says your mail servers are down.
Nothing is wrong here, their mail server tests ignore our responses to their probes.Dnsstuff.com probes for three addresses, firstname.lastname@example.org, email@example.com, and postmaster@[the.server.ip.address], and then they attempt a relay to Not.abuse.see.www.DNSreport.com.from.IP.your.ip.address@DNSreport.com. Our MX servers have a 'Three strikes and you are out' policy. After three errors the connection is closed. If the domain they are testing does not have an abuse@ and postmaster@ address, Dnsreport.com wrongly reports that our MX server did not respond.Here is a SMTP protocol trace from a Dnsreport.com probe where the abuse@ and postmaster@ addresses do not exist.
Out: 220-mxin.mxes.net ESMTP Postfix 03 Out: 220- By sending email through this server you agree to be tested Out: 220- for an open relay and agree to be scanned for open proxies. Out: 220 Sending UBE through this server is prohibited. In: HELO test.DNSreport.com In: MAIL FROM:<> In: RCPT TO:<firstname.lastname@example.org> Out: 550 5.7.1 <email@example.com>: Recipient address rejected: User unknown In: RCPT TO:<firstname.lastname@example.org> Out: 550 5.7.1 <email@example.com>: Recipient address rejected: User unknown In: RCPT TO:<firstname.lastname@example.org> Out: 554 5.7.1 <email@example.com>: Relay access denied Out: 421 4.7.0 mxin.mxes.net Error: too many errorsThree errors and the connection is dropped. Looks just like a spammer attempting delivery to non-existent email addresses.Here is a SMTP protocol trace from a Dnsreport.com probe where the abuse@ and postmaster@ addresses do exist.
Out: 220-mxin.mxes.net ESMTP Postfix 03 Out: 220- By sending email through this server you agree to be tested Out: 220- for an open relay and agree to be scanned for open proxies. Out: 220 Sending UBE through this server is prohibited. In: HELO test.DNSreport.com Out: 250 mxin.mxes.net In: MAIL FROM:<> Out: 250 2.1.0 Ok In: RCPT TO:<firstname.lastname@example.org> Out: 250 2.1.5 Ok In: RCPT TO:<email@example.com> Out: 250 2.1.5 Ok In: RCPT TO:<firstname.lastname@example.org> Out: 554 5.7.1 <email@example.com>: Relay access denied In: RCPT TO:<Not.abuse.see.www.DNSreport.com.from.IP.your.ip.address@DNSreport.com> Out: 554 5.7.1 <Not.abuse.see.www.DNSreport.com.from.IP.your.ip.address@DNSreport.com>: Relay access denied In: QUIT Out: 221 2.0.0 ByeThe probe above succeeds but Dnsreport.com whines about the MX server not accepting mail for firstname.lastname@example.org. Its 2007 and 90% plus of the mail on the Internet is spam or malware. The time when mail should be accepted for addresses like email@example.com is long gone.To get around the broken tests from Dnsreport.com, we allow the IP address they are probing from to succeed for address probes but the relay probe will fail as it should.
Out: 220-mxin.mxes.net ESMTP Postfix 03 Out: 220- By sending email through this server you agree to be tested Out: 220- for an open relay and agree to be scanned for open proxies. Out: 220 Sending UBE through this server is prohibited. In: HELO test.DNSreport.com Out: 250 mxin.mxes.net In: MAIL FROM:<> Out: 250 2.1.0 Ok In: RCPT TO:<firstname.lastname@example.org> Out: 250 2.1.5 Ok In: RCPT TO:<email@example.com> Out: 250 2.1.5 Ok In: RCPT TO:<firstname.lastname@example.org> Out: 250 2.1.5 Ok In: RCPT TO:<Not.abuse.see.www.DNSreport.com.from.IP.your.ip.address@DNSreport.com> Out: 554 5.7.1 <Not.abuse.see.www.DNSreport.com.from.IP.your.ip.address@DNSreport.com>: Relay access denied In: QUIT Out: 221 2.0.0 ByeThe problem arises when Dnsreport.com starts probing from a different IP address. When they change the IP address they are probing from, the tests will fail if your domain dos not have a postmaster@ and abuse@ address.Why do we let the Dnsreport.com tests succeed? Simply because it makes us look bad when Dnsreport.com wrongly reports our MX servers are down when if fact the problem is the Dnsreport.com tests and not our MX servers.
How do I pay for my account?
We will email you an invoice a few weeks after signup. We accept American Express, Discovercard, Mastercard, Visa, and Paypal. Larger business accounts may pay by check.
The first month is free no matter when you pay your invoice.
What do you do with my personal information?
Do you offer a money back guarantee?
If you are not satisfied with our service for any reason during the first 30 days of paid service, we will issue a no questions asked refund.
Do you have any bandwidth restrictions?
We do have to track bandwidth usage because contrary to popular belief, bandwidth does cost money. Each account has a transfer (bandwidth) allowance. We track the following usage:
Transfers allowances are not hard limits. Your account will not be disabled if the allowance is exceeded. If your allowance is exceeded once in a while we will not notice. If your account exceeds its transfer allowance on a regular basis we will ask you to reduce your usage or make an additional payment.
- Email received by the MX servers from the Internet.
- Email forwarded to the Internet from the MX servers.
- Email injected into the MX servers from the Box Poller.
- Email received by the SMTP servers.
- Email forwarded to the Internet from the SMTP servers.
- Data transfered in and out with the IMAP and POP protocols.
We do notice when broken IMAP and POP clients retrieve the same messages over, and over, and over, .... We also notice when broken SMTP clients like Outlook and Outlook Express ignore the ESMTP banner that states maximum message size and they continue to try and send a message larger than the 100MB limit again, and again, and again, ...
Is there any limit to the size of attachments or email messages that I can send or receive?
100MB is the current message limit size. This is much larger than most email servers will accept. If you need to send email this large you should verify that the recipients SMTP server will accept it. Sending a large email that is later rejected by the recipients SMTP server still counts towards your transfer allowance since it has to be transferred to our SMTP servers before it can be forwarded.
Do you support SSL encryption?
The IMAP, POP3, and SMTP servers support SSL encryption. Check this link for SSL port information.
As of January 1 2005 the MX servers are offering TLS for inbound mail and the SMTP servers will use TLS if offered for outgoing mail.
Do you support SMTP authentication and SSL/TLS SMTP connections?
The SMTP servers require authentication with the SMTP AUTH protocol. The SMTP servers support TLS and SSL on standard ports. Check this link for SSL port information.
As of January 1 the MX servers are offering TLS for inbound mail and the SMTP servers will use TLS if offered for outgoing mail.
Can I use any envelope address when I send email with using
Tuffmail SMTP servers?
Currently there is no restriction on what envelope address you may use when sending email through our SMTP servers.
How does the storage quota work?
Mailboxes in an account share the account quota. Quota tests are based on the sum of the storage used by all of the mailboxes in an account.
When the sum of the storage used by all mailboxes in the account is at or over 100% of quota, notification will be delivered several times daily to all mailboxes in the account while the account is at or over 100% of quota.
When the sum of the storage used by all mailboxes in the account is at 120% of quota, another notification is delivered to all mailboxes in the account and the MX servers begin rejecting email with a temporary failure code. Well behaved mail servers will queue the rejected email for some period of time from hours to several days at least.
When the sum of the storage used by all mailboxes in the account has been over 120% of quota for 72 hours the MX servers reject email with a permanent failure code.
Effective October 1, 2007: When the sum of the storage used by all mailboxes in the account has been over 100% of quota for 7 days, the MX servers reject email with a permanent failure code. The 20% quota margin is not intended to be used as permanent storage. The 20% margin was implemented to allow an account to go over quota for a short period of time without delaying delivery of any mail. Notice of this policy change has been included in over quota notices since the last week in July.
When we have to reject mail for addresses that deliver to an over quota mailbox, the rejection message is:The mailbox for email@example.com is over quota
What servers should I use?
Do you notify the sender of a virus that the email has been discarded?
No, modern viruses forge the envelope sender resulting in spamming the innocent victim of the envelope forgery with a bogus notification. We use Unix workstations here and they are not able to be infected with a Windows virus. When a new virus starts to spread we are notified, many, many, times, that one of our Unix machines is infected with a Windows virus. We don't appreciate these bogus notices so we don't send them.
Do you notify the recipient of a virus that the email has been discarded?
Virus notifications can be enabled on a per email address basis. Infected messages that have been discarded are also shown in the real-time reports.
Modern viruses are self replicating with their own SMTP engine and they send no useful content. The envelope sender is forged and is most likely unknown to you.
Can I get a copy of a virus infected email?
No, virus infected email is discarded.
What does MX mean?
MX stands for 'Mail eXchanger' and originates from the use of MX records in DNS, Domain Name Service, that specify which mail servers accept mail for a domain.
What is your backup procedure?
All IMAP server actions are replicated in near real-time, currently less than 20 seconds, to backup servers providing a very warm backup. Human intervention is needed to bring a backup IMAP server online as a primary IMAP server.
Daily around 1900 EST a snapshot backup is made to a backup server. Each backup re-places the previous. This backup is for extreme disaster recovery purposes.
All user deleted mail is kept for 7 days on the primary IMAP servers and the warm backup IMAP servers. Deleted mail is not included in the daily snapshot backup.
Recover Deleted Mail
What kind of disk storage do you use?
All disks SCSI with hardware RAID1 and/or RAID5 depending on the use. Smaller arrays for system disks and IMAP meta data are RAID1 arrays for performance reasons. RAID5 arrays are used for message storage. We use many smaller RAID arrays instead of a few very large arrays. IDE drives are used in laptops only where there is no choice.
What are remote box polls?
Remote box polls are used to retrieve mail from IMAP and POP, accounts on other email systems. Click on 'Box Polls' in the 'Account' drop-down menu in the Manager to create or modify a box poll.
How do you implement forwarding to another email address?
Forwards are configured in the Manager and the forwarding is usually done by the MX server that received the message. In special cases like a destination server that offers TLS but can not do encryption properly, the message will be routed through a server that ignores the offer of TLS so that the forwarded mail can be delivered in spite of the broken destination server.
Forwarding is completely divorced from delivering mail to a mailbox on one of the IMAP servers.
What would be an appropriate SPF record for my domain?
v=spf1 include:customer-spf.mxes.net ~allUse of -all is not recommended due to the problem with mail you send that is forwarded by the recipient.
Account Management Questions
Why don't I see a menu selection to create addresses when I login?
You are logging into the Manager with a mailbox and mailbox password. You see a subset of the management functions that allow you to manage restrictions and filters associated with addresses that deliver to your mailbox.
There can be many mailboxes in an account. A user with a mailbox password should not necessarily have access to all management functions.
The management access level for a mailbox login can be set when the mailbox is created or changed after a mailbox is created from the Mailboxes management page.
Why don't you have aliases?
An alias is another name for the same thing. Most email systems sell you a mailbox with an email address tied to the mailbox. Spam controls, forwarding, and generating an auto-response are done at the mailbox. An alias on that kind of email system is a true alias, another name for your mailbox.
The Tuffmail system implements forwarding, spam control, and auto-responses at the SMTP level when a message is received based on the email address the message is addressed to. An email address can deliver to a mailbox, forward to another email address, deliver to an auto-responder, or any combination of those deliveries. An email address is not just another name, or alias, for something else.
You can create as many email addresses as you need in your account sub-domain or in your domain(s).
How do I create, edit, or delete addresses?
Click on 'Address' in the 'New' drop-down menu to create a new address. Click on 'Edit' beside an existing address in the Addresses display to edit the address or where it delivers to. Click on 'Delete' beside an existing address in the Addresses display to delete the address.
How do I forward email?
Click on 'Address' in the 'New' drop-down menu to create a new address and enter the address you want to forward to in the 'Forward to user@domain' field. Or edit an existing address and add the address you want to forward to.
How do I forward email to a cell-phone or PDA?
Use the special textfilter forwarding address:
The textfilter forwarding mechanism forwards the plain text portion of an email or the text/plain attachments only. Email scoring as spam is not forwarded.
NOTE: Its just plain textfilter, not textfilter.com or textfilter.net, just plain textfilter with no TLD extension.
What is a reject address?
A reject address creates an exception to a catchall address. A reject address does nothing useful unless the domain has a catchall address since an address must exist before mail will be accepted.
What is a catchall address?
A catchall address allows mail addressed to firstname.lastname@example.org to be accepted. A catchall address will become a spam trap since email@example.com will be accepted. Use of catchall addresses is discouraged unless absolutely needed for legacy reasons. Catchall addresses had their place in the last century but those times are long gone.
How do I add a domain name to my account?
Click on 'Domain' in the 'New' drop-down menu in the Manager to add a domain name. The domain will be added to the system and the domain will be activated if one of the following is true:
- The domain is a sub-domain of an active domain in your account.
- Any MX record in the domain that points to our MX server cluster name.
- An activate-domain CNAME record in the domain that points to our MX server cluster name.
CNAME activation record examples:
activate-domain.yourdomain.tld. IN CNAME mxin.mxes.netWhat you should not do is to create a name in your DNS with an A record using one of our IP addresses like the example below. If we re-number our MX servers, your mail will stop working.
yourdomain.com IN MX mail.yourdomain.com. mail.yourdomain.com IN A 188.8.131.52
- Why do some select boxes disappear when my mouse is over the drop-down menu area?You are using the Internet Explorer web browser or a web browser that is capable of pretending to be Internet Explorer like Opera. Internet Explorer renders select boxes on top of the drop-down menus resulting in a useless menu. The work around for this browser bug is to hide the select boxes so that the menus are readable. Just one more hack to get around problems with the very popular, bug infested, insecure, Microsoft web browser.
What is the IMAP folder separator?
Tuffmail uses the '/' character for the folder separator so that a '.' may be used in folder names.
Why do messages I have deleted show up as crossed out or have an X beside them?
When you delete a message in the IMAP store it is marked as deleted but it stays in your mailbox until you 'Purge' the deleted messages. Email clients display deleted messages in different ways or not at all. The IMP webmail client displays deleted messages with a dark background and a line through the Date, From, and Subject fields. Other clients may show deleted messages with a red 'X' or a trash-can like icon.
'Purge' the messages that are marked as deleted to actually remove them from the IMAP store.
NOTE: Some mail clients label the 'Purge' function 'Expunge' or 'Compact Folders'.
Do you delete a message once it is delivered to a mailbox?
- Trash folders are purged of messages older than 24 hours several times daily.
- Discard folders are purged of messages older than 5 days once a day.
- Junkmail folders are purged of messages older than 30 days once a day.
How can I stop you from deleting messages in my Trash and Junkmail folders?
Set the Auto-Purge interval to 'never' to disable this feature.
My INBOX is empty but I'm still over quota?
You have messages in other folders besides your INBOX and/or you have messages that are marked as deleted but still in the IMAP store.
When you delete a message in the IMAP store the message is marked as deleted, and possibly not displayed, or the message is moved to another folder, typically the Trash folder. This depends on how you have configured the mail client you are using.
You need to 'Empty The Trash', or 'Purge' the deleted messages or delete some messages from other folders to free up storage space.
NOTE: Some mail clients label the 'Purge' function 'Expunge' or 'Compact Folders'.
My account is over quota and I can't delete anything?
Your email client is configured to move messages you delete to the Trash folder or some other folder. When you delete a message it has to be copied to the Trash folder before it can be deleted from the current folder. The copy fails because the mailbox is over quota.
'Empty The Trash' to remove any messages in the Trash folder to free up some storage space. If the Trash folder is already empty or you did not gain enough free space, you will have to configure your mail client to not move deleted messages to the Trash folder. Now you can mark them as deleted and 'Purge' the deleted messages.
Another option is to use the Squirrelmail client on the beta site and check the 'Bypass Trash' box when deleting messages.
Another option is to use the IMP4 web client to empty a folder. Select 'Folders' in the top menu, check the folder you want to empty, and choose 'Empty' in the 'Choose Action' select box.
NOTE: Some mail clients label the 'Purge' function 'Expunge' or 'Compact Folders'.
Can you recover mail that has been deleted?
Deleted mail is kept for 7 days and can be recovered at a cost of $35 per folder or $50 for deleted mail in all folders in a mailbox. IMAP flags are preserved for messages in deleted folders but not preserved for individually deleted messages.
Why does Windows Mobile not work with Tuffmail?
Windows mobile implementations include only a few root SSL certificates and our signers certificates, Equifax, is not one of them. More info.. Download this certificate to your device. Install the certificate by clicking on the downloaded certificate from within File Explorer.
The complete list of Equifax certificates is available here.
Spam Control Questions
What are MX restrictions?
MX Restrictions are technical and blocklist restrictions that are applied to email received by our MX servers. Except for the Greylisting restrictions, email that does not meet all of the configured restrictions is rejected. MX restrictions are configurable on a per address basis. You will find a detailed description of all MX restrictions in the Manager help section.
Why is email that scores as spam delivered to my INBOX?
- You have configured your spam policy to tag the subject instead of delivering to the Junkmail or Discard folders.
- You have configured your spam policy to deliver to the Junkmail or Discard folders but the folder is missing.
- You have a SIEVE rule that is matched causing the email to be delivered to your INBOX.
- You checked the 'Bypass Sieve' box when the address was created or edited.
What spam related headers are added to a message?
Headers that are always added:
- X-Spam-Check: Enabled or Disabled, comma separated parameters
- X-Spam-Status: (Yes|No), score=nn.n threshold=nn.n
- X-Spam-Report: Spam score details
- X-Spam-Score: nn.n
X-Spam-Level: *** 1 Character per rounded score point
The character used is configurable
- X-Spam-Flag: Yes
- X-Spam-Junkmail: Yes
- X-Spam-Discard: Yes
- X-Untagged-Subject: Original subject if subject is tagged
How can my friend send email to me when his Exchange server is an open proxy?
- Create an address without the Open Proxy restriction and have your friend use that address.
- Add your friend's email address or IP address to your Allow list.
What is subject tagging?
You can configure your spam scoring policy to prefix the subject line of messages that score at or above the spam score threshold with a tag of your choice. Check the 'Enable subject tagging' box for the spam policy you are using and the subject line will be prefixed with the text you have entered in the 'Subject tag' form field. The default tag is [SPAM]. If you enable subject tagging and you receive a message with the subject 'Never Grow Old' that scores as spam, the subject will be prefixed as follows:
[SPAM] Never Grow OldThe special word _SCORE_ in a subject tag will be replaced with the spam score for the message if the message scores as spam, ie: the score is equal to or greater than the spam score threshold.
How do I accept mail from selected senders only?
Add * to your Deny list with the MX box checked. Add the full email addresses that you want to accept to your Allow list.
What is the format for Allow/Deny list entries?
A Fully qualified email address firstname.lastname@example.org The localpart of an email address somebody@ A domain or sub-domain domain.tld A top level domain tld An IP address 184.108.40.206, 220.127.116.11/32 An IP address range in CIDR notation 18.104.22.168/24, 22.214.171.124/28, 126.96.36.199/16 Allow/Deny all *
Allow list entries have precedence over Deny list entries. You can allow email@example.com and deny other sender addresses in domain.tld with a domain.tld Deny entry.
The Allow/Deny list entries are applied to the envelope sender address and the SMTP client IP address.
If the MX box is checked, the entry is applied at the MX servers. A Deny entry will reject the message. An Allow entry will bypass all MX restrictions.
If the MX box is not checked, an Allow entry will bypass all spam scoring including the Bayes classifier but MX restrictions will still apply at the MX servers. A Deny entry is given a +50 score and headers and subject tag added if enabled.
How can I disable all MX restrictions and spam scoring?
Add * to your Allow list with the MX box and the scoring box checked. This will bypass spam scoring and all MX restrictions. On request we can also disable virus scanning for your account.
Where can I get a list of SpamAssassin scores?
Current scores used by our SpamAssassin implementation
What is Greylisting?
Greylisting is simple and powerful and it works because a message rejected with a temporary failure code will be queued by a true SMTP server and the delivery will be attempted again usually within 15 minutes. A compromised Windows machine sitting on a kitchen table somewhere will try to send a message a few times in succession and then move on to the next spam victim's email address. The first time we see an IP address/sender/recipient tripple, and the sender/server meets one of the criteria for Greylisting, the message will be rejected with a temporary error code. A message from an SMTP server that attempts delivery 5 minutes or more after the first delivery attempt to the same IP address/sender/recipient tripple will be accepted. Greylisting a true queue and retry SMTP server serves no useful purpose. Once a message has been accepted, further messages from that IP address will not be Greylisted for 30 days. Several times daily software analyses the Greylist database performing tests that are not practical to run at message receipt time. Many IP addresses are permanently allow listed based on the results of those tests. Greylisting criteria.
- Bogus HELO/EHLO command
Greylist SMTP clients that issue a bogus HELO/EHLO like <tsrtyert>, <bobsdesk>, and <oemcomputer>. The name sent in the HELO/EHLO command should be the fully qualified domain name of the SMTP client. Anything else is highly suspect.
- Suspect sender
Greylist messages with envelope senders in the very popular forgery and dropbox domains, yahoo.com, aol.com, hotmail.com, and the Outblaze domains unless the client is a server in one of those domains. Greylist senders in the 23,000 known free email domains.
- Suspect IP address
Greylist clients that have no reverse DNS entry or reverse DNS entries that look just like a dynamically assigned IP address, and clients that are in dynamically assigned address space. Running an SMTP server on a dynamic address is not acceptable today.
- Bogus HELO/EHLO command
How does the Bayes classifier work?
The Bayes classifier runs on the IMAP servers just prior to delivery to a mailbox. After training with messages that you consider to be spam and ham (not-spam), the classifier will calculate the statistical probability that a message is ham, spam, or neither. A score can be assigned to each of those results and that score can be combined with the SpamAssassin score or the score used by itself to determine what to do with the message. The classifier is very effective in dealing with messages like 'stock pump and dump' spam that mutates rather quickly and does not contain the easily detected technical errors like most spam. The classifier is not enabled by default and it MUST be trained before use. Please consult the Bayes help section for information on how to configure and train the classifier