Server Side Spam Rejection
The Tuffmail system provides over 20 technical and blocklist restrictions to reject spam at the MX servers. You can select which restrictions to enable per address or use one of four settings from 'None' to 'Very Agressive'. We feel that the most effective way to deal with spam is to reject messages from known spam sources and score the rest.
In addition to any restrictions you configure, the following minimal restrictions must be met before we will accept email from the client.
- The connecting client must issue a HELO or EHLO command.
- The envelope recipient must be fully qualified, ie: `firstname.lastname@example.org'. We have to know whether the email is for `email@example.com' or for `bob@yourdomain'.
- The envelope sender and recipient addresses must conform to RFC-2821.
- The connecting client must not issue a HELO or EHLO command that masquerades as a Tuffmail machine or masquerades as a machine in the aol.com, compuserve.com, yahoo.com, or earthling.net domain. This is an attempt to bypass filters and is guaranteed to be spam.
- The connecting client must not use `pipelining' without issuing a EHLO command.
The connecting client IP address and/or the envelope sender domain
must not be in the global blocklist.
We use a global blocklist as needed to keep broken mail servers from filling our logs with junk. Some mail servers think that email rejected with a temporary failure code means to try again in a few seconds and keep trying every few seconds. A typical case is when you have enabled the restriction that says that the sender domain must be a valid domain name and resolve to an IP address or an MX record. If we are unable to determine the domain valididy in a reasonable amount of time we tell the client to try again later. In most cases the domain is a typo or is truly bogus like `server.ncs.local' which will never resolve. We add the domain to the global block list and a permanent failure code will be issued on the next attempt to send the email.
The global blocklist is also used to temporarily reject virus infected email that uses a fairly constant envelope sender like the recent Sobig-E virus that sent email with <firstname.lastname@example.org> as the envelope sender.
The global blocklist has two semi-permanent entries, `home.com' which is no longer active and is widely forged by spammers and `windowsupdatenow.com', a pure scam domain.