Wednesday, Sep. 20 2017
 

Kropf.com Email Policy

Our redundant email servers are configured with a state of the art anti-virus/spam filtering systems... all built with a serious business perspective. * ("spam" is also known as unsolicited commercial email (UCE).)

We also filter email for those with their own internal email server!

All of the following email options are selectively enabled with each domain name, and even optionally by user address per domain. These options exist whether your email is hosted here in POP/IMAP accounts, or is forwarded to another mail server (e.g. Bynari Insight Server, SCOOffice Server, MS Exchange, etc.) or ISP email address.

  1. Viruses:
    1. If a virus is detected within the email, the email header will be flagged in one of the following three forms:
      1. X-VirusDetected: Contains W32/Bagle.aa@MM Virus
      2. X-VirusDeleted: W32/Netsky.p@MMzip Virus
      3. X-VirusQuarantined: Phish-BankFraud.eml Virus
    2. Optionally:
      1. The infected attachment will be deleted and replaced with a warning message including the name of the detected virus, or
      2. The infected file will be quarantined and replaced with a warning message including the name of the detected virus. These quarantined items are retained on our UNIX server for 7 days, and then deleted.
      The warning message will look similar to:
      WARNING: This email has been altered by MIMEDefang.
      Following this paragraph are indications of the actual changes made.
      The non-infected (but often bogus) portion of the email is included.
      For more information about this mail server's email policy, view:
            http://Kropf.com/policy/email/

      W32/Netsky.p@MM virus was discovered and deleted. Virus-scanner messages follow:       Found the W32/Netsky.p@MM virus !!!
    3. In all three cases, the email will then be delivered to the recipient. We have business customers that regularly receive essential, but virus laden emails from their business partners who are either incapable or unwilling to control the safety of their outbound email. So instead of bouncing it, or silently deleting it, we'll deliver the email after either flagging it as containing virus, or replacing the unwanted malware payload with a warning. Any other business message or document can then still be delivered. Furthermore, bouncing virus laden email (as many mail servers do) is very unwise because the sender's email address is usually forged, and therefore bouncing the email to that address only doubles the offense.)

  2. Spam:
    1. There are now 8 areas where detection of spam is made: Spam Cop RBL, Spamhaus RBL, NJABL RBL, Subject line, other Header information, spammer's URL, spam Phrase, and graphic Entity. (Typical percentage of each is listed.) Those not wishing to have the email rejected will see one or more of the following header flags:
      • X-SpamCopRBL:(about 55% of the RBLs)
      • X-SpamHausRBL:(about 33% of the RBLs)
      • X-SpamNJAblRBL:(about 12% of the RBLs)
      • X-SpamURL:(about 45% of the filtered spam)
      • X-SpamPhrase:(about 36% of the filtered spam)
      • X-SpamSubject:(about 13% of the filtered spam)
      • X-SpamHeader:(about   2% of the filtered spam)
      • X-SpamEntity:(about   4% of the filtered spam)
      Recipients can have their email blocked if any of the five separate tests prove positive, or it can be simply flagged and delivered. i.e. Most of our clients may wish to block all emails whether it is sent from a Spam Cop, Spamhaus, or NJABL listed mail server, or it looks to contain a spam Subject, Header, URL, or Phrase. (We suggest this over flagging because it's probably better that a legitimate sender gets the message bounced back than have it simply buried in the recipient's "Junk" folder.) Others may wish to receive all emails except those determined to have a spammer's URL (web site address) within the email. Some may even wish to receive all their email, but simply flag the header so they can view it personally, or have their email program direct the flagged emails into a separate Spam folder. Due to the countless options in email reader programs, such local manipulation is beyond the scope of our ability to assist and direct, but our corporate clients with IT staff can usually assist there, or we can direct you to consultants to assist you.

  3. Attachments:
    1. Another, rarely chosen option regards Attachments. If an attachment with a suspicious extension (e.g.: *.bat, *.exe, *.lnk, *.scr ...) is detected, the file(s) can be renamed and will then be delivered to the user with a notification. This approach was often used by firewalls incapable of comparing the attachment to virus signatures, and before full-time virus scanning was possible. However, some may wish to include this options as a greater protection from yet unknown viruses.

Unless specified, all email addresses per domain will be processed similarly. To enable different processing for individual addresses within the domain will cause a substantial increase in mail server load because an email with two or more addresses will need to be duplicated and sent individually for each recipient. Spam is often addressed to many addresses at the same domain - even addresses that are no-longer valid. Therefore, because it's common to see many addresses for the same domain included in spam, this option will incur additional cost.

We have been manually scanning spam and building filtering criteria for many years. In fact, we have spam that we've received since 1997. (The whole year of 1997's was less than one week's worth in 2004!) This growing repository is referred to often to view changing trends in spammer's techniques. This allows pro-active blocking of the junk that consumes billions of dollars of business productivity and countless years of time.

Certainly, there is no way to catch all of the malware frequently borne by email, so we make NO claim that we can prevent all malware from reaching your Inbox! However, our clients can be provided with an email address to forward any suspicious or unwanted email to our attention.

For many years, Kropf.com did NOT use any of the many Realtime Black Lists (RBLs) because while well meaning, they were too aggressive and blocked many business oriented emails. As a result, we attracted and gained new business clients whose ISP was blindly blocking legitimate and necessary business email because we were still able to greatly reduce the terrible costs associated with viruses and spam with a negligible false-positive rate. We have however, become impressed with the maturity of a few particular RBLs. When they list a mail server on their 'black list', they (along with IronPort's SenderBase) provide an impressive report on the history of the offending mail server. During our testing period, emails that were not rejected by our filters were checked against specific RBLs, and those reported positive were manually scanned and in every case, confirmed as spam.

Because much junk email is sent with forged sender's addresses, we do not accept emails before filtering. (Those that do, end up bouncing the junk to the forged sender, and it just compounds the problem of spam because the victimized person who did NOT send the junk, but only had their address stolen now gets junk bounced by stupid servers because they did NOT filter before accepting the junk.) Kropf's mail servers follow established guidelines to reject messages during delivery. Unfortunately, there are some incompetent mail servers that abandon the transaction before filtering is complete, and then resend the message until intervention. (Hotmail/MSN servers are the worse!) Kropf monitors these nuisances and intervenes as soon as possible, even though the fault is with the sender's mail server.

The above referenced page has a concise explanation of why Challenge/Response spam filtering is flawed: 1) Does not scale, 2) Annoying, 3) Ineffective, and 4) Selfish. Another explains why C-R is considered harmful.

Unfortunately, and as with all filtering technology, there is a risk of blocking legitimate email. For this reason, no email processed by our filter is silently deleted. EVERY email that gets rejected includes a rejection message such as:

Entity resembles spam. If not, see http://Kropf.net/no/
At that web page, the sender is encouraged to submit information regarding the block/bounce. This guarantees that a legitimate sender can get our attention quickly so that we can adjust the system to allow their email to be delivered to our client(s). For emails rejected because of a Spam Cop listing, a specific URL to Spam Cop's database is also listed in the reject message.

Whether you are a current customer or not, you may contact Brett Kropf, President of Kropf Computer Services, Inc. to discuss applying any or all of these options to YOUR business email.

You may also notice that instead of listing email addresses on our web pages (that spammers strive to glean), we use web based forms. You're encouraged to discuss this capability for YOUR web sites also!


*   We use MIMEDefang to assist in removing viruses, flagging and blocking spam etc. "MIMEDefang is a framework for filtering email. It uses Sendmail's "Milter" API, some C glue code, and some Perl code to let us write high-performance mail filters in Perl." For more details visit http://www.mimedefang.org/.

We use spamcop.net and additional Realtime Black Lists (RBLs) to help identify mail servers well known for spewing spam.

Our mail servers are based on BSD UNIX® for the ultimate in 'uptime' high-reliability, high-availability UNIX Operating Systems.

We use Intel Xeon Processors, rack-mount Server Chassis with redundant power supplies, with Redundant SCSI Hot-swap (RAID) Hard-drives.

We use redundant American Power Conversion (APC) Smart-UPS® battery backed Uninterruptible Power Supply (UPS) systems for 24x7 clean power regulation, and battery back-up as needed. The Smart-UPS® family regulates the AC power continuously. This "clean" power helps to avoid power supply degradation.

We use diesel powered generator power when no other source of electricity is available.


Please be aware that sending non-encrypted email is commonly referred to as sending "clear text", and is similar to sending open faced post cards through a Postal Service. Furthermore, the hostmaster of our systems may need to view email messages in order to resolve technical issues. The privacy of our customers' information contained in email, written, or oral correspondence is a top priority. We strive to maintain the highest level of honesty and integrity regarding your confidentiality. Corporate executives may wish to explore other concerns regarding email management such as Sarbanes Oxley Compliance.

Contact Kropf.com to review your email policy options.

Sendmail is a registered trademark of Sendmail, Inc.
MIMEDefang is a trademark of Roaring Penguin Software Inc.
SpamCop is a wholly-owned subsidiary of IronPort Systems, Inc.
Spamhaus is a trademark of The Spamhaus Project Ltd.
APC and Smart-UPS are registered trademarks of American Power Conversion Corp.
SCO is a registered trademark of The SCO Group, Inc. in the U.S.A. and other countries.
UnixWare, used by SCO under an exclusive license, is a registered trademark
of The Open Group in the United States and other countries.
All other brand and product names are or may be trademarks of,
and are used to identify products or services of their respective owners.

Return to the top of this page

Page updated May. 21 2010 - Page served 02:06:22 PM EDT Wed., Sep. 20 (day 263) 2017
Kropf Computer Services, Inc. 1350 Flatbush Road Kingston, NY 12401 USA
 
© Copyright 1998-2017 by Kropf All rights reserved Design: BeerInc.com