|
Kropf.com Email Policy
Our redundant email servers are configured with a state of the art anti-virus/spam
filtering systems... all built with a serious business perspective.
*
("spam" is also known as unsolicited commercial email (UCE).)
We also filter email for those with their own internal email server!
All of the following email options are selectively enabled with each domain name,
and even optionally by user address per domain. These options exist whether your
email is hosted here in POP/IMAP accounts, or is forwarded to another mail server
(e.g.
Bynari Insight Server,
SCOOffice Server, MS Exchange, etc.) or ISP email address.
- Viruses:
- If a virus is detected within the email, the email header will be flagged
in one of the following three forms:
- X-VirusDetected: Contains W32/Bagle.aa@MM Virus
- X-VirusDeleted: W32/Netsky.p@MMzip Virus
- X-VirusQuarantined: Phish-BankFraud.eml Virus
- Optionally:
- The infected attachment will be deleted and replaced with a warning message
including the name of the detected virus, or
- The infected file will be quarantined and replaced with a warning message
including the name of the detected virus. These quarantined items are retained
on our UNIX server for 7 days, and then deleted.
The warning message will look similar to:
WARNING: This email has been altered by MIMEDefang.
Following this paragraph are indications of the actual changes made.
The non-infected (but often bogus) portion of the email is included.
For more information about this mail server's email policy, view:
http://Kropf.com/policy/email/
W32/Netsky.p@MM virus was discovered and deleted. Virus-scanner messages
follow: Found the W32/Netsky.p@MM virus !!!
- In all three cases, the email will then be delivered to the recipient.
We have business customers that regularly receive essential, but virus laden
emails from their business partners who are either incapable or unwilling to
control the safety of their outbound email. So instead of bouncing it, or
silently deleting it, we'll deliver the email after either flagging it as
containing virus, or replacing the unwanted malware payload with a warning.
Any other business message or document can then still be delivered.
Furthermore, bouncing virus laden email (as many mail servers do) is very unwise
because the sender's email address is usually forged, and therefore bouncing the
email to that address only doubles the offense.)
- Spam:
-
There are now 8 areas where detection of spam is made:
Spam Cop RBL, Spamhaus RBL, NJABL RBL,
Subject line, other Header information, spammer's URL, spam Phrase,
and graphic Entity.
(Typical percentage of each is listed.) Those not wishing to have the email rejected
will see one or more of the following header flags:
| • X-SpamCopRBL: | (about 55% of the RBLs) |
| • X-SpamHausRBL: | (about 33% of the RBLs) |
| • X-SpamNJAblRBL: | (about 12% of the RBLs) |
| • X-SpamURL: | (about 45% of the filtered spam) |
| • X-SpamPhrase: | (about 36% of the filtered spam) |
| • X-SpamSubject: | (about 13% of the filtered spam) |
| • X-SpamHeader: | (about 2% of the filtered spam) |
| • X-SpamEntity: | (about 4% of the filtered spam) |
Recipients can have their email blocked if any of the five separate
tests prove positive, or it can be simply flagged and delivered. i.e. Most
of our clients may wish to block all emails whether it is sent from a
Spam Cop, Spamhaus, or NJABL listed mail server, or it looks to contain a spam
Subject, Header, URL, or Phrase. (We suggest this over flagging because it's
probably better that a legitimate sender gets the message bounced back than have it
simply buried in the recipient's "Junk" folder.) Others may wish to receive
all emails except those determined to have a spammer's URL (web site address)
within the email. Some may even wish to receive all their email, but simply
flag the header so they can view it personally, or have their email program
direct the flagged emails into a separate Spam folder. Due to the countless
options in email reader programs, such local manipulation is beyond the
scope of our ability to assist and direct, but our corporate clients with IT
staff can usually assist there, or we can direct you to consultants to assist
you.
- Attachments:
- Another, rarely chosen option regards Attachments. If an attachment
with a suspicious extension (e.g.: *.bat, *.exe, *.lnk, *.scr ...) is detected, the
file(s) can be renamed and will then be delivered to the user with a notification.
This approach was often used by firewalls incapable of comparing the attachment
to virus signatures, and before full-time virus scanning was possible. However,
some may wish to include this options as a greater protection from yet unknown
viruses.
Unless specified, all email addresses per domain will be processed similarly.
To enable different processing for individual addresses within the domain will
cause a substantial increase in mail server load because an email with two or more
addresses will need to be duplicated and sent individually for each recipient.
Spam is often addressed to many addresses at the same domain - even addresses
that are no-longer valid. Therefore, because it's common to see many addresses
for the same domain included in spam, this option will incur additional cost.
We have been manually scanning spam and building filtering criteria for
many years. In fact, we have spam that we've received since 1997. (The whole
year of 1997's was less than one week's worth in 2004!) This growing repository
is referred to often to view changing trends in spammer's techniques.
This allows pro-active blocking of the junk that consumes billions of dollars of
business productivity and countless years of time.
Certainly, there is no way to catch all of the malware frequently borne by email,
so we make NO claim that we can prevent all malware from reaching your Inbox!
However, our clients can be provided with an email address to forward any
suspicious or unwanted email to our attention.
For many years, Kropf.com did NOT use any of the many Realtime Black Lists
(RBLs) because while well meaning, they were too aggressive and blocked many
business oriented emails. As a result, we attracted and gained new business
clients whose ISP was blindly blocking legitimate and necessary business email
because we were still able to greatly reduce the terrible costs associated with
viruses and spam with a negligible false-positive rate. We have however, become
impressed with the maturity of a few particular RBLs. When they list
a mail server on their 'black list', they (along with IronPort's SenderBase) provide
an impressive report on the history of the offending mail server. During our testing
period, emails that were not rejected by our filters were checked against
specific RBLs, and those reported positive were manually scanned and in every case,
confirmed as spam.
Because much junk email is sent with forged sender's addresses, we do not
accept emails before filtering. (Those that do, end up bouncing the junk to the
forged sender, and it just compounds the problem of spam because the victimized
person who did NOT send the junk, but only had their address stolen now gets junk
bounced by stupid servers because they did NOT filter before accepting the junk.)
Kropf's mail servers follow established
guidelines to reject messages during delivery. Unfortunately, there are
some incompetent mail servers that abandon the transaction before filtering is
complete, and then resend the message until intervention. (Hotmail/MSN servers
are the worse!) Kropf monitors these nuisances and intervenes as soon as possible,
even though the fault is with the sender's mail server.
The above referenced page has a concise
explanation of why Challenge/Response spam filtering is flawed:
1) Does not scale, 2) Annoying, 3) Ineffective, and 4) Selfish.
Another
explains why C-R is considered harmful.
Unfortunately, and as with all filtering technology, there is a risk of
blocking legitimate email. For this reason, no email processed by our filter is
silently deleted. EVERY email that gets rejected includes a rejection message
such as:
Entity resembles spam. If not, see http://Kropf.net/no/
At that web page, the sender is encouraged to submit information regarding the
block/bounce. This guarantees that a legitimate sender can get our attention
quickly so that we can adjust the system to allow their email to be delivered
to our client(s). For emails rejected because of a Spam Cop listing, a specific
URL to Spam Cop's database is also listed in the reject message.
Whether you are a current customer or not, you may
contact Brett Kropf,
President of Kropf Computer Services, Inc. to discuss applying any or all of
these options to YOUR business email.
You may also notice that instead of listing email addresses on our web pages
(that spammers strive to glean), we use web based forms. You're encouraged to
discuss this capability for YOUR web sites also!
*
We use MIMEDefang to assist in removing viruses, flagging and blocking spam etc.
"MIMEDefang is a framework for filtering email. It uses Sendmail's
"Milter" API, some C glue code, and some Perl code to let us write
high-performance mail filters in Perl."
For more details visit http://www.mimedefang.org/.
We use spamcop.net and additional Realtime Black Lists (RBLs) to help
identify mail servers well known for spewing spam.
Our mail servers are based on BSD UNIX® for the ultimate in 'uptime'
high-reliability, high-availability UNIX Operating Systems.
We use Intel Xeon Processors, rack-mount Server Chassis with redundant power
supplies, with Redundant SCSI Hot-swap (RAID) Hard-drives.
We use redundant American Power Conversion (APC) Smart-UPS® battery backed
Uninterruptible Power Supply (UPS) systems for 24x7 clean power regulation,
and battery back-up as needed. The Smart-UPS® family regulates the AC power
continuously. This "clean" power helps to avoid power supply degradation.
We use diesel powered generator power when no other source of electricity
is available.
Please be aware that sending non-encrypted email is commonly
referred to as sending "clear text", and is similar to sending
open faced post cards through a Postal Service. Furthermore, the
hostmaster of our systems may need to view email messages in order to
resolve technical issues. The privacy of our customers' information
contained in email, written, or oral correspondence is a top priority.
We strive to maintain the highest level of honesty and integrity regarding
your confidentiality. Corporate executives may wish to explore other concerns
regarding email management such as Sarbanes Oxley Compliance.
Contact Kropf.com
to review your email policy options.
Sendmail is a registered trademark of Sendmail, Inc.
MIMEDefang is a trademark of Roaring Penguin Software Inc.
SpamCop is a wholly-owned subsidiary of IronPort Systems, Inc.
Spamhaus is a trademark of The Spamhaus Project Ltd.
APC and Smart-UPS are registered trademarks of American Power Conversion Corp.
SCO is a registered trademark of The SCO Group, Inc. in the U.S.A. and other countries.
UnixWare, used by SCO under an exclusive license, is a registered trademark
of The Open Group in the United States and other countries.
All other brand and product names are or may be trademarks of,
and are used to identify products or services of their respective owners.
Return to the top of this page
|
