Knowledgebase: General
What is Freeparking doing to reduce the amount of Spam I receive?
Posted by Maria Brosnan on 17 June 2016 10:47 AM

Trying to reduce the Spam received by our customers whilst still accepting all legitimate email is very difficult. If we are too aggressive in blocking Spam we run the risk of trashing “good” mail that our customers need to receive.

At Freeparking we have adopted the following Spam fighting policies and techniques:

Spam Filtering

One tactic we use to cut down on Spam is filtering. Our Mail Transfer Agents (MTAs) receive all incoming mail and scan each individual email, tagging any mail that matches the pattern of a known piece of spam. Mail is graded on a points scale, where certain “spammy” characteristics score varying points. When the points accumulated by an email go over the Spam threshold score, the mail is classed as being Spam and is tagged as Spam before being delivered to the recipient’s mailbox. The recipient sets up filtering in their email program to redirect the tagged spam into a separate folder, or alternatively selects the option in their Spam Filter settings to automatically delete any mail which has been tagged as Spam.

Bayesian Probability Filtering is a spam-filtering technique which has been integrated into our mail scanning tools. The idea is that you "train" the filter to recognise spam from non-spam, by telling it whenever it makes a mistake. This has been quite successful because everyone's spam is different and the types of legitimate mail everyone gets is also different.

Spamhaus SBL

The Spamhaus Block List is a realtime database of IP addresses of verified spam sources and spam operations (including spammers, spam gangs and spam support services), maintained by the Spamhaus Project team to help email administrators better manage incoming email streams. Our mail servers at Freeparking use this list to identify and block incoming mail from IP Addresses which Spamhaus has deemed to be involved in the sending of Unsolicited Bulk Email (Spam).

Realtime Block/Blackhole Lists (RBLs)

We use a variety of these Block/Blackhole Lists, which contain IP Addresses of known Spam sources, to “blacklist” mail from machines that have a reputation for sending a disproportionate amount of spam.

Greylisting

The ‘greylisting’ technique involves deferring an incoming email (responding to the senders mail server advising that the mail can’t be delivered at that time), and then accepting the subsequent attempt to send the email. The reason why this is effective against Spam is because most spamming mail servers don’t wait to see if the recipient mail server is going to accept the mail or not, they just bombard it with mail. If it’s a legitimate email sent from a legitimate mail server, the sending mail server will try once, then try again a short time later when the first attempt is not successful. Once an email has been determined to be from a “good” source, the sending mail server’s IP Address is ‘whitelisted’ for 7 days – this means that all mail from that mail server will be received without being deferred first.

Directory Harvesting Attack (DHA)

Our mail servers are set up to detect DHA attacks and block these appropriately. DHA attacks involve a spammer (or a virus) trying to send to multiple email addresses at the same Domain Name e.g. bob@example.com, jane@example.com, info@example.com, sales@example.com. If our mail servers detect that these ‘recipient failed’ errors are occurring too often from the same sending mail server, we will defer all mail from that mail server until an hour has passed where no ‘recipient failed’ errors have occurred.

Sender Verify

Our mail servers will not accept mail that does not come from a verified “From” address. Basically, what happens when an email is coming in is that our mail server responds to the sender’s mail server and asks it “does the ‘from’ address in this email actually exist?” If the sending mail server replies ‘yes’ then we accept the mail, but if it cannot verify the sender’s address, the mail is then deferred and will continue to be deferred until such time as we are able to verify the sender’s address.