Junk Email Filter Blog

Letter to MX Backup Users

admin — Tue, 13 Dec 2011 17:25:22 +0000

Dear MX Backup Users,

I am contacting you today to let you know about changes to our free MX Backup service. We have implemented a new feature that automatically detects if your normal server is active and will return a 4xx error on the backup server if it is. We only accept and store email for your domain if your primary server is down. The advantage of doing it this way is that it reduces spam that might sneak through or backup servers when spammers try to use us as a back door to get to you.

In addition to our free MX backup service our black lists and white lists are also still free. In fact if you use our backup service we are harvesting spam but data from viruses that would otherwise be attacking your servers and our blacklists are optimized for your domain(s). Here’s information on using our blacklists:

http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists

Why is this free?
===============
People ask why we at Junk Email Filter are giving these services away for free. There are several reasons. The first is that in giving away the free backup service we collect data on virus bots trying to spam you and it builds our black lists that we use in our commercial spam service making it a better service for our paying customers.

We also spend no money on advertizing. Our business is word of mouth and having valuable free services is a good way to generate good word of mouth. To that end if you like the free service we are providing we would appreciate links to us so that we get better index positions on search engines. Our advertizing model is – we make you happy, you tell people how happy you are. We save ad costs and pass the savings on to our customers in affordable pricing.

Spam filtering along with many open source projects is very cooperative. We have created a culture among competitors in this business where we share a lot of technology. That allows all of us in the spam filtering business to provied better products and services allowing the world to get the good email and block the junk. Much of the technology we use we got for free from other people. We therefore feel that we should give services away for free to compensate those who we receive from for free and support the spirit of Open Source and shared technologies.

Outbound Filtering
================
We have a new product. In addition to inbound spam filtering we are now offering outbound filtering and relaying. Who needs outbound filtering? If your email server has been blacklisted because someone in your office got a virus you might need it. If your IP is in a dynamic range and you need to relay through an IP with better RDNS we can be that solution. If yo are an ISP and your users are getting hacked due to weak passwords we can detect the stream and intercept it early so that you don’t get blacklisted.

Some people ask how we do outbound so accurately. It is based on two principles. First – spammers never send spam slowly. So if the messages are coming slow – it’s not spam. If it’s coming fast then we look at the ration of bad recipients and if it’s high – it’s likely a spam stream. In reality it’s more complicated than these two rules but it formed a basis for our system that is working really well.

Governments and your email
=========================
One of the biggest threats to your email isn’t from spammers or hackers, but from governments who want to pass laws to control the Internet. We at Junk Email Filter believe the Internet should be free, private, self regulating, and that your email privacy is something we consider next to sacred. We support the efforts of the Electronic Frontier Foundation (eff.org) to protect online freedom and privacy from unnecessary government intrusion. I personally worked for EFF for 2 1/2 years as their first full time sysadmin.

EFF is moving into a new building and they are looking for donations to help them remodel and expand. I would like to encourage you to give generously to them as they are extremely effective in protecting our online rights. I consider it critical to the future of humanity to keep the Internet protected and hope you feel the same way.

https://www.eff.org/deeplinks/2011/11/double-your-impact-take-eff-mission-challenge

Holiday Wishes
=============
happy Holidays from us at Junk Email Filter wishing you and yours a good fortune in the coming year.

Marc Perkel
Fearless Leader
Junk Email Filter Inc.
http://www.junkemailfilter.com

Improvements in outbound spam filtering service

admin — Sun, 24 Apr 2011 03:49:03 +0000

I’ve been doing more work on my outbound spam filter lately. I’m good at catching a hacked account but it was taking me 3 minutes to figure out that the account was hacked. This allowed the spammer to get a few thousand outbound spams off and that wasn’t good enough. But when you first see the stream you don’t know for a while if it’s good email from someone’s list or a spammer.

So I developed a 10 minute delay queue that I run new streams into. That gives me some time to figure out what’s going on. So by the time the messages come back out of the queue I’ll either send them on or delete them. In theory that should stop all but maybe the first 25 or so. I might have to live with that.

Registered another domain name in addition to Free MX Backup. The new domain is http://www.outboundspamfilter.com.

Significant Progress in filtering outgoing spam

admin — Fri, 08 Apr 2011 17:53:55 +0000

I have made a LOT of progress recently filtering outgoing spam. Outgoing spam filtering is very different than incoming spam and requires a new strategy. But I’ve figured out a few easy rules that seem to work very well. As you all know I prefer behavior based rules rather than content based rules (like SpamAssassin).

In blocking outgoing spam I make the following assumptions:

1) Spammers send a lot of email. so if the sender is not sending a lot of email, they aren’t spamming. So if the outbound rate is really low I don’t have to even look at it. It’s good.

2) Spammers tend to have a lot of bad recipients in their lists. So if it’s high volume and lots of bad email addresses then it’s probably spam.

This isn’t everything I do but it is the basic rules for outgoing filtering and it’s working really well so far.

Do we need a new SMTP protocol?

admin — Wed, 01 Dec 2010 15:22:38 +0000

I’ve been thinking about what it would take to actually eliminate spam or reduce it to less than 10% of what it is now. One of the problems is the SMTP protocol itself. And a big problem with that is that mail servers talk to each other using the same protocol as users use to talk to servers.

Rather than get all users to change maybe it would be easier to get server software to change. This transition can be done by making server software that can do both protocols to maintain compatibility but will use the new protocol if both sides are capable of talking at that level.

I’m not sure what the specification of the new protocol should be but it should at least be different than what email clients use so that server to server communication isn’t the same as client to server communication. Perhaps server protocols can have more authentication information that would protect them from being spoofed. But having something different – even if it’s just a port change – is better than what we have now.

Hotmail, Yahoo, Gmail spam increasing

admin — Thu, 10 Dec 2009 16:52:49 +0000

I’ve noticed a sharp increase in spam coming from Yahoo, Hotmail, Gmail and other free mail providers. Not sure what the cause is but the spammers are gaining ground on these services.

Adding a new service

admin — Sat, 14 Nov 2009 16:16:46 +0000

We are getting into the business of filtering outgoing email and relaying outgoing email. If you are interested in this new service pleace contact support@junkemailfilter.com and we’ll get you set up.

New spam Detection Methods Working Well

admin — Thu, 28 Feb 2008 17:34:14 +0000

We now have what I think is the fastest spam bot detection on the planet. Our blacklist are now listing over a million spam bots that have tried to spam us in the last 4 days. We only keep 4 days of data because if we get something wrong or someone fixes their virus problem then their listing will expire in 4 days.

Found a new way to detect spam

admin — Sun, 09 Sep 2007 16:36:21 +0000

Made an interesting observation on Friday that spam bots don’t do a QUIT at the end of an SMTP session. Real email servers are polite and after the message is sent they send a QUIT commant to tell the receiving server to close the connection. Spam bots however don’t send the quit command because the message is sent and sending the quit just takes up time and bandwidth.

The new version of Exim now allows me to test to see if a QUIT has been sent or not and lets me feed my blacklist if certain conditions are met. We don’t blacklist just on the lack of quit but it’s really accurate in itself. If it is combined with any other spam indicating sin then it can be blacklisted. As a result of this our blacklist has increased in size dramatically and a virus infected computer can be detected the first time it touches our system. I think that we are catching nearly 100% of all spam bot attempts on the first try.