Our e-mail servers can reject messages that are likely to be unwanted junk mail, or "spam". We currently reject an average of about 100 messages per day per customer.
So how do our mail servers decide which messages are spam? We use several different methods.
First of all, we use a set of rules to reject mail from certain extremely abusive senders. The rules reject:
This first step is applied to all messages, regardless of whether you have the spam filter turned on. It should block only blatant spammers and other senders of extremely abusive e-mail, and should never incorrectly block any legitimate messages. Our statistics indicate that fewer than one message per million is rejected in error by these rules, and in those cases, the sender will receive a message indicating why the message was blocked, allowing them to change their message and resend it.
Next, we pass all incoming mail through an anti-virus scanner. Any messages containing viruses are not delivered, although we keep copies of such messages for one week in case we receive a report of the virus scanner incorrectly discarding a message.
If you have the spam filter turned "Off", a message that passes these checks will be delivered to your mailbox. If you have the spam filter set to "Low" or "High", the message is next checked to see if it should be "whitelisted".
If you've written to the sender within the last year, a message from that address will be "whitelisted" — automatically allowed without further spam checking.
So when you write to someone, you don't need to worry about spam blocking. Nothing that person later sends you will be blocked, even if our spam filters would otherwise think the message is spam.
There's one exception: Messages won't be whitelisted if an SPF check, described in the next section, suggests that the message is using a forged sender address. It wouldn't make sense to whitelist all forged messages claiming to be from "paypal.com" just because you're a PayPal customer who has written to that address.
"Low Spam Filtering" will:
In detail, the "Low Spam Filtering" check uses SPF, greylisting, and blacklist checking.
SPF allows our servers to ask the sending domain name for a list of mail servers that are authorized to send mail. For example, if we receive a message claiming to be from "service@chase.com" (an address that's frequently used in "phishing" spam), we check to see if chase.com agrees that the sending mail server is authorized to use the chase.com address. If they say the sending mail server is never authorized, or is probably not authorized, our servers will consider it "suspicious" in the next step, greylisting.
Greylisting is a method for delaying "suspicious" mail. When our servers receive suspicious mail from a first-time sender, they reply with a temporary error code meaning "we can't accept this message now, but try again later". Our servers can consider messages "suspicious" if the SPF result seems dubious, or if the sending server is on a spam blacklist, or if the sending server looks like it might be a virus-infected personal computer.
When spammers receive a "try again later" error, they rarely try again (they have special software that tries once and gives up), so you usually won't receive their spam. In the few cases where the "suspicious" mail wasn't spam, the sending mail server is required by Internet mail standards to redeliver the message (usually a few minutes later), and our servers will then accept it.
Greylisting works very well, eliminating more than 80% of spam. The drawback is that the very first time someone writes to you, there is a small chance that the message will be delayed for a few minutes because it looks "suspicious". However, no legitimate mail should ever be lost.
Finally, we check whether the domain name appears on certain blacklists (described in more detail in the next section) and reject the message if it appears on certain combinations of multiple blacklists run by independent organizations. Checking for combinations makes "false positives" (incorrect rejections of messages that aren't really spam) extremely unlikely for this rule — in fact, we've never had one reported. The chances that two or more independent organizations have both made the same mistake and incorrectly listed someone as a spammer are very low.
If you have the spam filter set to "Low Spam Filtering", the message is delivered if it passes these checks. If the spam filter is set to "High", further checks are performed.
"High Spam Filtering" can block a message that appears to be spam based on just a single reason, as long as we think that reason is extremely reliable.
The first "High Spam Filtering" check is to block mail with "From" addresses that aren't real e-mail addresses, such as addresses at domain names that don't actually exist. This filter blocks some spam, as spammers often use fake addresses.
Secondly, "High Spam Filtering" again checks the SPF results. If the SPF record says the sending server is never authorized to send mail for this domain name, the message will be rejected.
Finally, the "High" spam filter rejects messages from computers appearing on certain "spam blacklists" that are run by other organizations. These blacklists include:
In contrast to "Low Spam Filtering", "High Spam Filtering" will sometimes block messages from servers listed on a single blacklist that we consider reliable, so it catches significantly more spam with only a slightly higher risk of "false positives".
The blacklists we currently use are:
We may change the blacklists from time to time as we attempt to keep ahead of spammers while ensuring that little-to-no legitimate mail is rejected.
If mail sent to you matches any of the spam filter checks, the chances are extremely high that it's unwanted spam. We're confident enough of this that our staff use "High Spam Filtering" for all our own mailboxes.
However, you should keep in mind that although such a message is almost certainly spam, we can't guarantee it. For example, one of your friends may have misconfigured his mail program to use an invalid "From" address, or he may have signed up with an ISP that has misconfigured their servers to allow spammers to send messages through their network. Such situations can lead to incorrect blocking if you haven't previously written to the other person so they aren't whitelisted. (If incorrect blocking does happen, the person writing to you will receive an error message saying why the message can't be delivered; the message won't just vanish.)
If you're concerned about missing any mail, you may wish to set the spam filter to "High Spam Filtering" for any addresses you list in a public place where a spammer could find them (such as on your Web page), and set the spam filter to "Low Spam Filtering" (or even "Off") for private addresses you give only to friends and business associates.
If you're forwarding your mail to an AOL, Comcast, Yahoo, MSN, Hotmail or Mac.com address, you'll need to choose at least "Low" spam filtering. That's because those services keep track of how much spam our servers forward to them, and they'll block all forwarded messages if the percentage of spam gets too high. If we don't apply at least some spam filtering to those destinations, they'd block all mail from us. If you really want to receive mail with no spam filtering, set up a mailbox on our servers and deliver your mail there instead.
In addition, you can't turn spam filtering completely off for a catch-all address, because spammers sometimes try sending thousands of messages to different random addresses in a short time. Turning off all spam filtering for a catch-all address would completely fill up your mailbox. If you want to disable spam filtering for an address, add that specific address in the control panel instead of relying on the catch-all.