>Brian Curtis wrote:
>> First, I would like to voice our general disgust (as well as that of
>> our customers) with the recent changes to the Email Defense product.
>> Also, I have noticed a gradual decrease in performance ever since we
>> started using the service (when it was first released).  While it is
>> still effective, it's not nearly that of the service we initially
>> started with.
>>   
>I'm not sure if it's us, or just the nature of spam.  I have other 
>filters on another address I use and it's squeaking through more often 
>that not. (sorry I don't have a better answer, we're looking into this 
>though)

I agree that the spam filter has been far less effective than it was when I
started with the product.  In attempting to have a customer upgrade service,
I plotted the spam/ham ratios of their old, non-updating spam filter to our
system.  Their old system was flagging about 20% of their emails as spam and
was steadily dropping off over the six months of data I was using.  Our spam
filter flagged a far higher number, but I was extremely disappointed to find
a steady and definite decline in effectiveness plotted over time.
(Comparisons using a 7 day rolling average)


>> I don't understand why there would be an increase in UCBE that is
>> being delivered directly.  We have not made any changes to our MX
>> record in some time, and the only record listed for our domains with
>> EDS is that of the EDS system.  Also, the increase of direct delivery
>> UCBE seems to coincide with the migration to the Tucows-provided
>> platform. 
>>   
>So spam's delivered directly to your server?  I'm not sure how they 
>would get your host actually... it reminds me of the situation that 
>happened when the old system went into place, and spammers had cached MX 
>records for a bunch of domains and were going straight to the old server.
>
>I can think of 3 ways of locking it down:
>- Blacklist everything and whitelist our delivering servers
(64.97.158.0/24)

The email being routed directly to your servers and bypassing the spam proxy
is doing so by querying for the A record of the domain instead of the MX
record and delivering to that.  Since most businesses set the 'A' record to
the same as their webserver's 'A' record, and since a huge number of
companies are small enough to host email and web on the same server, this is
a very effective way to bypass the filter.

The proper action would what Andrew suggested above, and was was on the old
control panel of locking down the server to only receive external email from
the EDS servers.  But I would note that according to an earlier tech call
last week, that the netblock 64.97.156.0/24 also has to be added in addition
to 64.97.158.0/24.  Is this still correct?

Bryan Britt
Beltane Web Services
501-327-8558

_______________________________________________
domains-gen mailing list
[email protected]
http://discuss.tucows.com/mailman/listinfo/domains-gen

Reply via email to