>Brian Curtis wrote: >> First, I would like to voice our general disgust (as well as that of >> our customers) with the recent changes to the Email Defense product. >> Also, I have noticed a gradual decrease in performance ever since we >> started using the service (when it was first released). While it is >> still effective, it's not nearly that of the service we initially >> started with. >> >I'm not sure if it's us, or just the nature of spam. I have other >filters on another address I use and it's squeaking through more often >that not. (sorry I don't have a better answer, we're looking into this >though)
I agree that the spam filter has been far less effective than it was when I started with the product. In attempting to have a customer upgrade service, I plotted the spam/ham ratios of their old, non-updating spam filter to our system. Their old system was flagging about 20% of their emails as spam and was steadily dropping off over the six months of data I was using. Our spam filter flagged a far higher number, but I was extremely disappointed to find a steady and definite decline in effectiveness plotted over time. (Comparisons using a 7 day rolling average) >> I don't understand why there would be an increase in UCBE that is >> being delivered directly. We have not made any changes to our MX >> record in some time, and the only record listed for our domains with >> EDS is that of the EDS system. Also, the increase of direct delivery >> UCBE seems to coincide with the migration to the Tucows-provided >> platform. >> >So spam's delivered directly to your server? I'm not sure how they >would get your host actually... it reminds me of the situation that >happened when the old system went into place, and spammers had cached MX >records for a bunch of domains and were going straight to the old server. > >I can think of 3 ways of locking it down: >- Blacklist everything and whitelist our delivering servers (64.97.158.0/24) The email being routed directly to your servers and bypassing the spam proxy is doing so by querying for the A record of the domain instead of the MX record and delivering to that. Since most businesses set the 'A' record to the same as their webserver's 'A' record, and since a huge number of companies are small enough to host email and web on the same server, this is a very effective way to bypass the filter. The proper action would what Andrew suggested above, and was was on the old control panel of locking down the server to only receive external email from the EDS servers. But I would note that according to an earlier tech call last week, that the netblock 64.97.156.0/24 also has to be added in addition to 64.97.158.0/24. Is this still correct? Bryan Britt Beltane Web Services 501-327-8558 _______________________________________________ domains-gen mailing list [email protected] http://discuss.tucows.com/mailman/listinfo/domains-gen
