How we prevent spam

Spam prevention at four points

Even though it is impossible to filter 100% of all incoming spam, it's in the best interest of everyone that spam prevention and filtering methods be put in place by any organization providing e-mail service. Korax' spam prevention consists of four points of defence.

1. Greylisting

   Greylisting is a relatively new but highly effective, low risk method of blocking spam and virus email at the server level. It works on the premise that the vast majority of spam is sent through compromised or virus-infected computers, rather than through legitimate, Internet standards compliant mail servers. Statistics show that greylisting is as high as 97% effective in blocking spam and virus mail, with a near-zero false positive rate.

   When a remote server attempts to deliver a new message to Korax, the Korax mail server records the remote server's IP address and the sender and recipient email addresses, and then instructs the remote server to retry the delivery later. All mail servers are required by Internet mail standards to automatically retry delivery after a short period of time. On the second delivery attempt, the mail is recognized and accepted. In addition, any subsequent e-mail from the same sender and server is automatically accepted without any delay.

   Korax' implementation of greylisting also features automatic whitelisting of frequently-seen mail servers, such as ISP mail servers. Mail from these servers is accepted immediately. Most other mail servers retry delivery within 5 to 30 minutes (the length of the delay is specific to the configuration of each server). A new header, "X-Greylist:", is also added to each e-mail, showing the length of the greylisting delay, or whether the email was accepted immediately due to automatic whitelisting.

2. Third-party DNS blacklists

   These blacklists are maintained by other companies and organizations, and are used to block mail from known spamming operations, spam-friendly Internet service providers, open proxies, open SMTP relays (incorrectly configured mail servers which accept mail from anywhere and deliver it anywhere, without requiring any authentication), and known end-user IP address ranges (such as cable, dialup and residential Internet connections), which do not normally contain servers.

3. Local blacklists

   These are lists of domain names and IP addresses from which Korax or its customers have received spam, and from which they are likely to receive more spam. Mail is not accepted from these domain names or IP addresses. The vast majority of these entries are domain names belonging to organized spamming operations, and IP addresses of networks in certain countries which are well known to be major sources of spam.

4. Spam keywords list

   This is a locally maintained list of phrases commonly found in the subject or body text of spam messages. Mail is not accepted if the subject or text of the message matches any of the entries on this list.

Accidental spam filtering

Because spam filtering is not an exact science, sometimes legitimate e-mail is filtered out as spam. If someone is attempting to send you e-mail, the best course of action is to obtain a copy of the delivery failure notification that was returned to the sender, and forward it to us in full. This will usually help us to quickly identify the message in our logs and find out why it was rejected.

If you can't get a copy of the returned message, we'll need to know the sender and recipient's e-mail addresses, and the date and time of the message, as accurately as you can find out.

Reasons for accidental spam filtering

In most cases, the message will be rejected because the sender's mail server is listed in one of the DNS-based blacklists. If this is the case, we will provide you with instructions which the sender of the message should forward to their mail server administrator. (Occasionally, we will whitelist the mail server's IP address, overriding the DNS blacklist, but we will only do this in very specific situations.)

If the message was rejected by one of the Korax-managed filters, we will adjust the filter to allow the message to pass through.

Finally, if the message was rejected because it was being delivered from a server on an end-user Internet connection, we will request that the sender adjust their mail server's configuration. Most major Internet service providers and web hosting providers, including Korax, do not accept mail deliveries from these address ranges. Individuals who operate their own mail servers on an end-user Internet connection should configure their servers to relay their outgoing mail through their ISP's SMTP server.

Reporting spam

If you would like us to analyze a spam message you've received for possible inclusion in one of our spam filtering systems, you can forward the entire message, including full e-mail headers, to spam@korax.net. Note that this address is for spam analysis only, and you won't receive a reply. The full e-mail headers must be included; your spam report will not be useful to us without them. Please refer to your e-mail software's help function to learn how to view the full headers.

Please do not send any spam reports if you have turned off the spam filtering for your domain name. Instead, turn spam filtering back on. If you continue to receive unwanted mail after you re-enable filtering, report it as described above.

You can also use online tools that attempt to analyze spam messages for you, and help you send abuse reports to the appropriate server administrators. Go to The Network Abuse Clearinghouse web site for a list of such tools.