First2Host

AntiSpam Policy and port 25 blocks

This article contains the best practices for outgoing email from your server to the internet and our anti-spam policy. These practices must be followed so that your emails do not get filtered, blocked, or marked as spam by First2Host or other anti-spam organizations or partners.

For every IP available with First2Host products and services like NVMe VPS Servers, and Cheap Dedicated Server Hosting as an internet service provider, First2Host will register and reserve it with organizations such as RIPE or ARIN. This means that we appear as the IP abuse contact for litigation in the WHOIS database. If an IP is reported to organizations such as Spamhaus and SpamCop, which work to combat spam, malicious websites, and phishing, then the reputation of our entire network is at stake. It is, therefore, important that First2Host takes care of the reputation, quality, and security of the network, which also forms an important part of your service.

How does the Spam Policy protection system work?

Our system is based on the Vade Retro anti-spam system and comprises of three main areas of focus.

  1. Malware
  2. Spam
  3. Phishing

1. Malware

Malware is usually sent by email as an attachment in the open tricking the end user into opening the attachment. Usually, these emails will contain text like “attached if your purchase order”. Once the attachment is opened the malware then infects the computer causing a loss of data. Our system will also scan each attachment for malware or viruses and if it’s found you are sending Malware an immediate block will be placed on all outgoing and incoming mail.

2. Spam

Each email that is sent from one of the network IPs gets scanned by an automated program.  The content is then analyzed and attached a score of 0 to 500. Any email with a score over 100 will be classified a spam. During the scanning of the outgoing emails our system checks the words used in the email for spamvertised content, word like “buy now” “% discount” “summer sale” are classed as spamvertised content and if these words appear to often in your email message it will gain a higher spam score which could lead to your email port being blocked.

3. Phishing

Phishing is a process of trying to trick end users into logging into a “fake” website like online banking. Usually, users will receive an email asking them to log in to the fake website to change their passwords, the email looks like it’s been sent from a reputable establishment like “Santander”. We also check all links in emails and if we find likes to Phishing sites in your email content then an immediate email block will be put in place.

Unblocking an IP blocked by our AntiSpam Policy

If your emails have been blocked from being sent you must follow these steps before we will consider removing the block. Users who do not follow these steps will not have their port 25 email block removed.

  • stop sending email (e.g. stop all mail software such as qmail, Postfix, Sendmail etc.)
  • check the email queue (e.g. qmHandle for qmail, postqueue -p for Postfix)
  • analyse your logs using the Message-ID found in the block alert
  • Take a copy of a random few email messages open a ticket with our support team and provide the email content inside the ticket for us to analyse.

Automated Spam Scans

There is no human intervention in our anti-spam process. First2Host records message IDs. The destination it was being sent to. The time and date plus the score we assigned it.

You can now unblock port 25 from your control panel if your server is located in Canada or France. Hit “Manage IPs”. Click the cog next to the IP address that has had its port 25 blocked.

If you continue to send spam and remove the block from your control panel. Port 25 will become permanently blocked and can not be removed

Can you whitelist me?

Our AntiSpam Policy is to not whitelist any users, i.e. A filtering exclusion on the outgoing emails from your server. We can only assist you with the logs diagnosis if the Message-IDs are unknown and not part of your legitimate emails or mailing lists. Our Spam Policy and protection system is 99.9% accurate it’s very unlikely our system will block your email ports if you are sending legitimate emails

False Positives

You should then ensure that your email messages comply with the RFC. And the Best Practices indicated below. If they do comply, you can inform us by sending a sample of your email (including header). Open a ticket from your client area and provide a sample of the emails to the support team.

RFC and Best Practices

RFCs (Request For Comments) are documents intended to describe technical aspects of the internet. RFC’s produced and published by the IETF. (Internet Engineering Task Force). They produce and define standards.

As so, best practices are recommended methods. But best practices are intended to advise you on the best way to proceed. In this instance, this means the basic rules to follow.

Sending Volume

Should your outgoing email volume be over 100 emails per hour we advise that you;

  • reserve an IP block dedicated solely to email usage
  • An ‘abuse’ address on this block in order to receive complaints
  • configure reverses on all IPs correctly

Email Content

Because you should control the amount of mail you send, we advise you also avoid using spamvertized keywords in your emails such as “buy” and “last chance”. Avoid capital letters, impersonal subjects, exclamation marks, and % discounts. Also, don’t forget to provide an unsubscribe link for people who have not requested to receive your email or who believe it to be illegitimate.

Ensure that your email contains the sender’s address (or an alias). A subject, and a correct ratio of text, images and links in the body of the message. The text vs. image and text vs. link ratio must be high. Don’t overload the email with hypertext links and avoid Javascript.

FBL – Feedback Loop

Feedback loops enable you to follow up on feedback provided by some internet service providers directly. Informing you that their users have marked your message as illicit. Thus classified as spam. As a result, this will enable you to interact with these ISPs directly concerning your reputation. Some FBLs:

  • Yahoo
  • AOL Postmaster
  • SpamCop
  • Outlook & live.com

Authentication

Some authentication services enable you to protect your reputation.

Sender-ID
An email authentication technology developed by Microsoft which validates the authenticity of your domain name by verifying the IP address of the sender. This technology is based on the IETF standard: RFC4406

SPF
Sender Policy Framework is a standard for verifying the domain of the sender. It is based on RFC4408 and consists of adding an SPF or TXT field to the domain DNS, which contains the list of IPs authorised to send emails from this domain.

Reverse DNS
rDNS enables your IP to be “translated” to your domain.

DKIM
DKIM is described in RFC4871.
AOL, Google (Gmail) work on this basis. Official website: DKIM

Further Reading

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button