How we deal with spam
22 August 2008 by Nick
Spam is a serious problem for any e-mail user. What steps do we take to protect our clients?
For many of our clients, as well as producing their websites, we're responsible for supplying their web hosting and e-mail too. We currently operate three dedicated web servers in a secure London datacentre, which we've kitted out with sophisticated spam and virus filtering. One of the most common complaints we get from customers is the amount of spam they receive. But, thanks to our spam filtering, what actually gets delivered to mailboxes is a tiny proportion of what is actually sent.
The first part of the filtering process happens before we've even received the mail. The sender's mail server "knocks on the door" and provides details of the sender and recipient. At this point we can determine if the recipient address exists, and check if the sender's server is known to send spam, and any other suspicious behaviour. It's at this point that most mail is rejected - of just over 60,000 e-mails yesterday (a fairly typical Thursday), 97.7% were refused at this stage.
This still means that around 1,300 mails were accepted to the server. These are then further checked by "SpamAssassin" software, for more subtle indications the mail isn't legitimate. This software is clever enough to learn as mail flows through it, so it's accuracy improves over time. In our case, this filters out around another 35% of the mail. The threshold for what is considered spam is set by the individual user - so they can determine how conservative they'd like it to be.
This leaves us with just 845 mails which are either legitimate, or too close to call - just 1.4% of the mail which would have been delivered if we hadn't been filtering for spam.
To further enhance the accuracy of the system, the spam detection rules are updated every night, and we manually feed in false negatives, which the system learns from.
Even with the best technology, and our best efforts, some spam inevitably gets through - it's a real problem across the industry. If we clamp down too tightly, we risk legitimate e-mail being deleted - too little and people get too much spam.
The best ways of preventing spam are:
- Don't use 'catch-all' accounts - use only specific e-mail addresses
- Be careful about who you give your e-mail address to
- If some spam does get through, don't "load images", click or reply to it - just delete it
But hopefully this gives an idea of the size and complexity of the problem we face on a daily basis, and the steps we take to minimise the impact of spam.
Posts: 2
Reply #3 on : Thu November 13, 2008, 07:28:34