Friday, 06 April, 2007

Fighting SPAM ::: 6:48pm GMT

Over the last few months we have been testing and refining a new spam fighting system for all servers that is designed to drastically reduce the amount of spam that makes it to your inboxes. Throughout this, we have added many layers of spam protection which targets different types of spam while providing protection against many future methods of bypassing spam filtering. Many of you have reported drastically reduced amounts of spam being received, and here is why..

SMTP Time Filtering:
When email is sent from server to server it is done via an SMTP exchange during which a remote email server will connect to the mail server here to deliver an email. The unfortunate side effect of this process is that it was designed many years ago without a form of identity confirmation so any email server can claim to be any other email server. With this in mind we have installed the following tests to attempt to combat this problem:

HELO Testing
This method of testing is designed to block servers that attempt to forge their HELO string to bypass less intelligent spam filtering systems. These filters are capable of blocking tens of thousands of emails per hour with a near 0% false positive rate due to the way the test was designed.

DNSBL Testing
This method of testing can mean many different things depending on which blacklists are used. We rotate blacklists frequently and keep up with the atest happenings so we know exactly what we are blocking by using the lists. Our choices in targets are known confirmed spam sources, known bad IP space (stolen IP space), and IP ranges where email should never come from. These are excellent methods of blocking spam with a few low false positive rate due to the specific targeting of spam only IP space.

This method of testing is mostly unknown to the vast majority of the internet community and is one of the more promising new methods of blocking pam. Instead of targeting where spam comes fromspecifically as DNSBLs do, this method of testing is designed to block the websites spammers are ttempting to send you to. This is also known as blocking spamvertised websites. This filtering reads inside the body of the email for the URLs inside the email and checks them against the SURBL and URIBL blacklists for any mention of spamvertised websites. An additional reason for its effectiveness is it will block emails that contain these websites no matter what IP address they are sent from so newly compromised servers cannot be used to spam when this method is used. The response time of Spamcop without the false positives.

With all of this in mind we must come to terms with the thought that spammers will occasionally be able to bypass these blocking methods with tricks such as enclosing their message in an image or putting a * character in the URL in the email to prevent SURBL/URIBL blocking. This is where Spam Assassin is more effective due to its ability to parse and scan all parts of the email with a variety of tests before scoring the email.

Spam Assassin Filtering:
Image Only spam - This form of spam is typically when an image is included with a large block of random text from a book or website which attempts to bypass spam filtering by including no filterable parts of the email. Some methods for stopping this include OCR which allows the software to parse the image to find certain strings within the image, but this method is very resource intensive. We have found that by allowing Spam Assassin to look at characteristics of the Image Only spam such as a single large image with test below it we have been able to block these with a high degree of success without any false positives to note. This form of testing is not 100%, but combined with other testing it will block up to 99% of image only spam.

Collaborative network testing
This form of testing is much like spam cop in that it accepts reports from many different servers and uses its framework to process if an email is spam or not. Its effectiveness depends largely on the age of the email with its strongest point being is relatively short time between new spam being send out to servers around the world and the system marking those emails as likely bulk spam email. When used with other testing within Spam Assassin this proves to be a very effective method of blocking in addition to bayesian filters.

Bayesian filtering
Up until now the bayesian engine has been used mostly as a secondary method of filtering, but recent improvements allow for much more efficient updates of the bayesian databases. After a few days or weeks (depending on the level of spam you receive) the bayesian engine will begin to help Spam Assassin block spam much more effectively for your accounts. Training is automatic and is setup to work without any additional setup beyond choosing the proper spam score.

SPF Record testing
As many of you might be aware a very common practice in spamming is to spoof the from address of the email. As this happens some websites will publish SPF records to help others block the spam that contains their spoofed from address. Spam Assassin at MMSHosting will now make use of these records to confirm if the SPF records match. No points are added or deducted for properly matching records, but if the records do not match according to tests then the message is scored
higher as it will be more likely to be a joe job.

As you can see we have made massive improvements to the overall effectiveness of spam blocking at MMSHosting . We are not done yet and will continue to improve on an already excellent system as needed to keep spam away from your inboxes.


Wednesday, 30 March, 2005

New SSL Certificate ::: 4:38am GMT

We are please to announce that we now have our own SSL certificate for the "secure" sub-domain. Effective immediately, you need to access the billing system through the following link: Please let us know if you encounter any difficulties.

Friday, 04 March, 2005

Server Outage ::: 2:22pm GMT

We experienced a rare server outage last night. At approximately 8:00pm PST, the server failed to respond and function normally. Our monitoring tools alerted the admins of the event and an unscheduled server restart was done. Around 8:20pm PST, normal operation was resumed.

Our admins are looking at the server logs to determine why this occurred and to take appropriate action.

While this is a very rare event, please accept our apologies for any inconvenience this may have caused.

Monday, 12 April, 2004

New Bandwidth Provider ::: 5:03pm GMT

As many of you know, we've been working tirelessly to constantly improve our service offerings. Over the course of the next few months, we will be releasing more and more enhancements to give MMSHosting, and it's clients a huge edge over our competition. Having said that, one of the major improvements will be going into effect on the network side of things. We have already added an additional bandwidth provider to our already strong network. The provider is Level 3 Communications. We've analyzed thousands upon thousands of traceroutes, latency tests, and more with our upstreams. It's just about anyone's consensus, that this is the best provider you can bring on to a network. We've already seen some amazing results, and we hope that you are as delighted as we are with the implementation of this new provider.

Thursday, 04 March, 2004

SPAM eMail claiming service interruption ::: 5:11pm GMT

It has come to our attention an eMail has been sent to our users that claims to be coming from either your domain or one here at and states that our mail servers are to be unavailable for two days. This is absolutely false. In addition there is an attachment that contains a zip file that is password protected. That file contains a executable file that will run on unpacking the zip file. We strongly recommend that you do NOT open that attachment!

This message contained the following partial content:

Our main mailing server will be temporary unavaible for next two days,
to continue receiving mail in these days you have to configure our free
auto-forwarding service.

For more information see the attached file.

If you received this eMail, discard it and others that are similar. Here at MMSHosting will never ask you to open an attachment or login to a service that you have not subscribed to or purchased.