From Nick's Wiki
Jump to: navigation, search


Protecting the systems from the scum of the Internet

I am the owner of the mailservers which are providing email services for several domains. All email messages for these domains are subject to my usage policy.

What is Spam?

This document is referring to the unsolicited bulk email (UBE), commonly known as spam. There is also the SPAM - canned meat produced by Hormel, which is not the subject of this document. While email spam is undesirable, the Hormel SPAM is good (at least in my opinion).

The generally accepted definition of spam email is email that is:

  • Unsolicited
  • Of a promotional nature
  • Sent in bulk (multiple similar messages)

The content is irrelevant - it doesn't matter what the email is promoting; as long as it is unsolicited and sent in bulk, it is spam.

What I am Doing about It

If you have had an email address for some time then you have seen it all: unwanted and unwelcome offers for knock-off drugs and merchandise, offers from relatives of deceased dictators to transfer money in your account, links to websites featuring schoolgirls doing things that schoolgirls are not supposed to do, greeting cards sent by people you have never heard of and so on, flooding your inbox.

I am going at great lengths to stop this junk from being delivered to the users of the mailservers. Less than 1% of all incoming spam makes it to a user inbox.

The mailservers are configured to reject email coming from hosts listed in the Spamhaus DBL, SBL, PBL and XBL lists. I am also using Spamhaus DROP to block all connections from networks listed as belonging to spammer operations.

Besides the Spamhaus lists I am using my own blocking lists. One of the configurations implemented on the mailservers includes my blocking lists and the mail exchangers for several domains use this configuration. Email sent from listed IP addresses to these domains is rejected.

The few spam emails that get past the blocks are filtered with Clam Anti-Virus and SpamAssassin and they are used to train the SpamAssassin Bayes filter.

I have set up several spamtrap addresses, whose only purpose is to collect spam for training the Bayes filter and for updating the local blocking lists.

My spam blocking and filtering system is featured in the Spam and Malware Filtering System pages.

I am sending complaints to the spammers' providers, though this is mostly limited to spam that makes it past the blocklists and filters - I simply don't have the time for the stuff caught by spamtraps, blocklisting the source is much quicker and easier.

Is Blocking Spam Legal?

My servers, my rules

I own the mailservers, so I have the right to configure them in whatever way I want. Sending email to any domain served by my mailservers is a privilege, not a right, and this privilege can be revoked at any time for any reason.

The CAN-SPAM act of 2003 has a provision that specifically allows Internet access providers to set their own policies for filtering and blocking email. Since I provide email access (an Internet service) for several users I am covered by this provision:

  • 8(c) NO EFFECT ON POLICIES OF PROVIDERS OF INTERNET ACCESS SERVICE- Nothing in this Act shall be construed to have any effect on the lawfulness or unlawfulness, under any other provision of law, of the adoption, implementation, or enforcement by a provider of Internet access service of a policy of declining to transmit, route, relay, handle, or store certain types of electronic mail messages.

I am also handling email services for the domain This domain is registered in a European Union member country - Romania - and is covered by the EU directive that bans spam altogether.

Outgoing Email

Email originating from domains served by the servers is filtered by the Clam Anti-Virus system. The gateway systems are configured to block outgoing connections on tcp/25 from all hosts with the exception of the mailservers. The outgoing mail servers may only be accessed by users with access accounts on

The Spam Blocking Policy

In order to protect the mailservers I am maintaining several lists of IP addresses, IP ranges and domains that are sources of abuse. I am also maintaining a list of residential IP ranges and subdomains - email sent directly from these sources is rejected.

The lists are for internal use only and are not published.

You can check whether your IP address is listed at the Sandesnet DNSBL Lookup page.

Automatic Listings

IP addresses sending emails that hit spamtraps or are filtered by SpamAssassin are recorded and - after a certain number of hits - are included in the blocking lists for an interval between 5 and 10 weeks. Hits on other blocking lists used by my mailservers are also cached locally for 5 to 10 weeks.

Malware sources are included in the blocking list for 7 days.

Sources of emails sent to spamtraps and invalid addresses are listed as dictionary attack sources for 1 day, after a number of attempts to send such emails.

Sources of backscatter (emails bounced to forged sender addresses) are blocked for 7 days; they are also listed as spam sources after a preset number of hits.

SMTP connections from IP addresses listed in the blocking list are rejected with a 554 code.

Manual Listings

IP addreses, IP ranges and domains that are persistent sources of spam and other abuse are blocked manually for up to 6 months. Listings older than 6 months are kept as 'dormant' for 1 to 3 years and are automatically reactivated if new spam is received from the listed IP addresses or ranges.

Dynamic and residential IP ranges and domains are listed permanently. If you want to send email to my mailservers use your provider's mailservers.

Delisting Policy

Only the users of my mailservers may request the delisting of IP addresses or domains.

The IP addresses and domains listed in my blocklists are delisted automatically when their records expire - usually between 5 weeks and 6 months.

A listing is renewed every time abusive email is sent from the listed source.