HotDoodle Logo
Spam that Bypasses the Third-Party Filter

When the third-party email filter is in place the domains Mail Exchange (MX) records state that the email is supposed to go to the third party (which then sends to your mailboxthat which is not spam).

The key word here is "supposed".   Per internet specs this is the way it is to work, but spammers are not known for compliance to rules.  Some will ignore what the MX records declare and make a guess as to where your mail server lives.   If it guesses correctly and sends to your email server then the spam gets through without the benifit of the enhanced filter.  It is still subject to the built in spam-assassin filter.

Because the email server is shared by some that do not use the enhanced spam filter,  HotDoodle cannot simply block the port to only receive from the enhanced spam filter servers.

This might not be a problem:  Most spam honors the MX records and it may be that the volume of the bypassing spam is not significant.


How They Might Guess

Obvious ways for a spammer to guess your email server's IP address are:

  • Try the server that has the web site
  • Look for any "mail.' DNS entries such as mail.yourdomain.com
  • Try any IP that is in the DNS for the domain, no matter what tags are attached to it.
Hiding From Them is Hiding From You

Some of the ways spammers might guess work for the default HotDoodle configuration, meaning that the spammers correctly guess how to bypass the filter.

If we take steps to hide this from the spammers it will also be hiding it from you.   Your email clients will no longer be able to use names like mail.yourdomain.com and will have to instead use unrelated names like s32.hotdoodle.com.

The config emails screen will give you correct information, it will just be harder to remember.


How We Make their Guesses Fail

The first step in making the guessing of the email server IP address fail is to make the email server and the web site server be on different IPs. HotDoodle sites by default place both on the same IP so one or the other has to be moved.

Technically, it is much easier to move a website than to move emails and the related user accounts and storage places. This is particularly true when one knows everything about the site, as we do with our websites.   So if bypassing spam is a problem we move your website to another server.

Impact of the move:
If we control the name servers of the domains used with the site we can move the site without impact. The site will not be down even during the time it takes to propate the new DNS information.     If the name servers are not ours, you can either share their login credentials, or can make the changes yourself.


We recommend that you

Do Not Mess with This

unless the level of bypassing spam is unacceptable.


How to Detect Emails that Bypass the Enhanced Filter

Just because some spam is still present does not mean that the spam has bypassed the filters. Spam handling is a percentage game where the filters try to guess what is spam (without blocking legitimate mesages) and spammers try to mutate to be undetected.

To see if an email arrived by bypassing the filter, open the message headers. (How this is done is particular to each email reader.).   If you cannot find a reference to "smtproutes.com" then the email has bypassed the enhanced spam filter.

© 2006 - 2015 Metabyte, Inc., All Rights Reserved, Patents Pending

http://www.hotdoodle.com, HotDoodle™ Custom Web Design and Quality Affordable Website Designers for Small Businesses and Professionals
Powered by http://www.hotdoodle.com, HotDoodle™ Custom Web Design and Quality Affordable Website Designers for Small Businesses and Professionals
Web Design for Websites you Can Edit Site Map