 |
LavaNet policy on system-wide email blocking
Almost anyone with an email account
has received unsolicited bulk email (UBE, or more commonly, "spam")
in their mailbox. Some people receive dozens of spam messages each
day, or more. The amount of spam being sent is increasing exponentially,
with no end in sight. Also common these days are computer viruses
that spread via email. The viruses can range from annoyances that
fill up your mailbox to serious problems if the virus infects your
computer.
While spam and viruses have an impact on everyone with an email
address, their effect on the servers that handle the mail can be
crippling. The additional server load caused by spam and viruses
can cause problems for legitimate mail, such as delays in receiving
mail. This is doubly frustrating since the extra email traffic is
almost universally unwanted.
In light of this, LavaNet has put certain blocks and filters on
incoming email messages, solely to ensure that our mail servers
spend more of their time processing customer email and less on spam
and viruses. This is not a new policy, we have been doing some virus
filtering from September 2001 and implemented the first spam-blocking
list in May 2002. Both these changes were announced to customers
by email at the time of their implementation.
Implementing any kind of email block or filter is not a decision
we made lightly, since we believe strongly that customers should
be in charge of decisions regarding the content of their Internet
activities. The rest of this document explains what blocks or filters
we have in place, why we put them in place, and what you can do
if you wish to be excluded from the block/filter.
Viruses
Viruses are malicious programs that generally
duplicate and distribute themselves by infecting computers and using
your Internet connection or your email as a vehicle to get to other
computers. For example, the Windows-specific "SirCam" virus generates
a short, bogus email message and sends itself to everyone listed in
the infected computer's email address book, as well as to every email
address on every webpage you have recently visited.
Viruses like SirCam can spread without your knowledge, and can spread
fast. In some cases, such viruses can generate so much extra traffic
as to clog up the entire mail spool capacity of ISPs (and certainly
the mail quotas for individual customers ISPs set). Again the emails
generated by this virus are NOT actual messages, just a copy of the
virus pretending to be an email from the user of the infected computer.
One of the serious consequences of this virus is the bouncing of legitimate
email back to the senders because your ISP's mail spool is now full
and is no longer able to accept any mail (infected or otherwise).
Therefore, we have implemented email virus filtering for these prevalent
viruses:
- Beagle
(all variants)
- Dumaru
- Klez
- MiMail (A, C, D, Etc.)
- Novarg
(aka "MyDoom.A")
- SirCam
- SnowWhite
- SobigE
- SobigF
- Sober.O
Customers should not assume this means that their computers and networks
are safe from harm by a virus or related malicious attack. In fact,
we strongly encourage customers to run anti-virus software on their
own computer to protect themselves from attack. As stated in our user
agreement, LavaNet assumes no responsibility for identifying and filtering
malicious code, including viruses, worms, trojan horses and other
Internet dangers. Our specific filtering is designed solely to protect
our system from the overwhelming effects of email-spread viruses,
to control and hopefully eliminate viruses over time. New viruses,
older viruses and more may pop up from time to time. We will do our
best to advise you of them and of how to avoid them, however the Internet
can be a rather rowdy place, and no one "sheriff" can possibly take
charge of all the "bad guys".
The virus filters are applied globally to all email delivered to LavaNet
mailboxes. Due to the way we have set up the filters, at this time
there is no way to exclude a particular email address from the filtering.
Viruses are potentially quite dangerous and we feel confident that
false postives are almost impossible (none have been recorded in the
last two years).
For more information on viruses and how to protect your computer(s),
please check out our Support page:
http://www.lava.net/support/virus/
Spam
Due to the radically increasing volume of
spam, LavaNet uses certain techniques to block email traffic that
is judged extremely likely to be spam. The main technique we use
is to check the IP address of incoming mail connections against
several block-lists. Servers are listed in these block
lists for various reasons (see detailed list below), but in every
case mail from servers that are listed is extremely likely to be
spam.
The advantage of refusing connections from blocklisted servers is
that they are major sources of spam, so this will reduce the burden
on the LavaNet mail servers so that they can focus on legitimate
email. An obvious side effect of the use of block lists is less
spam in your mailbox, which is something most customers desire.
The main disadvantage of using block lists is that it is possible
for listed mail servers to be sources of legitimate traffic in addition
to spam. In our tests, the amount of legitimate email coming from
listed mail servers is extremely small (less than 0.1%), but it
does happen on rare occasions. If you have a correspondent that
sends mail from a listed mail server, our servers will reject their
email until their mail server has been removed from the block list.
Often getting off a block list requires the administrator of the
server to fix the configuration of their mail server so that it
no longer relays spam. As an additional safeguard, all incoming
mail to "postmaster@lava.net" and "abuse@lava.net" bypasses the
block lists to ensure that people corresponding with LavaNet customers
can report block list-related problems via email.
When someone using a listed mail server attempts to send mail to
a LavaNet customer, our mail server will refuse the message. This
should generate an immediate informative error message to the person
trying to send the message, so if any of your correspondents are
affected by this change, you will quickly find out. If you have
a correspondent that is affected by a block list, please contact
LavaNet Technical Support and they can discuss the options available.
LavaNet's philosophy on spam filtering is to empower our customers
to make the decision and be able to control what gets filtered and
what doesn't. For customers that wish to eliminate more spam from
their mailbox, please check out our spam filter called Spammo. It
provides a more individualized solution to spam filtering, focused
on reducing spam in your mailbox rather than excessive load on our
servers.
http://lava.net/support/utilities/spammo/
If, for whatever reason, you do not wish to have the block lists
applied to your mail, you can request an exemption from the block
lists. Note that if your address is exempted from the block lists,
you will see a dramatic increase in the amount of spam in your mailbox,
possibly many times what you see now. For this reason, we recommend
against disabling the block lists for your account. If you want
to be exempted from the block lists, contact support@lava.net.
The follow are the spam blocking techniques currently being used
at LavaNet:
Local LavaNet blocking list
LavaNet always reserves the right to block incoming email from a
server if that server is severely abusing our system (sending tens
of thousands spams, mailbombing a customer, denial of service attack,
etc). We do so only as a last resort, and we unblock the server
when the threat has abated. For this reason, we maintain a locally-maintained
block list. Servers are only added to this list if we have hard
evidence that they have abused our mail servers.
Rejecting unknown return address
domains
LavaNet refuses to accept mail with a return addresses containing
a domain that does not appear to exist. Using a return address with
a made-up domain is is a common technique used by spammers. This
restriction can also help correspondents, since it prevents LavaNet
from accepting mail messages when the user made a typo in their
return address.
RBL+
The RBL+ is a block list that requires a commercial subscription
for use. It combines three Mail Abuse Prevention System lists: Realtime
Blackhole List ("RBL"), the Relay Spam Stopper List ("RSS"), the
Dial-Up User List ("DUL"). The RBL lists hard core spammers and
those that provide spam support services (like web pages and drop
boxes). The RSS lists servers that are misconfigured to allow spammers
to relay their spam through the server. The DUL lists dial-up
and other dynamically assigned IP addresses that are commonly used
by spammers.
If you would like more information on the RBL+, check out this web
page:
http://www.mail-abuse.org/rbl+/
If you have the particular IP address of a mail server and you want
to know whether it is listed on the RBL+, you can check this page:
http://www.mail-abuse.org/cgi-bin/lookup
ORDB
The Open Relay DataBase lists servers that are open relays, and
allow spam to be sent through. For more information on the ORDB,
see this page:
http://ordb.org/
If you have the particular IP address of a mail server and you want
to know whether it is listed on the ORDB list, you can check this
page:
http://ordb.org/lookup/
PDL
The Pan-Am Dialup List contains dial-up and other dynamically assigned
IP addresses that are commonly used by spammers. For more information
see this web page:
http://www.pan-am.ca/pdl/
If you have the particular IP address of a mail server and you want
to know whether it is listed on the PDL, you can check this page:
http://www.pan-am.ca/pdl/pdl-list.txt
DSBL
The Distributed Server Block List contains the IP addresses of servers
that are open relays, open proxies, or have another vulnerability
that allows anybody to deliver email to anywhere, through that server.
For more information about the DSBL, see this web page:
http://dsbl.org/main
If you have the particular IP address of a mail server and you want
to know whether it is listed on the DSBL, you can check this page:
http://dsbl.org/listing
SBL
The Spamhaus Block List is a DNS-based database of IP addresses
of verified spam sources (including spammers, spam gangs and spam
support services), supplied as a free service to help email administrators
better manage incoming email streams. For more information about
the SBL, or if you have the particular IP address of a mail server
and you want to know whether it is listed on the SBL, you can check
this page:
http://www.spamhaus.org/sbl/index.lasso
|
