How Spamcop, Pollustop, And The PMBx RFCReader Fight Spam

Most spam is best handled through the Pollustop anti-spam software that is part of the PMBx mail server. Pollustop works specifically for each PMBx user by analyzing email content. Spamcop analyzes the spam email and determines the source IP address, i.e. the numerical address of the computer that sent it, and adds it to their IP blacklist. Pollustop and Spamcop are the only proactive anti-spam choices available to PMBx users.

Here is a sequential representation of the order that the PMBx mail server handles incoming email.

Sending mail server connects => Blocklist check => RFCReader check =>  Pollustop content check => Email delivery

Notice there are three specific points where email is checked. Email delivery can be aborted or altered at these three points. It is helpful to understand how each of these works.

Spamcop, Botnets, and Blocklists

Botnets are ‘herds’ of computers that have been infected with malware virus and then taken over and controlled by the bonnet herder. This control however is all out of sight of the owner of each computer. The botnet herder wants to use these computers to send email spam and phishing email. Phishes are carefully constructed email that temps the recipient to click on a link or file, which results in further viral infection and spread.

Spamcop’s blocklist is a collection of IP addresses of these infected computers. When any computer tries to send email to PMBx users, the PMBx mail server immediately checks the Spamcop blacklists. Only if that sending computer’s IP address is not on the blocklist will the PMBx mail server allow any connection to occur. Once the connection occurs, the email is received and can be further processed by the Pollustop anti-spam software or other anti-spam features of the PMBx mail server.

Reporting spam to Spamcop is not hard, but how you do it is very important. Only fresh spam email will be processed. Old spam will be ignored. Here is the process for each spam email.

  1. With the spam email selected, choose FORWARD AS ATTACHMENT to create a new email.
  2. Address and send the email to spam@pmbx.net.

The critical step is the FORWARD AS ATTACHMENT. You MUST NOT do a simple ‘forward’ of the email as Spamcop will be unable to determine the IP address of the sending computer. Remember that only FRESH spam will be processed. Old spam in your inbox will be ignored.

Spamcop reporting can have some real effects, but unfortunately because bonnet herders often use thousands of ‘botted’ computers to send out their spam, it can take some time for those computers to get on their blacklist. Our Pollustop anti-spam software offers a more immediate effect because it processes content and creates blacklists and whitelists that are specific to each PMBx user.

There are many blocklists besides the Spamcop blocklist and we use several, but only the ones with the best reputation. Reputation here is used as a technical term referring to the quality of the list and not any type of personal preference or feeling. Spamcop however is unique in that it allows users to be directly involved in the creation of their blocklist.

Pollustop

Once email has been received, Pollustop analyzes the content. It uses word frequencies to determine if the email content is more likely to be spam or not. It also checks to see if the sender is on the recipient’s whitelist or blacklist.

Email from recipients who are already on a PMBx user’s whitelist are not processed further by Pollustop and are delivered normally.

If the email is from a sender that is already on the PMBx recipient’s blacklist, Pollustops spam action is triggered. That email will NOT be deleted automatically, but will be moved to the JUNK MAIL folder which is created for each PMBx user.

If the analysis of the email content suggests the email is indeed spam, Pollustop again will move that email to the JUNK MAIL folder. It will NOT be automatically deleted.

Pollustop is very fast and because it never deletes email it is safe. Occasionally good email can be analyzed and determined to be spam by Pollustop. If it ends up in the JUNK MAIL, then it is very easy to train Pollustop to work better and also whitelist the sender at the same time.

RFCReader

It the scheme of analyzing email there are certain words or phrases that are always spam or are vulgar and offensive. In particular, foul language is often associated with pornographic spam. Below is an example of the error message that the PMBx mail server returns if the email content contains an RFCReader word or phrase.

Your message cannot be delivered to the following recipients:Recipient address: <redacted email>
Reason: SMTP transmission failure has occurred
Diagnostic code: smtp;579 message content is not acceptable here
Remote system: dns;mail.pmbx.net (TCP | 17.158.161.8 | 55565 | 198.78.101.198 | 25) (pmbx.net ESMTP CommuniGate Pro 5.4.6)

The list of objectionable word or phrases is only accessible to the PMBx postmaster. If you get this error message, the only way that I can determine the offending word or phrase is to look at the mail server logs. There are however volumes and volumes of logs, even though we only keep the last couple of weeks worth. In order for me to locate the correct log and the correct place IN the log you MUST do the following.

  1. Select the RFCReader error email message.
  2. Choose FORWARD AS ATTACHMENT (a simple forward will NOT work)
  3. Address the email to postmaster@pmbx.net and send it.

Let me emphasize that you MUST use FORWARD AS ATTACHMENT and not a simple ‘forward.’ I will be unable to process these error message emails if they are not sent to me correctly, or if they are older than the logs that I have on file (usually about 2 weeks worth).

Comments are disabled for this post