Rock River Internet Home Services

How Our New Spam Scanner Works

October 7, 2005... Rock River Internet has just added a very effective SPAM filter to our mail servers. We have found that the majority of SPAM is sent from servers that are not properly configured with forward and reverse DNS records. We are now checking all mail servers that are sending mail to our customers to make sure that they have valid address records. Our new custom software has a unique solution for this problem which is described below.

Our tests consist of the following:

    Reverse DNS test - First we take the IP address of the sending mail (smtp) server and look up the reverse dns record for that IP address. If the reverse record is missing, we reject the email. This may sound severe, but we are following the lead of a larger ISP and the direction of the industry. "AOL's mail servers will reject connections from any IP address that does not have reverse DNS (a PTR record)."

    Forward DNS test - Next we check for a forward matching A record (name record for that IP address). If the forward name record matches the reverse record (which it should if correctly configured) the mail is passed onto our normal spam and virus processing engine (or bypassed if requested by the customer). If the forward record falls within the same class C of the reverse record, we automatically add the server to our allowed servers list. This will automatically pass the mail through in the future even though the forward and reverse records don't match.

If the mail server fails the forward and reverse matching tests above and forward record is either missing or outside of the same Class C block as the reverse record, we block the email and send a message to the intended recipient describing the bad configuration in detail along with a web link to allow the mail from this server through. If the recipient follows the web link, the server is then added to our "missconfigured but allowed" servers list. If the recipient does nothing, then the server is automatically blocked from sending future email to our customers.

The following is a copy of the message sent to the intended message recipient.

This is the mail server of Rock River Internet.  Someone is trying to
send you a message from feedback@ebay.com. This e-mail is being denied by our
servers because their e-mail server is misconfigured.


       SMTP: 83.228.101.22
Reverse DNS: h-83-228-101-22.sky-bg.ru
Forward DNS:


The SMTP server should have a valid reverse DNS entry, which should
point back to a matching forward DNS entry.  If the email address looks
familiar but the Reverse DNS ends with something foreign like
.ru, .my, or, .ro, then chances are it is probably a forged message and SPAM.
Most domestic mail servers will end in .com, .org, .net, .gov, or .edu.

A very useuful WHOIS lookup and list of foreign top level domains can be found at
dnsstuff.com.  If you copy the SMTP address into the WHOIS box 
(3rd down on the left) it will give you an idea of the location of the server.


If you are expecting this e-mail and wish to allow it to be delivered
please follow this link:


http://www.rockriver.net/spamtools/allowsmtp.php?


If you do not want to receive any more e-mails from our system about
this type of error please follow this link:


http://www.rockriver.net/spamtools/blocksender.php?


Thank You.


Rock River Internet Support
815.968.9888 x 2 

Our scanning services are available for anyone with a domain name or a mail server connected to the Internet. If you have your own company mail server and would like to take advantage of our scanning services, server back-up, server colocation, or other hosting services, please call sales at 815-968-9888. If you have a rockriver.net mail account and do not wish to have your e-mail scanned for spam and/or virus, you may opt out by sending e-mail to support@rockriver.net. This is also the contact method for your whitelist (allow) or blacklist (deny) needs.

| Home | Services | Support | Sign Up | Jobs | Site Map | About Us |