Junk Email (Spam) Blocking Policies, Methods and Blocked Companies
Last updated: September 24, 2008
Section 1: How we protect our customers from junk email.
Section 2: How you can help!
Section 3: Why we would block a company from delivering mail to our customers.
Section 4: How our customers can see if emails to them are being blocked.
Section 5: How companies can appeal to be removed from our blocking measures.
Section 6: If you had an email blocked.
Section 7: Companies blocked from our customers for junk email delivery.
Section 8: Companies blocked from our customers for advertising themselves with unsolicited email.
How does Hostasaurus.Com protect it's customers from junk email (Spam)?
Hostasaurus.Com is happy to offer multiple options to our customers for the handling of unsolicited email.
Here are our current offerings that shared hosting customers can modify by contacting Support:
- All Levels
- Sender Email Address Check: Hostasaurus.Com maintains a list of email addresses that have been used on multiple occassions for sending junk email; these are blocked at all levels of our filtering, even the clean feed option.
- Option #1 (Clean Feed)
- Outside of the above, no filtering or blocking will be performed. This includes zero content filtering, network filtering or remote mail server blocking but will still block some of the companies we refuse any messages from that are listed at the bottom of this page. We only recommend this if absolutely necessary.
- Option #2 (Standard Filter/Block Forwarding) [DEFAULT]
- This option is the default for new accounts. It includes the following anti-spam features used in the order listed below:
- The email address test listed above under "All Levels".
- IP Address Check
All mail servers connecting to Hostasaurus.Com to deliver email to any of our customers on any of our servers will have their network address checked against the following:
- Our own Hostasaurus.Com database of 'bad' mail server addresses. The Hostasaurus.Com staff has accumulated a list of 'known bad' mail servers from emails our customers have forwarded to firstname.lastname@example.org. Once a mail server is on that list, it will get an error like the one shown below in the Why was your email blocked? section of this page the next time it tries to connect. The mail servers typically added to this list are ones operated by internet providers who do not take action against their own junk-mailing customers after multiple abuse reports have been filed. We are very conservative about adding servers and networks to this list.
- The Spamhaus SBL+XBL list. spamhaus.org, maintains two lists of servers, the SBL and the XBL; servers on the XBL are those that have been hacked, are misconfigured or otherwise have technical problems that are allowing their use by junk mailers to send spam anonymously. Servers on the SBL are those that are run by known spam senders or that reside on the networks operated by known spam senders. Over 90% of the junk email sent is done so by just 200 organizations, spamhaus attempts to block these.
- The Open Relay Database (ORDB) - ORDB.org, the Open Relay Database, is a list of broken mail servers on the Internet that send email for anyone, to anyone. Junk-mailers use these without permission to deliver their emails. No correctly configured mail server will be on this list.
- Spam Assassin
Spam Assassin software analyzes all incoming messages, including the body, and adds and removes points from a 'score' based on things it finds. If the resulting score is higher than our threshold, you will receive an email report on why the message is considered suspect and the original message will be attached for you. This will let you delete the message without opening it if it is obviously junk or still read the original message if it was falsely identified as junk. If you do receive a legitimate email erroneously marked as junk, please forward the report to our support staff so we can adjust Spam Assassin to avoid future improper detection.
Here is a sample report from an email offering you $4,959/month to work from home and telling you that the message complies with Senate bill 1618 allowing them to send you junk email. The subject was "$1500 to $4,999 per month GUARANTEED! Jkujla". It shows you how the points were assigned, and why, and that the points found exceeded our limit of 6.7:
---- Start SpamAssassin results
18.90 points, 6.7 required;
* 0.8 -- Subject starts with dollar amount
* 2.0 -- Sent with 'X-Priority' set to high
* 2.9 -- Subject GUARANTEED
* 2.0 -- Subject contains lots of white space
* 0.5 -- BODY: Something is emphatically guaranteed
* 0.1 -- BODY: HTML included in message
* 0.7 -- BODY: Message is 40% to 50% HTML
* 1.7 -- RAW: Message text disguised using base-64 encoding
* 0.1 -- URI: URL of page called "remove"
* 0.1 -- URI: Includes a link to send a mail with a subject
* 4.4 -- Message-Id is fake (in Outlook Express format)
* 0.8 -- Subject contains a unique ID
* 2.8 -- 'From' juno.com does not match 'Received' headers
---- End of SpamAssassin results
The original message did not contain plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
- Option #3 (Standard Filter/Block Bouncing)
- This is the same as Option #2 above, but instead of receiving the junk email report and attached message, the message will be bounced back to the sender and you won't be bothered. We recommend customers switch to this after they are comfortable with the system. This way you do not see the junk and the junk sender is informed that their emails are not welcome. The sender will be informed of a way to contact Hostasaurus staff in case their email was incorrectly blocked.
- Option #4 (Aggressive Filtering/Block Bouncing)
- This is the same as Option #3 above, but adds an additional check on the connecting mail server as listed below. You do not want to use this option unless you understand that a small amount of legitimate email will most likely be blocked, it will happen but will also significantly reduce your junk email.
- sorbs.net (www.sorbs.net) - The SORBS blacklist tracks machines that have been known to be exploited for sending junk email as well as those that are connecting from dial-up or other dynamic networks where you would not normally find a mail server. There is a quick and easy procedure for legitimate mail server operators to get delisted if they do findtheir server listed in SORBS. People who are blocked by SORBS will often tell you that they can't believe your host uses SORBS because they charge a $50 'ransom' to be de-listed. That is not correct, the only time SORBS requires you donate $50 to charity, not to them, is when they have had to block a range of machines at a given internet provider due to a wide-spread problem with a history of no resolution. SORBS is a little aggressive at times which is why we only use them on our highest level of filtering.
- [Discontinued] We previously offered the bl.spamcop.net database (www.spamcop.net/bl.shtml) - We have stopped doing this because spamcop.net recently changed their policies from fighting spam to being an entity who masquerades as a spam fighter while in reality attempting to block any mail server that runs software they don't like, any server that offers its customers services they don't want it to offer, including autoresponders and vacation messages, and applying these policies selectively rather than to all. You can read more about them at this page.
- We are evaluating alternative blacklists to use with our aggressive option currently.
How You Can Help
- Forward incorrect spam detection reports to email@example.com, with FULL HEADERS so filters can be corrected.
- Forward missed junk email to firstname.lastname@example.org with FULL HEADERS (messages without the headers will be automatically discarded). If you do not know how to retreive the headers from your email software, just ask us. The parts we need to see are where the email came from and what Spam Assassin found in the message. All messages will have a Spam Assassin report header like the following:
---- Start SpamAssassin results
5.40 points, 6.7 required;
* 0.7 -- From: does not include a real name
* 0.7 -- From: ends in numbers
* 2.9 -- X-Mailer contains "OutLook Express 3.14159"
* 0.1 -- BODY: Image tag with an ID code to identify you
* 0.1 -- BODY: HTML has "tbody" tag
* 0.1 -- BODY: HTML font color not within safe 6x6x6 palette
* 0.2 -- BODY: Message is 50% to 60% HTML
* 0.1 -- BODY: HTML included in message
* 0.1 -- BODY: FONT Size +2 and up or 3 and up
* 0.3 -- 'Message-Id' was added by a relay (2)
* 0.1 -- Message only has text/html MIME parts
---- End of SpamAssassin results
You'll see that this junk email did not hit the limit and was allowed through. In many cases, we can analyze the message and find some Spam Assassin settings we can tweak to ensure it gets blocked next time.
Obnoxious Companies (And There Are A Lot Of Them)
Certain companies have habits that will end up getting them blocked from delivering any email to any domain hosted by Hostasaurus.Com. An incomplete list of ways this can happen follows:
- By sending mail to a Hostasaurus.Com 'honeypot' address. These are email addresses we use in hidden places of our web sites and internet newsgroups; only companies using software to harvest addresses mail them as they're either hidden or explicitly state "Email this address if you would like to be blocked".
- Repeatedly adding a Hostasaurus.Com customer to a mailing or marketing list without verifying the address first.
- Emailing a Hostasaurus.Com customer without offering an easy way for our customer to remove themselves. An example of this is a company who signs people up for a membership service without verifying their address, and then requires that you 'log in' to unsubscribe, so you now have no way to unsubscribe since you never signed up in the first place and don't know how to 'log in'. That is a particularly good example of an obnoxious company.
- Purchasing customer addresses from known junk mailers and sending 'one time' mailings to these addresses.
- By sending email over and over to non-existant addresses.
- By not properly removing bouncing addresses.
- By hiding the address of the recipient being sent the email so those with multiple addresses can't figure out which one needs to be unsubscribed.
- By hiding or obscuring their own return address.
- By sending from addresses that bounce when replied to.
Hostasaurus.Com does not tolerate that type of behavior and will actively block companies that participate. If you are a Hostasaurus.Com customer, you may not be getting an email you expected if the company sending it is on the blocked list or is operating an open relay mail server. Please email email@example.com if you think that is the case and support will look into the issue. If you are a company that finds yourself on this list and wishes to be removed, please email firstname.lastname@example.org and outline what steps have been done to correct the original abuse. If you are removed but then continue your abusive behavior, like eDirect Network did, you will be permanently added to the blocked list and future requests will be discarded.
Why was your email blocked?
You most likely sent an email to one of the hundreds of domains Hostasaurus.Com serves and received something back that looked like this:
----- Transcript of session follows -----
... while talking to mail.hostasaurus.com.:
>>> RCPT To:
<<< 553 Your mail host sends UCE, see http://www.hostasaurus.com/spamblock.php
550 ... User unknown
You received that because one or more customers of Hostasaurus.Com received unsolicited junk/offensive/adult email (spam) that was delivered by the same mail server that you use. Sometimes this is because your internet provider has their server misconfigured to allow people to send that kind of mail through (an 'open relay') or it is because your internet provider encourages that type of behavior. Since these blocked providers can sometimes fix their problems, change their policies or otherwise remedy the situation, please forward the rejection notice you received to email@example.com and we can see about removing the block. You MUST include all of the headers from your rejected and original email message!
Companies currently being blocked completely:
There are not too many companies that have bothered Hostasaurus.Com customers enough to make it onto this list, but there are exceptions. The companies shown below have taken great pride in their efforts at sending unwanted and unsolicited email to users, ignoring complaints about their users sending junk email, making it impossible for users to stop receiving their junk email, or allowing users to be signed up against their will repeatedly. Some of these companies do it for their own gain, some offer free email services and ignore complaints, while others are just in the business of junk email delivery and take lists of addresses from anyone and send whatever unsolicited email the customer wants. Because of this, the staff at Hostasaurus.Com take equal amounts of pride in the fact that we block email from these companies to our large customer base, and this means you, our customer, won't have a mailbox filled with garbage from these companies. If you host your web site or email services with us, you will not receive ANY mail sent by these companies unless you are using the "Clean Feed" option.
- aweber.com (Click to read more about this spam supporter!)
- flonetwork.com (UUNet's HUGE junk email delivery service)
- impulsive.com (emailhello/flashfunstuff.com spam delivery service)
- inetekk.com (veremail/drgworldgroup.com)
- mail.mel.aone.net.au (UUNet Austrailia's huge spam source)
- match.com (impossible to unsubscribe)
- mb(###).net (Postmaster General trying to change their domain name)
- oii1/oin20/0i1i/oin2 (Spammers hosted by multiple providers)
- Postmaster General (postmastergeneral.com/pm0.net/mb#.net)
- starwave.com (go.com's junkmail delivery service)
- Target Email Direct (temd.net, targetemaildirect.com, etc.)
- topica.com (Spammer masquerading as newsletter host, they harvest addresses from domain registrations)
- UUNet Australia (ozemail.com.au)
- Virtumundo (vmadmin.com)
- webbersinternet (spamming as krazykash.com, winbigusa.com, play4keeps.com, cashin4free.com, predictionventure.com, ventureinternet.com, xtrememailsavings.net, imomentum.net, bigwinnerz.com, loansamerica.com)
- yesmail.com (Spamming as p0.com/postdirect.com)
The following are companies that advertise via unsolicited email which customers do not want and cannot stop receiving. They have been blocked completely whenever possible:
- American Pride Gifts
- flashfunstuff.com (emailhello.com)
- Free Drive, Inc.
- INTM Events Group
- Investment Alert
- jackpot.com / jpmailer.com
- Next Card
- Terra Lycos Network
- Universal Publishers
- Urban Yellow Pages
- USA Domains
- Valley Web Hosting