xervers antispam service
Since 01 November 2021 we implemented a antispam service that filters all outgoing mail on our network. This filter acts on port 25 and it’s not possible to disable it.
If your email is not reaching destination, it’s because one or all of the following reasons:
- Your IP is blocked on some SPAM lists.
- Check the usual spam lists (barracuda, spamhous, etc…) and confirm that the IP or domain that is sending the email is not blocked.
- Your server doesn’t have a reverse dns configured.
- In order to be able to send an email successfully, the reverse dns (PTR record) needs to be configured. This can be done on the client area (for the VPS Servers) or on the IPAM portal (for the dedicated servers).
- You don’t have a SPF record configured.
- Like most of the email servers, our antispam service checks that you have a correct SPF record configured. If that is not the case, you have to configure it.
Note: When configuring the SPF, add the IPv4: 185.219.130.2 and IPv6: 2a0e:bc00:0:2:0:0:4d7:5959 to the allowed IPs.
- Like most of the email servers, our antispam service checks that you have a correct SPF record configured. If that is not the case, you have to configure it.
- The DKIM Signature of the email being sent doesn’t match with the key configured on the domain.
- If you have set a DKIM pair keys, check that both are correctly configured (on the domain and on the email server).
- The email isn’t correctly formatted:
- The email header is bogus.
- The sender domain/mail doesn’t exist.
- The destination’s domain/mail doesn’t exist.
- The header contains 2 “From” emails from different domains.
- The header’s date is invalid (check RFC 2822).
- Has mixed cases in center or HREF tags.
- The sender domain doesn’t have a MX or A records.
These are just a few checks our antispam service does before allowing your message to the outside world. The SPAM score is calculated with the above checks and if it is over 3 (minimum is 0 and max is 15), the message is blocked.
To know what mails are being blocked, you can configure a catch-all address and whitelist all emails coming from [email protected]. When an email is blocked, you’ll receive a notification with a link to access directly the portal. You can then verify the reasons why the email is being blocked.
Apendix:
Test Performed |
Test Description |
AWL |
Standard description: "From:" of the address is auto-whitelisted Explanation: Automatic Whitelisting (AWL) keeps track of the scores associated with known senders and pushes the total score of the mail to the sender's average. Thus, mail from a previous sender that has a higher-than-average score may receive a negative score; mail with a lower-than-average score may receive a positive score. |
BAYES_99 |
Standard description: Bayes spam probability is 99 to 100% (or 99.00 to 100.00% for BAYES_999). Explanation: The SpamAssassin includes a Bayesian filter that assigns scores based on the user's previous email history. This can assign both positive and negative scores. For example, a user might receive a given spam message multiple times through a relay identified in a DNSBL, so that the SpamAssassin correctly identifies it as spam. If the user receives the same message through a new unlisted relay, the Bayesian algorithm will assign him a high score based on previous experience. Conversely, if a user receives a regular newsletter from a fitness club, and one issue references diet and weight loss pills (which normally flage the message as spam), the Bayesian algorithm will assign it a lower score. |
BAYES_999 |
|
DKIM_SIGNED |
Standard description: Identified mail domain keys: the message has a signature Explanation: The message is signed using DKIM (http://www.dkim.org/) |
DKIM_VALID |
Standard description: Domain keys Identified mail: verification of signature passes Explanation: The message is signed using DKIM (http://www.dkim.org/) and the signature has been verified |
DKIM_VALID_AU |
Standard description: The message has a valid DKIM or DK signature from the originator's domain Explanation: The emails contain a DKIM signature validated to the author's domain, which essentially means that the email comes from where it says it is. |
HTML_IMAGE_ONLY_20 |
Standard description: HTML: images with 1600-2000 bytes of words Explanation: This can indicate a message using an image instead of words in order to bypass text-based filtering. |
HTML_MESSAGE |
Standard description: HTML included in the message Explanation: HTML messages are more visually appealing than plain text. |
HTML_SHORT_LINK_IMG_3 |
Standard description: HTML is too short with an image attached Explanation: The message is HTML with only one link to an external image. This may indicate an attempt to avoid text-based filters. |
HTML_TITLE_SUBJ_DIFF |
- |
MIME_HTML_ONLY |
Standard description: The message has only text/html MIME parts Explanation: Indicates that the message lacks the alternative plain text part. |
MIME_HTML_ONLY_MULTI |
Standard description: Multipart message has only text/html MIME parts Explanation: A multi-part message usually has HTML and plain text alternatives with the same content. One with only HTML parts may indicate an attempt to avoid text-based filters. |
MPART_ALT_DIFF |
Standard description: HTML and text parts are different Explanation: The mail contains content in both HTML and plain text format, but its content is (most likely) different. This suggests that the sender is not using a normal mail client, and is trying to evade filtering by using a message that looks different to humans and mail filters. |
RCVD_IN_DNSWL_BLOCKED |
Standard description: The DNSWL query was blocked. Explanation: DNS block lists are a common form of network-accessible database used for spam detection. They are also referred to as "DNSBLs", "DNS Black Lists" and "RBLs". |
SPF_HELO_PASS |
Standard description: SPF: HELO corresponds to the SPF register Explanation: SPF (Sender Policy Framework) is an open standard that specifies a technical method to prevent the spoofing of sender addresses. The domain in the HELO command is compared against a list of allowed mail relays for that domain. This states, for example, that mail from [email protected] should have come through mail.example.com and not mail.badguys.info. In a normal mail client, the HELO command uses the Internet name of the computer sending the mail, so someone can use your 1-2-3-dyn.bigisp.com computer to send mail through the bigisp.com mail relay, which has an SPF record indicating that this is allowed. Passe A "Pass" result means that the client is authorised to inject mail with the given identity. The domain can now, in a reputational sense, be held responsible for sending the message. Further policy checks can now proceed with confidence in the legitimate use of the identity. ð From RFC 4408 |
SPF_PASS |
Standard description: SPF: sender corresponds to the SPF record Explanation: SPF (Sender Policy Framework) is an open standard that specifies a technical method to prevent the spoofing of sender addresses. The sender domain is compared against a list of allowed mail relays for that domain. This states, for example, that mail from [email protected] should have come from mail.example.com and not mail.badguys.info. This often happens when users forward their mail to another domain, but the forwarding mechanism is not SPF-sensitive. Such a user would see SPF_FAIL tags in some of their incoming mail. Passe A "Pass" result means that the client is authorised to inject mail with the given identity. The domain can now, in a reputational sense, be held responsible for sending the message. Further policy checks can now proceed with confidence in the legitimate use of the identity. ð From RFC 4408 |
T_REMOTE_IMAGE |
Standard description: The message contains an external image Explanation: The message contains an image that is not attached but is uploaded from an external server. |
URIBL_BLOCKED |
Standard description: Consultation of the URIBL was blocked. Explanation: DNS block lists are a common form of network-accessible database used for spam detection. They are also referred to as "DNSBLs", "DNS Black Lists" and "RBLs". |
|
|
Spamscore |
Sum of the total points of the tests performed |
This is a non-exhaustive list and tests may change in the future. Therefore it is to be considered as a basis and not as a reference.