Recommended Front Line Tests
The scanning of email content is very processor-intensive. It can take from two to fifteen seconds to scan an email for viruses, banned attachments, and spam. If your organization receives a large volume of email, your mail queues can very quickly build up. This is why SpamTitan Gateway's front-line tests are extremely useful.
Front-line tests are time-efficient tests that are carried out by the SpamTitan mail server. These tests do not rely on checking the content of an email before rejecting it. Instead, they examine the envelope settings such as IP address, To/From addresses, message size, etc. Most of these tests are performed via DNS and only take a fraction of a second to complete.
To get the most from your SpamTitan server, it is recommended you configure it to drop as much mail as possible using the front-line tests listed below, so only a small portion of the overall mail flow is passed to the processor-intensive spam, virus and attachment scans.
Tip
Each of the front-line tests described below has a bypass list to which you can add server IP addresses.
Realtime Blackhole Lists (RBLs)
The Realtime Blackhole List (RBL) feature is used to check external databases called DNS Blocklists (DNSbls) which contain lists of IP addresses of known spammers and compromised machines. Once enabled, sending IP addresses (not sender email addresses) are checked against the specified lists and the connection from any listed IPs is dropped before an email is fully delivered.
Enabling RBLs can potentially catch up to 80% of spam. See Managing Realtime Blackhole Lists.
Recipient Verification
Recipient Verification allows SpamTitan to check recipient email addresses to see if they are valid (that is, that they exist on the mail server). Any invalid email address is dropped before being accepted by SpamTitan Gateway.
SPF
SPF (Sender Policy Framework) allows the owner of a domain to use special DNS records to specify which machines are authorized to transmit e-mail for that domain. When receiving a message from a domain, the receiver can check the DNS records to ensure the mail is coming from locations that the domain has authorized.
See SPF Settings.
DKIM
DKIM is a way to verify that an email sender is who they say they are. Its purpose is to prevent email spoofing.
See About DKIM.
DMARC
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication, policy and reporting protocol that helps detect and prevent email spoofing by allowing email senders and receivers to verify their email.
See DMARC and Enabling and Configuring DMARC.
SMTP Settings
SMTP controls allow you to reject messages based on the SMTP properties of the connection and the originating IP address and are recommended as part of your configuration. You can:
Enable Require HELO to require that the server use the HELO command, require a fully qualified hostname or a resolvable hostname.
Enable Require Fully Qualified Domain Names to reject a connection if the address in the client MAIL FROM or RCPT TO command is not in fully-qualified domain form.
Enable Reject Unknown Sender Domain to reject the request when the sender mail address has no DNS A or MX record.
See SMTP Settings.
Greylisting
Greylisting is an anti-spam technique that rejects email from unknown sources temporarily. All SMTP compliant mail servers will defer rejected mail and resend it after a set period (usually five minutes). As servers sending spam are rarely SMTP compliant, they may not resend the rejected mail and so the spam is blocked.
Greylisting has an auto-allow feature. Mail servers that send you mail regularly are allowed after the allow list settings are met. By default, a server needs to successfully deliver at least one email per hour over the course of five hours (can be non-consecutive) to be allowed.
See Greylisting Settings.