MPP and Beyond

This is a list of 6 features that you can implement with recent MPP versions that will increase the effectiveness of MPP spam recognition. With our per-feature whitelists you can now exempt CIDR IP addresses from this test.

1) Spam Traps . Populate your site or email posts with easily harvested addresses and configure MPP spam traps to block senders to these addresses. Since our spam traps use regular expression matching you block classes of addresses, such as addresses that begin with numbers, or others that are popular in dictionary attacks. I suggest to examine some of your maillogs to find addresses that are used in dictionary attacks or repetitive spam attacks. This alone will increase spam detection by a few percentage points.

2) Thresholds with Autoblacklists - Define thresholds that suit your environment and let MPP automatically block senders that exceed them. You can define thresholds for hosts that send too much spam or even hosts that send too many clean messages. Thresholds give you 4 parameters to experiment with - number of messages, number of spam messages, time sample period and time in cache. So you can block hosts that send 10 messages and 10 spams in 2 minutes for example. With our per-feature whitelists you can now exempt CIDR IP addresses from this test.

3) Add a second antispam detection module. The combination of Cloudmark and Mailshell or Cloudmark and Commtouch is unbeatable and well worth the investment. Adding SpamAsssassin as a secondary engine, unless you are expert with rules, will only have a negligible benefit.

4) Use header content filtering. With our header content filters you can block email based on country, charachter set, mailer, etc. Building manual rules is not the funnest way to spend your time, but it can increase your detection rates a few percentage points. There are some subjects that are used over and over again and you easily block these as well.

5) Implement Greylisting. If you use Postfix, our Greylisting feature, which is integrated into our policy server, is a great way to cut down spam. Not all users will tolerate the delay, but for those that can, this will block a good percentage of spam - anywhere from 50 to 90%. With our per-feature whitelists you can now exempt CIDR IP addresses from this test.

6) Implement RBL’s in combination with MPP custom spam scoring. Now that MPP has a custom spam scoring algorithm you can accumulate RBL matches and become more adventurous in the RBL sites that you choose to use.