rootr.net : faq spam filtering

Rootroute - Automatic default Spam Filtering

:: RootR ::

Secure Inter-Network Operations

rootr.net philosophy

<<Accepting legitimate email is more important than rejecting non-legitimate email>>.
This has to do with the long term usability and usefullness of emails.

How does rootr.net uses blacklist spam filtering ?

rootr.net uses a few blacklist to avoid spam. Each list is classed in 3 levels:

L1 - Well-known tested blacklists.
only a few such lists at the moment. There is no known false positives with these lists. An customer in an L1 list is potentialy subject to rootr.net's terms of service regarding spam.
L2 - usefull blacklists
A level 1 list may be moved in this category if rootr.net receives written complaint about 1 to 2 false positives. Newly activated blacklists are also initialy moved in that category, until they gain legitimacy after at least 6 months, but often only after about 24 months. An L2 list is used much less obstructive toward customers, and can be counteracted with a whitelist.
L3 - unused blacklists.
lists known for their uselessness or too many false positives. Any list, that generate 3 or more legitimate complaints, on mail from legitimate users being rejected, is placed in this category. rootr.net knows about them, but does not use them. A list can regain its legitimacy after showing signs of improvements. Improvements are parralel to the technical undertanding of the blacklist maintainers. lists, wether black or white, are not stone carved decreets.

What is rootr.net's policy to filter bulk spam ?

Our current policy is to reject automatically spam mails sent from well-known sources, and where the spam detection certainty is very high. However current technology does not permit to make actual 100% accuracy using automated means, and probably never will. Removing this filter would mean a lot more spam ends up in user's in-boxes, about 2 to 3 time more. Rootr.net follows and adapt spam filtering technology as it improves regularly. The current spam situation is not expected to improve for at least 4-5 years, slowly.

This filtering applies to spam mail that is bounced before it even reaches any in-boxes.

Can I disable this spam filter for my domain(s) ?

Yes, rootr.net gives you the choice.
The door can be left wide open on a per-domain basis, with no filtering at all.

If you do not wish to use this protection filter, please send an email to mail-abuse@rootr.net and mention the domain name(s) that should be left unprotected from spam flow. However be aware that leaving this protecting door open will also very likely let a lot more spam in the domain's in-boxes, than you are used to. Consider how annoying is, the amount you already receive.

If you are considering this option, in order to help make the decision,
you can ask a few things to mail-abuse@rootr.net beforehand:

A list of all rejected messages for the last month. the list is a plain text file sorted by date and time, and gives the technical reason for each rejection.
An average number of spam that were rejected automatically per day. This typically range from a dozen to a few hundreds; the measurement results varies significantly for each domain.
There is no cost to any of this.
Such an open door can be closed again. you can change your mind, for example, if you see it bring more trouble than help.

In what case can a legitimate e-mail be rejected ?

Typically this happens rarely. About one in a thousand or so. however those remaining cases reveals usually:

Mail sent from a server where mail abuse is currently known to happen, and the sender's hosting ISP left the problem linger and possibly get worse. Such a server is shared between "bad guys" and "good guys", and there is no clue as to whom is who.
Mail sent from "security compromised" computers where anybody can use it. Often, even the owner's does not know his machine is exploited.
An automatic filters made a mistake. If you believe this is the case, you are welcome to report it to mail-abuse@rootr.net. It has the potential to help improve spam filtering technologies.

Keep in mind rootr.net can always white-list your email peers, regardless of their origin or their previous rejections.
Note however that this is for you only, but your peer's email will probably continue to be rejected by other ISPs, especially if the server's IP is in a black-list. He or she may not even get notified about his issue, and his email can just be automatically discarded as spam, to save costs in bandwith and handling.

Rootr.net always sends back a notice with technical reason, to the sender, records it, and leaves a per-customer choice not to use such default filters.

Some file was rejected because it was insecure ?

A file rejected because of insecure attachment, is different than a spam issue. The solution is to use zip attachments. If your user don't know how to use zip, put the file from a downloadle location on your web site.

Understanding developments in spams

Many spam houses have already trespassed inside full illegality, by using trojan wide mesh systems. These spam gangs can already circumvent any ip-based blacklists. Thus blacklists are less usefull than they were a year ago. This is the current tendancy.
Rogue spamers often advertise only web sites links, and don't need a direct reply address. The advertised site may be itself a scam. But it can also be a legitimate business web site who was itself dupped into "advertising" his products to "millions" of users, but not knowing of the illegality of their promoters. Such spam-promoted businesses are ignorant, but also victims of the rogue spamer, as it always end up harming their business reputation. This form of economy system is itself not unlike Multilevel Marketing, and not strangely, often related behind the scenes.

Spam houses make profits, not by selling products with some fancied "one-in-a-million reply is enougth for a few extra sales", but by selling advertising packages to ignorant victims, such as businesses new to the internet, especially in the developping world and rural areas. Because of their ignorance, such business users are easy target victims for spam gangs.

Not all spam have a moneyable purpose, some are motivated by fanaticisim, some motivated by fear of perceived danger, or some fear of loss of opportunity to help, the fear being mistaken as guenine helpfullness, which do not use chain e-mails. However, by far the majority of spam mails are smoke screen adverts.

This whole issue can be confusing to the un-warry, and we wish end-users not to have to be confronted with it. Rootr.net's customers are protected from those scams as much as feasible with current technology.