Rock River Internet Home Services

How Spam and Virus Scanning Works

All inbound mail is now directed through one of two mail scanning servers before sending it on to the final mail delivery server. These servers are scanning for both spam and known virus signatures and take appropriate actions before delivery. Since mail is considered a critical service, two mail scanning servers are used to speed up delivery and to back each other up in case of a hardware failure. The delivery delay for all this work is typically 10 seconds.

Powered by ClamAV Virus detection is done by comparing all mail against a comprehensive and growing database of known virus signatures which currently contains over 20,621 varieties. This database is automatically checked every hour and updated as new virus signatures become available. Since virus scanning is 100% accurate (for known viruses), all received viruses are automatically deleted and a detailed rejection notice is returned to the sender. Mail is then scanned through a second updated virus database from another company as a general safeguard. The logs from this second scanning will alert us to any failure from the first.

Spam detection is much more complex. Our new mail scanning servers use a sophisticated set of scoring filters which use collaborative databases of spam characteristics, genetic algorithms, and Bayesian statistics, to apply header tags and make spam identification as reliable as possible. The tags are accumulated and resulting scores allow three options: delete, mark, or pass. First, all mail headers are with tags are logged for accountability. The majority of spam scores extremely high and is deleted. Suspected spam scores lower and is marked with the phrase '***SPAM***' in the Subject line and then passed on for delivery. A filter for this mail can be set up for Microsoft Outlook Express by following a few simple steps.

Finally legitimate mail is passed on without marking to the delivery servers where our customers check their mail. Final delivery servers must be set with a firewall to only accept public mail from our scanning servers. This prevents SPAM from people who ignore domain based MX records (mail exchanger) and try to deliver SPAM (or any other mail) directly to the final delivery server.

Whitelists (allow all mail from and address or domain) and Blacklists (deny all mail from an address or domain) are also an integral part of our scanning servers and may be modified upon customer request. A similar system called Auto-WhiteList (AWL) has been added recently. This averages mail weighting based on previous history of the sender mail and ip addresses. If someone that you regularly correspond with sends you an e-mail that would be marked as spam, AWL will reduce the score and probably bring it below the marking threshold. Conversely, if a spammer with history slips one by our normal systems, AWL will increase their score and probably push the e-mail back into the spam category.

Spam is a constantly moving target as spam detection methods are improved and spammers try to avoid the spam traps. But we believe we are on the right track with the products and technology that we are presently using. We are testing and adding technology to our scanners as it becomes available and is proven to be reliable. The latest under test is a signature database system called DCC which operates very similar to our virus scanning. An upcoming technology under review is the use of SPF mail records which many in the industry are promoting.

We are currently processing over 1 million messages a week through this system and our success is in the results. On average, our logs show that for 1000 pieces of e-mail received, our scanners are deleting 900 pieces of spam, deleting 10 pieces infected with a virus, marking and delivering 10 pieces as suspected ***SPAM***, and delivering 80 pieces as valid e-mail. During the most recent mydoom.a virus outbreak, our scanners were deleting about 10 copies of the virus per minute.

Our scanning services are available for anyone with a domain name or a mail server connected to the Internet. If you have your own company mail server and would like to take advantage of our scanning services, server back-up, server colocation, or other hosting services, please call sales at 815-968-9888. If you have a rockriver.net mail account and do not wish to have your e-mail scanned for spam and/or virus, you may opt out by sending e-mail to support@rockriver.net. This is also the contact method for your whitelist (allow) or blacklist (deny) needs.

| Home | Services | Support | Sign Up | Jobs | Site Map | About Us |