Anti-Spam Configuration Information at WebHelps

ABOUT WEBHELPS ANTI-SPAM PROTECTION

The WebHelps IMail® mail server's anti-spam software identifies incoming spam and prevents it from being delivered to your inbox. Incoming messages are sent through several layers of filters and checks to assure that maximum spam detection is achieved. Following are the filters and checks an incoming message is subjected to, in the order in which they are applied:

DNS Black Lists. The incoming message's sender information is compared against the selected DNS black lists. If the message matches a black list, an X-Header is inserted into the message. If the message does not match a black list, verification checks are performed.
Verification checks. verification tests are performed to verify the "Mail FROM" address, the HELO/EHLO domain, and a reverse DNS lookup is performed. If a message passes all the checks, content filtering is performed. If a message does not pass all checks, an X-Header is inserted into the message. SPF checks are performed next.
The Sender Policy Framework (SPF) feature provides increased capability to stop incoming email from forged (spoofed) email addresses. Using a sender authentication scheme, our server requires that legitimate messages from a domain must meet certain SPF criteria. Messages that do not meet the criteria are not accepted as legitimate email messages and are processed according to the SPF options selected.
Broken MIME Header. The filter identifies broken MIME header characteristics that may be present in SPAM email. If broken MIME headers are identified, an X-Header is inserted into the message. If it is not filtered as a broken MIME header, the message is passed on to either HTML filtering or phrase filtering, depending on whether it contains HTML code.
HTML Filtering. The incoming message is examined to determine if it contains any HTML code (including Rich Text). If it does, the message undergoes Feature Filtering and URL Domain Black List. If the message does not contain HTML components, Phrase Filtering and Statistical Filtering continues to evaluate the message.
- Feature Filtering. An incoming message with HTML code is scanned to detect certain HTML code components that may be present in the message. If two of the selected HTML code components are present, an X-Header is inserted into the message.
- URL Domain Black List. An incoming message with HTML code is compared against the URL (link) Domain Black List to search for domain names that may be present in the message URL links. If a URL (link) in an incoming HTML message matches a domain in the URL Domain Black List, an X-Header is inserted into the message. The URL Domain Black List is updated regularly. [View URL Domain Black List]
Phrase Filtering. An incoming message is checked to see if either the Subject or Body contains any phrases that are in the Banned Phrase List. If the message contains a phrase, an X-Header is inserted into the message. The Banned Phrase List is updated regularly. If the message does not contain a phrase, it is processed by Statistical Filtering. [View Banned Phrase List]
Statistical Filtering. An incoming message is compared against spam and non-spam word counts to determine if it is statistically likely to be spam. If it is identified as spam, an X-Header is inserted into the message. If the message is not identified as spam, it is delivered.

Because all incoming messages identified as spam have X-Headers inserted into them, rather than being automatically bounced or deleted, Inbound Rules (e.g. Filters) must be setup (either at the host level or the user level) to keep the spam emails out of the Inbox. Otherwise, all messages will be delivered, even if identified as spam. To view the host level Inbound Rules recommended by WebHelps, including those that dispose of emails containing X-Headers, click here.

The host domain, whathelps.com/webhelps.com (these domains are interchangeable on our mail system), has Filters in place to check all incoming messages (including IMail® List messages) and apply Rules. If you are the owner of an IMail® List and you do not want messages sent to the List to be checked by the server's anti-spam software, you need to signup to use your domain/subdomain with the List and to have your domain/subdomain assigned to its own IP address.

To determine why an incoming message was not delivered, check the message's headers for an X-Header. See the list below of X-IMAIL-SPAM Headers currently used by the WebHelps IMail® mail server's anti-spam software. The X-Header will generally tell you why a message was not delivered. Following are examples of how to read an X-Header:

X-Header Example 1:

X-Header Example 2

X-Header	Explanation
X-IMAIL-SPAM-ADDRBL: (name_of_service, message_ID, IP address/reason)	The message matched an ADDR black list.
X-IMAIL-SPAM-DNSBL: (name_of_service, message_ID, IP address/reason)	The message matched a DNS black list.
X-IMAIL-SPAM-HELOBL: (name_of_service, message_ID, IP address/reason)	The message matched a HELO/EHLO black list.
X-IMAIL-SPAM-HELODOMAIN: (domain_name)	The message failed the HELO/EHLO domain validation.
X-IMAIL-SPAM-IP4R: (name_of_service)	The message matched an IP4R(PTR) black list.
X-IMAIL-SPAM-REVDNS: (ip_address)	The message failed a DNS lookup based on the IP address.
X-IMAIL-SPAM-RHSBL: (name_of_service, message_ID, IP address/reason)	The message matched a RHS black list.
X-IMAIL-SPAM-VALREVDNS: (message_ID)	The message failed the reverse DNS lookup validation.
X-IMAIL-SPAM-VALHELO	The message failed the HELO/EHLO domain validation.
X-IMAIL-SPAM-INVALIDFROM: (from_address)	The message contained an invalid "FROM" address.
X-IMAIL-SPAM-STATISTIC: (message_ID, spam probability)	The message has been identified as spam by the statistical filter.
X-IMAIL-SPAM-PHRASE: (message_ID)	A phrase in the message matched the phrase list.
X-IMAIL-Broken-MIME-HEADERS	The message included a broken MIME header.
X-IMAIL-SPAM-HTML-FEATURES:(message_ID, found_features)	The message contained the specified HTML tags.
X-IMAIL-SPAM-URL-DBL:(message_ID, domain)	The message contained HREF or IMG SRC tags with links, or plain text links, to a domain name listed in the URL Domain Black List.
X-IMail-SPAM-SPF-Fail	The domain published SPF data and the message did not meet a domain's definition of legitimacy. The message was identified as a forged message by the SPF filter.
X-IMail-SPAM-SPF-Softfail	The domain published SPF data and the message did not meet a domain's strict definition of legitimacy, but the domain cannot confidently state the message is forged. The message was identified as a forged message by the SPF filter.
X-IMail-SPAM-SPF-Error	There was an error during the SPF record lookup and the filter could not correctly interpret the error.
X-IMAIL-SPAM-VALFROM: (message_ID)	The message failed the "MAIL FROM" address validation.
Further explanation on the VALFROM anti-spam test: This is one of the most commonly failed anti-spam tests. Sometimes it is just a "fluke" that the sending SMTP mail server responds with "validation failure" or does not respond at all. If you think this is the case, try resending. Other times, the sender has his/her email program (e.g. Outlook Express) configured so the sending mail account's From: email address is not a valid user ID on the outgoing mail server that is used to send mail for that account. If the sender has more than one email account, this can easily occur. If you think this might be the case, review your settings for the sending mail account to make certain the sending email address (Outlook's "General" tab) is a valid user ID on the outgoing mail server you are using (Outlook's "Servers" tab).
X-IMAIL-Attachment-Blocked	The message included a file attachment type or MIME type that was selected to be blocked.
X-IMAIL-ThreadID: (message_ID)	Message written to a mailbox includes a ThreadID to simplify tracing the message path through the logs. The ThreadID corresponds to the ID number placed in the syslogs and the number given to corresponding Q and D files.