IIS Aid

HOW CAN I BE SURE LEGITIMATE EMAIL IS NOT BEING BLOCKED?

If you're anything like me, your first reaction will be to think that is a mighty lot of email attempts being blocked. So how can I be sure that legitimate emails are not being blocked? This is actually quite easy to ascertain, with the only caveat being that you need to wait for your Greylisting settings to settle. What I mean by this is that you need to wait around double the amount of time you specified in you deletion policy for used/unused records. This is so that all legitimate email deliveries have time to enter themselves into the Greylisting table, and also allows the initial blocked attempts to be dropped from the records so an accurate representation of your regular email traffic can be obtained.

To get these stats log into your phpMyAdmin instance and select your hMailServer database, then paste the following SQL code into the SQL tab and hit the go button.

What you should get back is a list of originating SMTP server IP addresses in the left, then the number of passed emails and finally the number of blocked emails. What you should find assuming you've allowed for appropriate settle time is that the email servers with the highest amount of passed email deliveries have a proportionally very low amount of blocked email deliveries. In my case only 1 server out of the top 10 servers by passed email volume had any blocked email delivery attempts. This is very good and solid proof that Greylisting is letting legitimate email through as it should.

HOW CAN I TELL WHO IS BEING TARGETED?

By now you should be fairly convinced that Greylisting is a very worthwhile tool for stopping spam before it even gets past your doorstep. Probably one of the next questions is going to be how to identify targeted email addresses. This is also quite easy to extract as all you need to do is list all the recipient email addresses and count how many single delivery attempts have been made to each one.

To get these stats log into your phpMyAdmin instance and select your hMailServer database, then paste the following SQL code into the SQL tab and hit the go button.

You should see a pretty clear pattern here. In my case I found that the top 10 targeted email addresses accounted for 91.82% of all one time only delivery attempts. The reason for this is a combination of email account age, where this address is visible on the Internet and ultimately user education. Unfortunately once an email address becomes known to spammers, there is not a great deal you can do to stop it. These stats are good however to show any users complaining of spam penetration just how much spam gets stopped before even getting to them.

CONCLUSION

The stats on the previous page regarding how much spam gets stopped by Greylisting shows that for my server 87.92% of incoming email deliveries are in violation of the the current SMTP RFC, and it is a very safe bet these will be spammers. It also shows that 0.11% are not configured to the suggested retry strategies within the RFC which is also makes them pretty likely to be spammers. The end result is that only 11.97% of email delivery attempts originate from servers that are RFC friendly (in regards to retry strategies at least) and make it through Greylisting to the next level of spam evaluation. So when designing your spam defence keep Greylisting in mind as cutting 85~90% of spam before even taking delivery of an email is an easy win with minimal user or server impact.