Once a mail is received in Altecom's mail services, this pass through a filter system to avoid innecessary messages such as SPAM and Virus. The filters are applied by this order:



Temporal error: It is an informative message to sender's server, in order to attempt to send the message later, without intervention or notification to the sender. (Error 4xx)

Permanent error: It is an informative message for the sender's server which denies the sending and has to notify the sender that the message won't be delivered to the destiny, whitout his/her intervention. (Error 5xx)



It checks that the IP of the server which sends the email isn't in a black list of conflictive IPs. There are thousands of black lists, but Altecom only checks the 3 world's most reliable: SpamCop, SpamHaus and ORDB. If the email is in one of these lists, it is dennied with a permanent error (541) and it is notified to the sender with a link of the black list where he/she is, so he/she can solve the problem. If the mail isn't in any of these list, it continues to the next step.

Spamcop: http://www.spamcop.net
SpamHaus: http://www.spamhaus.org



To avoid that the remote server could saturate with the massive sending of messages, we've limited the incoming messages from the remote server to 10, the messages from the 11 are returned with a temporal error (421), informing that the maximum number of sendings has benn surpased, and the remote server will try to send the message later. The normal is 1 or 2 simultaneous messages per server. If everything is correct it hops to the next filter.



This process is very simple, our server checks the mail address of the sender and the domain name servers in order to be able to return the mail if necessary, if the origin domain doesn't exist or it doesn't have correct dns to be able to answer, the mail isn't accepted, as it is for sure a fraudulent sending and it is returned with a permanent error (553).



It validates that the destiny email address exists, if it doesn't exist, the email is returned with a message of permanent error (511) informing of the mistake to the sender. If the address is correct it continues to the next step.



When the email is received it is validated in the authorised database, if it isn't in that list, the origin 25 port is cheked (SMTP server) to see if it is opened. If it is opened the email can pass and it is adedd to the authorised mail database. If the origin doesn't have the port opened, it's dennied during 5 minutes with a temporal error (451), so it can be tried again later. If it tries again after 5 minutes, the emial is accepted as it's really a SMTP server which sends the message even if the port 25 isn't opened, and it is added to the accepted database so as not to do this process again.

The registers of the database expire after 40 days if no emails have been sent with the same origin or destination, if it has been sent then the counter goes again to 0 remaining 40 days in the registry. Most of the SPAM is sent from direct bandwidth connections witout having SMTP server, due to virus and zombie computers. With this filter the 90% of non desired emails are deleted, as these computers won't try again the sending for the time that it takes.



Any Internet user can send mail with the domain he/she wants, without the authorization of the domain's owner. The SPF system prevents this problem validating in the TXT registers of the DNS, the origin IPs from where it's possible to send the mail using the domain. This method requires that all the server administrators from all arround the world configure these parameters in their DNS, in order to avoid that someone can falsify its identity. If an email is received from an IP whose domain doesn't authorize, it will be returned with a permanent error and it will iforn about the cause od the return with a link to an informative web.

More information: http://www.openspf.org



The attached files are analyzed to avoid that they are infected and they could damage the customer's equipment, if a virus is found the message is directly deleted and the sender receives an error message. If files are sent with the extensions: .vbs .lnk .scr .wsh .hta .pif .shs .exe .com .bat .cmd the mail will be rejected informing the sender that this kind of files are not accepted directly (without being compressed in .zip). If the file is correct and there isn't a high risk, it goes to the next filter, if not, it returns a message of permanent error (541).



This is the last step before delivering the message in the users's mailbox, and it scans the text to determine if the message has typical SPAMS text, if it's the case, the subject is modified by adding [SPAM?] at the begining. To avoid this system the Spammers send the text in images, so they cand avoid this filter, for this reason we've integrated an OCR (a text recogniser inside images) to our system, so we can now detect SPAM inisde the images.