Anti-Spam Filtering Service - Email Security by MX Guarddog (2024)

Direct Delivery is when spammers send their junk mail to your mailbox by ignoring your MX records. The MX records for a domain tell email servers where to send your mail, real servers follow the rules.

We are seeing an increase in the number of spam groups that are ignoring MX records in an attempt to bypass spam protection systems.

How Do They Do it?

Preventing Direct Delivery

In order to prevent direct delivery attacks, you must control who can connect to your server to deliver mail. When using MX Guarddog you ideally only want MX Guarddog servers connecting to your server to deliver mail.

Your available options for stopping direct delivery attacks are determined by your email setup, with so many different email systems there are lots of possible options.

Do you have a firewall?

If you have a firewall you can allow only MX Guarddog IP addresses to connect to your server by limiting the IP addresses that can connect. Limiting connections to your server by firewall is the most reliable and should be used if your server or network has a firewall.

Are you a cPanel user?

If your email server is running on a cPanel based system you can implement rules to create an email firewall that will block mail that is sent via direct delivery.

Is your email server running Microsoft Exchange?

Exchange users can implement rules in their connector, limiting delivery in the connector by IP address. Allow only MX Guarddog's IP addresses to deliver mail to the connector.

Is your email server running SmarterMail?

With SmarterMail you can setup filtering rules at your domain that you can use to prevent the mail sent to your server directly.

Is your email server running Postifx?

If you have a Postfix server, user Brian Forbes wrote this article on GitHub Gist on stopping direct delivery.

Hosted by Zoho Mail?

Zoho Mail is one of very few shared email hosting services that we know of that allow you to setup an email firewall.

Hosted by Rackspace?

Rackspace has recently added the ability for shared hosting customers to create an email firewall to protect yourself from direct delivery attacks. Instructions to set up a firewall and secure your email are available here.

Can you control your server port?

You can change the port your email server listens on to a non standard port, then update the delivery port in your domain dashboard and MX Guarddog will deliver your mail on your new port. Spammers will not know what port your server is running on and will not be able to send mail to your domain unless it passes through MX Guarddog.

Can you change your name?

As a last resort you can change your name. If your email server uses mail.example.com you can change the DNS records and essentially rename your server. Check our blog post Protecting Your Email Server - Without a Firewall for more on changing your name. This change will require updating your email clients and we would suggest this option to advanced users only.

With any of the above options in place, spammers will not be able to bypass spam protection for your domain - resulting in a cleaner inbox.

Email Client Rules

If none of the above are options in your environment, you can also implement filtering rules directly in your email client. Email client filtering is less efficient as you must add the rules on every email client. We have some guides available for Thunderbird, Outlook 2013 and MacMail.

Are You Suffering From Direct Delivery?

In order to check if you are suffering from spam reaching you via direct delivery, you need to check the headers of the mail you have received.

Here are the headers of a message that passed through the MX Guarddog network, you can tell this because there are several references from servers in the IK2.COM network. So this message did pass through MX Guarddog.

Envelope-to: user@example.com
Delivery-date: Mon, 15 Jun 2015 09:39:21 -0400
Received: from s480f.ik2.com ([64.38.239.86]:26047)
by s047.boxmanager.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.85)
(envelope-from <bounce+7576f4.010a37@work.com>)
for user@example.com; Mon, 15 Jun 2015 09:39:20 -0400
Received: from s480g.ik2.com ([64.38.239.86] helo=s480g.ik2.com)
by s480f.ik2.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
id 1Z4Ubf-0003qs-57
for user@example.com; Mon, 15 Jun 2015 13:39:19 +0000
Received: from 192.237.158.66 by s480g.ik2.com (IK2 SMTP Server); Mon, 15 Jun 2015 13:39:17 +0000
Date: Mon, 15 Jun 2015 13:38:17 +0000
Received: by luna.mailgun.net with HTTP; Mon, 15 Jun 2015 13:38:15 +0000
Content-Type: multipart/alternative;
boundary="----------=_1434375495-12243-167"
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Work Notification <room@work.com>
Subject: Rahul, Robert
To: <user@example.com>
X-SF-RX-Return-Path: <bounce+7576f4.010a37@work.com>
X-SF-HELO-Domain: do158-66.mailgun.net
X-SF-Originating-IP: 192.237.158.66

Now here are headers of a message that was delivered direct to a server via a direct delivery attack, you can see the message never passed through any server in the IK2.COM network, so MX Guarddog had no chance to stop the message.

(40.93.207.1) with Microsoft SMTP Server (TLS) id 14.3.224.2; Tue, 16 Jun
2015 15:58:33 -0400
Received: from AP-EXCHANGE.action.local ([fe80::b8e8:b862:1c98:c374]) by
AP-Exchange.action.local ([fe80::b8e8:b862:1c98:c374%13]) with mapi id
14.03.0224.002; Tue, 16 Jun 2015 15:58:32 -0400
From: Carrie <Carrie@actionplumbing24.com>
To: "brandon@rcstoremaintenance.com" <brandon@rcstoremaintenance.com>
Subject: Confirmation of payment
Date: Tue, 16 Jun 2015 19:58:31 +0000
Message-ID: <1942B1A9CA8B5843BC8D02DE047242DE9A068F67@AP-Exchange.action.local>
Content-Type: multipart/mixed;
boundary="_004_1942B1A9CA8B5843BC8D02DE047242DE9A068F67APExchangeactio_"
Return-Path: Carrie@actionplumbing24.com
MIME-Version: 1.0

If you are receiving messages with headers like the above sample, with no reference to servers from IK2.COM you would need to implement some type of hardening at your server to ensure all mail that reaches your server can only reach your inbox if it has passed through MX Guarddog.

Anti-Spam Filtering Service - Email Security by MX Guarddog (2024)

FAQs

How much does Mxguarddog cost? ›

MX Guarddog pricing is $0.25 per email address, per month. Pay only for the number of email addresses at your domain. There is no cost for user aliases or domain aliases. If you have a single email address at your domain, your total monthly cost is only $0.25.

Learn More Now ›

What do you mean by spam filtering methods in email? ›

Spam filters are designed to identify emails that attackers or marketers use to send unwanted or dangerous content. They use specific filtering methods to identify the content of emails or their senders and then flag the email as spam.

Discover More ›

Can we use email filtering software to avoid spam? ›

For a sender who has been marked spam by multiple users, the blacklist emails spam filter will prohibit the emails sent by such a sender from getting into the inbox of users. Individuals and organizations can also use their own blacklists to avoid wasteful and malicious emails.

Get More Info ›

Can anti-spam software detect phishing emails? ›

Advanced anti-phishing filters use AI-enabled measures to detect and filter malicious emails, using multiple techniques to look for signals of phishing. Some anti-phishing filters rewrite all link URLs and use “time-of-click” analysis to protect against links to websites that appear to be safe but are later weaponized.

Does a firewall stop spam emails? ›

Email firewalls work like spam filters by regulating incoming email based on a set of rules established by the email server. Firewalls analyze email messages to determine if the message should be flagged as spam.

Show Me More ›

Is there a difference between spam and phishing emails? ›

Phishing and spam emails can often look very similar, but there are important distinctions. Phishing emails are attempts to get personal information like passwords or credit card numbers, while spam emails are notifications or advertisem*nts you didn't ask to receive.

Learn More ›

What happens if you read a phishing email? ›

If you open an email from a scammer without interacting with it, it won't infect your machine, but the scammer will be able to gather data to use for targeted cyber attacks. For example, the scammer may be able to gather your IP address, the Operating System (OS) that you use and your location.

Get More Info ›

Will phishing emails eventually stop? ›

Will spam emails eventually stop? Spam emails will likely always be an issue we all deal with. However, if you block spam senders and take other recommended steps to secure your inbox, you can cut down the amount of spam emails you receive.

Tell Me More ›

How to avoid spam filters when sending emails? ›

How to avoid spam filters

Only email people who have given you permission. ...
Use a familiar 'From' name. ...
Use segmentation to send targeted, relevant campaigns. ...
Use a real reply-to address in your campaigns. ...
Configure your account to send from your business domain.

Find Out More ›

How do I set up spam filters in my email? ›

To learn how to set spam filters in Gmail, click on the Settings gear icon, then select 'See all settings'. Go to the 'Filters and Blocked Addresses' tab, where you can create new filters by clicking on 'Create a new filter'.

See Details ›

What are the disadvantages of spam filtering? ›

Cons: Thousands of spam emails may reach Inboxes before a spammer's email address, IP or domain is blacklisted. Spam filtering is machine-based so there is a room for mistakes called “false positives.” Bayesian filters may be fooled by spammers, e.g. in a case of using large blocks of legitimate text.

Show Me More ›

Why are emails filtered as spam? ›

Top webmail providers have stated that they look at how many emails are opened and how many are deleted as a factor in spam filtering decisions. So if you have low open or read rates, your emails are at higher risk of being flagged as spam. You need to do everything you can to increase engagement.

Learn More ›