SpamAssassin headers now added to some whitelisted messages

One of the features of our e-mail system is that we add SpamAssassin headers to most incoming mail, as described on our SpamAssassin page.

Until now, we didn’t add SpamAssassin headers to messages that were “whitelisted” because they appear to be from someone you’ve sent a message to.

In recent years there’s been an increase in forged spam claiming to be from addresses you know, though, often because the other person’s address book has been stolen by a virus. Because of that, it can be useful to see SpamAssassin results even for these whitelisted messages, and we’ve changed our mail system to add SpamAssassin headers to them as well.

This doesn’t change the fact that we won’t reject these whitelisted messages, regardless of their SpamAssassin score. The only change is that we now add SpamAssassin headers, allowing customers who want to examine the SpamAssassin score to do so. Customers won’t notice any change unless they have their own systems to examine the SpamAssassin headers.

Avoid forwarding spam to other services

When you create an e-mail address in our control panel, you can usually choose the level of spam filtering we apply to incoming mail. One of those options is to turn off the filtering completely.

If you’re just delivering mail to a mailbox on our servers, this may cause your mailbox to fill up with junk, but beyond that, it doesn’t usually cause any problems for us.

But if you’re forwarding all your mail to another service, this can cause problems, and you may find that we apply some filtering anyway.

Read the rest of this entry »

WordPress 3.6

WordPress 3.6 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.

If you’ve previously installed WordPress, you can (and should!) upgrade it from within your WordPress Dashboard.

WordPress 3.5.2

WordPress 3.5.2 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.

If you’ve previously installed WordPress, you should upgrade it from within your WordPress Dashboard.

Read the rest of this entry »

“POP before SMTP” support phased out

Many, many years ago, some e-mail programs didn’t use a password when sending outgoing mail. That meant they didn’t work with many mail servers, including ours. To help customers with that problem, we used to allow a horrible alternate method called “POP before SMTP”, although it was never recommended or officially supported (it was unreliable and made it harder for us to prevent spam).

Well, here we are in a new millennium (“welcome!”). No popular mail program has needed “POP before SMTP” for more than a decade, and only a small handful of our customers are still using it. But spammers are continually trying to take advantage of the security problems it creates for all e-mail addresses, making it just as much of a nuisance on our end as it ever was.

Because of that, we no longer allow e-mail addresses to send mail using “POP before SMTP” unless they were previously doing so. In other words, if an address wasn’t using “POP before SMTP” before now, it won’t be able to start using it in the future.

Read the rest of this entry »

Why you shouldn’t rely on a single anti-spam blacklist

We got a couple of messages today from customers who sent e-mail to other people that was rejected — they got an error saying that all our mail servers are listed on the “ReputationAuthority anti-spam blacklist”.

Yikes! We take things like that very seriously — we go to great lengths (some would say extreme lengths) to make sure this doesn’t happen. So we investigated… and it turns out that the ReputationAuthority blacklist actually has a technical problem that’s making it reject all mail from all servers, not just from ours (see complaints on Twitter [1, 2] and elsewhere). People who use that blacklist to block spam aren’t getting any mail at all.

Read the rest of this entry »

We’re now using the dbl.spamhaus.org blocklist

We recently added the Spamhaus Domain Block List (dbl.spamhaus.org) to our spam filters.

The Domain Block List is an extremely reliable list of domain names that are used only in spam. Blocking most mail that advertises these domain names improves our spam filtering: we’re now blocking about 1% more spam as a result.

That may not sound like much, but it represents about 150 more blocked spam messages per year for each customer. (We block an average of over 15,000 spam messages per year per customer.)

Temporary decrease in spam filtering (resolved)

On the morning of December 25, a technical problem with our spam filters allowed more spam than usual for several hours. Customers may have seen a spike in spam arriving during that period.

We found and fixed the root cause of the problem, and it won’t occur again.

We apologize for any inconvenience this may have caused. We know that no one wanted more spam for Christmas!