There are three basic parts to the Border Patrol Mail Transfer Agent - blocking a Denial of Service (DoS) attack, checking the identity and reputation of an unknown sender, and filtering messages from senders whose reputation is bad or unknown. Here is what the flow of email looks like for a typical recipient. These percentages vary widely from one individual to another, so don't be surprised if yours are different.
Reputable Senders have
less than 1 spam in: 10
Spam if greater than: 55
Ham if less than: 50
IP Blacklist: Moderate
The Block DoS gate uses a blacklist of IP addresses that are currently being heavily abused. There are many IP blacklist services available. Each is a tradeoff between blocking addresses that are used for spamming and not blocking legitimate mail. We have chosen a list on the conservative end, since it is intended to block only the most voluminous sources of spam, not provide a complete anti-spam solution. Reaction time is important also, since DoS attacks usually start very suddenly. For the fastest reaction, a local blacklist can be switched in to supplement the global blacklist service during an attack.
The Check ID gate determines the identity and reputation of the sender. A query to the Registry of Internet Transmitters provides information on most legitimate senders, including what methods the sender offers to authenticate their Identity, and ratings of that sender by various Rating Services. Rejection of forgeries is based entirely on the policy of the ID owner, using the ID owner's authentication records. Thus no rejection of legitimate mail (except a very few at the Block DoS stage) will occur based on anything other than the ID owner's policy. If redcross.org says to reject unauthenticated mail claiming to be from them, we will follow their policy, even if they might have made an error in their authentication records. They will be notified promptly of all forgery rejects.
Whitelisting of mail from Reputable Senders is based on a threshold set by each Recipient. Spam haters can set the threshold high, and tolerate a few lost messages. Recipeints that need the utmost reliability in delivery of mail addressed to them will set a lower threshold, and tolerate an occasional spam in their inbox. Any mail from senders that don't authenticate, or that don't have an acceptable reputation, will go to the Spam Filter.
Any spam that comes from reputable senders should be handled promptly. The recipient forwards it to the receiver. The receiver confirms the report and forwards it to the Registry. There it is correlated with other reports, and notifications are sent to the sender, and possibly the alert system if it looks like the start of a spam flood from that sender.
The Spam Filter uses a variety of methods to sort the remaining mail into three categories. These methods may include more aggressive IP blacklists, heuristic rules that identify common characteristics of spam, and statistical analysis of the message content. Recipient options control which blacklists are selected, and what thresholds are set for the three categories. The default is to accept the message if its spam score is less than 50, and send it to the spam bucket if greater than 55. This sets a wide margin for the Unsure category. Most recipients will reduce this margin after they gain some confidence that they are not seeing many false rejects with a score as high as 55.
Some recipients prefer to use the spam filter that comes with their own email program, and bypass the shared filter above. They can do this by setting their filter thresholds to 100.
Whether they authenticate or not, senders will get weekly summaries of the volume of spam being sent under their name. This will encourage more of them to block their outgoing spam and authenticate their legitimate mail. Eventually, almost all legitimate senders will do so.
- Add pages for links.
- TM symbol
- Logos: Sendmail, SpamAssassin, PyMilter