Dealing with Spam Messages FAQs
To prevent spammers from delivering spam directly to your mail servers without filtering, you must make sure your mail server only accepts emails originating from the Spam Experts filtering system.
To only accept messages from your filtering nodes you need to allow emails based on your delivery hostname(s) or IP(s). For ease of use, we recommend that you create a delivery hostname in the DNS of all your filtering node IPs. For Spam Experts Hosted Cloud, the hostname is: delivery.antispamcloud.com (Note - IP addresses may change, therefore only hostname-based Whitelisting is supported). Alternatively, if allowing emails based on hostname is not an option, you could change your destination mail server to listen on an alternative one, such as port 2525 instead of the default 25 . The special port can be set for delivery when editing the destination route for your domain.
Please make sure your firewall does not block DNS port 53 TCP (to avoid hitting the UDP packet limit size).
Delivery Restriction Examples
The following describe how to configure your MTA to restrict filtering to the
- Configure Incoming Filtering with Exchange Online (Microsoft 365)
- Exchange 2003 Configuration
- Exchange 2007-2016 Configuration
- cPanel and WHM Configuration for Spam Experts
- Configure Incoming Filtering with Postfix
- SmarterMail Configuration (Windows 2012)
- Exim - Direct Admin Configuration
- Qmail Configuration
- Cisco IOS Based Router Configuration
- Cisco ASA Based Device Configuration
For any other MTA configuration details, please consult the relevant MTA documentation.
Allow incoming delivery from the IP range 126.96.36.199/22 and master.antispamcloud.com.
Even though you are using the anti-spam feature correctly, it is possible that you still receive some spam. The following page describes what steps you can take to determine why you are still receiving spam messages and how best to resolve this: What should I do when I receive spam?
Bounce spam can be a particularly frustrating type of spam mail to deal with. For full details on dealing with bounce spam see our How can I protect against bounce spam? page.
We advise that you ensure the Block attachments that contain hidden executables option is enabled for all your domains by default this is highly effective against so called 0-day malware. Once this is enabled, messages that are sent with executables within a compressed archive (e,g. .zip, .rar etc.) are rejected and quarantined.
Blocking specific attachments or extension types can be done by using our Manage Attachment Restrictions feature.
There are several reasons why a message cannot be found in the quarantine:
- Quarantine days expired - Normally Spam Experts stores quarantined spam for a maximum of 14 days. After that, older messages are automatically removed so that new messages may be stored.
- Quarantine is disabled - If the quarantine is disabled (in the Incoming - Filter Settings page), all messages are delivered to the recipient mailbox, including those that would normally be quarantined. Even though those messages have not been quarantined, they still appear as 'Rejected' in the log.
- Message is already released - if a message has already been released from the quarantine, it will no longer be available. The Classification column in the Log Search should provide information about this.
- Not all blocked messages are quarantined - whether or not blocked messages are quarantined depends on the reason they are blocked. For more info, see Message Classifications.
In order to perform any actions on these messages in the Log Search, they would have to be resent by the sender, assuming the issue that blocked the message in the first place has been resolved.
Each email application has a different method to view email headers. We have tried to document as many of these as we can, but please be aware that as this is third-party information, steps may not be up-to-date. See How can I view email headers in different email applications? for details.
It is not possible to block/allow messages based on character set, but you can block/allow messages based on MIME language using the Blacklist Filtering Rules and Whitelist Filtering Rules pages at Admin or Domain Level. For full details, see How do I block or allow messages based on language?.
Blocking or allowing based on country or continent is possible using the Blacklist Filtering Rules and white Filtering Rules pages at Admin or Domain Level. For full details, see How do I block or allow messages by country or continent?.