If you have a Dialup, DSL or similar account at ipHouse with a ‘primary account’ within an iphouse.com, bitstream.net, pro-ns.net or goldengate.net domain you can now self-order additional POP mailboxes, and access an overview of mailboxes related to your primary account.

Check it out by logging into ipMom using your primary account.  You will see a new link titled ‘Add Mailbox’ under the ‘Add Services’ section of the menu.  You will also see ‘Account Overview’ under the Billing section.  You will be able to see your existing mailboxes and will be able to add new ones.  If you are already using all mailboxes that come with your account and you want to add a new one, you can check off an agreement to be billed for the new mailbox and a new POP mailbox will be added.  The new mailbox will be on to the next bill that is sent out (all billing information will stay the same).

You will not be able to delete mailboxes through ipMom.  If you do need to delete a mailbox, please email support@iphouse.net or billing@iphouse.net and we will be glad to help you out.

Customers with their own domain names who purchase mailboxes in blocks of ten will continue to enjoy the same admin control they currently have over their mailbox blocks.

We hope our customers enjoy this feature and we are excited for new things to come…:)

This is the mail system at host smtpin-2.iphouse.net.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

<blogtest@iphouse.com>: permission denied. Command output: maildrop: maildir
    over quota.

Breaking this error down; the first part tells us what server issued the rejection. In this case it was the host “smtpin-2.iphouse.net” – the mail server responsible for receiving email for the email address blogtest@iphouse.com   The second part tells us who we were sending the email to, in this case it was sent to testblog@iphouse.com  The third part tells us the error type, as in a permanent or temporary error. A permanent error means that the email won’t be delivered. A temporary error means that the sending mail server ought to try again later.  In this case it says “Permission Denied” – that’s a permanent error. The fourth part of this error message tells us why the email was rejected, in this case it says “Command output: maildrop: maildir over quota”. What this means is that the service “maildrop” says that the Mail Directory (maildir) is over quota – the mailbox is full. What this means for us the sender, is that we shouldn’t bother trying to send that person anymore email until they clear out their overstuffed mailbox. There isn’t anything we can do about it other that calling that person up to tell them that their mailbox is full.

Here’s the next error bounceback:

Unable to deliver message to: <blogtest@iphouse.com>
Delivery failed for the following reason:
smtpin-2.iphouse.net[216.250.188.181] responded with failure: 550 5.7.1 black
listed URL host ***.********.net by .black.uribl.com

This has been a permanent failure.  No further delivery attempts will be made.

I did make one edit to this error message, I replaced the blacklisted URL with a bunch of asterisks (*). I don’t see any reason to give a spammy site any more traffic than it already has. OK, so let’s break this error down. The first part of this error message tells us who we were sending the email to, in this case blogtest@iphouse.com was the intended recipient. The second part tells us what server issued the rejection, in this case it was the server smtpin-2.iphouse.net – so it was the recipient’s mail server issuing the rejection, not the sender’s. The third part tells us what kind of rejection it was, and why it was rejected. In this case the error code was “550″ (I’ll go into error codes later), and that the email was rejected because it had a link to a website (the one I used ***** to hide), which happened to be on the blacklist “black.uribl.com”. The last part is just another note that this was a permanent error, in case you didn’t already know that that’s what a 550 is. What this bounce back message means for us the sender is that we had a link to a website in our email that a spam filter on the recipient’s mail server didn’t like. We’ve got a few options here. The simplest thing would be to send the person a new email, but this time not include the offending website link. If we think that the website in question should not be on this blacklist in the first place (mistakenly listed), then we can always go to uribl.com and request that the offending website be removed from their list. Not all blacklists let you do this, but plenty do – and as it so happens, uribl.com lets you request removals. Another option would be to contact the intended recipient to tell them that a spam filter of theirs is rejecting that link. The intended recipient could then follow up with their IT staff, or their ISP. I suppose the final option would be to try to “game the filter” by breaking up the link a bit. For example, let’s say that iphouse.com was blacklisted somehow. I could try sending the person a link to iphouse.com like this:  www (dot) iphouse (dot) com    A human reading this ought to be able to figure out your intent, whereas a spam filter might be tricked.

Here’s the next error bounce back:

<testblog@iphouse.com>: host smtpgrey-2.iphouse.net[216.250.190.161] said: 550
    5.1.1 <testblog@iphouse.com>: Recipient address rejected: User unknown (in
    reply to RCPT TO command)

The first part of this error message tells us who we were sending the email to, in this case testblog@iphouse.com was the intended recipient. The second part tells us what server issued the rejection, in this case it was the server smtpgrey-2.iphouse.net – so it was the recipient’s mail server issuing the rejection, not the sender’s. The third part tells us what kind of rejection it was, and why it was rejected. It’s another 550, so a permanent rejection. It was rejected because the User was Unknown. This means that the email address doesn’t exist. If you caught the mistake in the email address right off the bat, plus 10 points for you. I accidentally sent an email to “testblog@iphouse.com” instead of “blogtest@iphouse.com”. Oops. As a funny aside, I actually generated this bounce back message accidentally when I was aiming for another type of bounce back. It took me a moment to catch my mistake. I guess that’s what more coffee is for…..    Anyhoo, what this means for us the sender, is that we just need to send out a new email, but this time type in the correct address. If you’re absolutely positively 100% double plus certain that you didn’t make any typo in the email you sent out, go ahead and look for the typo anyhow. It’s really easy to miss certain things like a “,” instead of a “.”, or a letter out of place. If your double check doesn’t yield any typos, and you’re certain that the address is a valid one, you might want to contact the intended recipient to inform them that something is amiss regarding their email address.

At the opposite end of our anti-spam system is content filtering. We use a third party vendor for this, MailFoundry in the form of two appliances. An appliance is a machine that you plug in, and is suppose to work with minimal configuration.

Now the MailFoundry appliances are “black box” systems. We don’t know how they work exactly, but we’re pretty sure that one of the techniques they use is Bayesian spam filtering.

Bayesian spam filtering uses the concept of probability to evaluate each token in a message, assign a weight to each, give the overall message a rating based on this weight, and evaluate the message based on a preset threshold.

Ok, unless you’re up on your statistics or logic based calculus, or a computer nerd with Wikipedia handy, I know your eyes just glazed over. Rest assured, you are not alone.

Basically, what it boils down to is that every “token” is a series of characters separated by whitespace. During this discussion, most “tokens” are words. Certain tokens are negative, they tend to appear in spam messages. Others are positive, they tend to appear in good (or ham) messages. Each token has a value (or a “weight”). A Bayesian spam filtering system reads the message, adds up all of the negative and positive weights of the tokens which produces an overall probability rating. If the rating is too negative, it considers the message spam. If it’s positive, it doesn’t.

Now, how does the Bayesian filter know which tokens are bad or good? Well, you have to give it examples of each. If a message is spam, and it gets through the filter, you have to tell the filter that it’s spam. When a message is marked as spam, all of the tokens in the message have their ratings lowered in the filter’s database. Ideally, you’d also mark good messages as good, but most people don’t. Most Bayesian filtering schemes are configured to mark all delivered messages as good unless they are marked as bad. Over time, the good tokens get “gooder” and the bad tokens get “badder” and the system can determine what is spam and what is not.

Bayesian spam filtering works amazingly well on individual email accounts, as it will be able to determine an individual’s taste in what is spam and what is not. Unfortunately, it’s not as effective across hundreds or thousands of users, but it still helps. Your personal spam filter will usually outperform anything on our end, because you may have a different definition of what is spam than other users out there. On a large system like ours, tokens that would be marked as negative for you, are nullified by others marking them as positive. So, say mail sent from a list that you signed up for, but no longer want may be spam to you, but may not be to other people out there. That’s why it’s best to unsubscribe from those lists rather than try to get our system to recognize it as spam.

If you want to help feed our filters, feel free to send examples of any spam you receive via our system, as attachments, to spam at iphouse.com.

I hope that helps!

1) If I’ve sent and received email from my friend for years, it shouldn’t get flagged as spam.

2) If I have their email address in my address book, their email won’t get flagged as spam.

3) If I avoid using certain words, my email won’t get flagged as spam.

None of these things are true. To understand why this is a tricky question to answer, it’s helpful to know a bit about what ISP’s are doing to filter spam. Most ISP’s have their own “custom blend” of what they do to filter spam, but it more or less boils down to using a combination of one or more of the following: Blacklists, Greylisting,  enforcing RFC’s, and more traditional Content Filters.

Blacklists can be based on all kinds of things. They can be lists of IP addresses that have been reported as sources of spam, lists of mail servers that have been found to be capable of being used as open mail relays, lists of URL’s that have been “spamvertised”, or any number of other things. Not all blacklists are the same. Some are very aggressive in what they list, and some are very conservative. The aggressive lists might block a lot of spam, but they are also more likely to have “false positives” – as in they blocked something that the recipient really did want to receive. Whereas the conservative lists might not have many false positives, but they’re likely to let more spam through.

Greylisting is when a receiving mail server issues a temporary error, which causes the sending mail server to re-queue the email and send it once more. Being able to re-queue an email is something that any RFC compliant mail server ought to be able to do. Greylisting can drastically reduce spam sent through “spam zombies” – home computers compromised by viruses that send spam out directly from the PC instead of through a mail server capable of re-queuing email.

RFC’s are, in a nutshell, the basic minimum standards for anything Internet related. Enforcing RFC compliance for mail can cut down on mail sent out from compromised PC’s/servers, and cut down on spam sent out from “sketchy” mail servers.

And lastly, content filters are the more traditional form of analyzing the content of an email to determine the “spamyness” of the email. Each spam filter system has its own “custom blend” of techniques to identify spam. Some of these criteria include; spammy words/spelling (\/1agra), format of an email (lot’s of CAPITAL/BOLD/etc lettering), lists of “spamvertised” websites, know spammer addresses, etc. Some filters use a feedback system that allows end users to submit examples of spam to train the filter.

Because blacklists and content filters are dynamic in nature, it can be very difficult to determine what it was at that exact moment that caused a particular email to be tagged as spam.

It’s also our first line of defense against spam.

Greylisting is a very simple technique. It is a daemon attached to database that keeps track of who externally sent mail to whom internally, including from what IP address. When a new sender/recipient/IP-address (or triplet as it is called) combination pops up, it bounces the transaction with a temporary, 450/451 response code. This is per the RFC and any properly implemented SMTP server should adhere to it, re-queue the message, and send it again later. If the server sends it before a specified “too early” window (in my case on my personal server, 2 mins, but that’s fairly aggressive) it’s temp-failed (tech term for try again later) again. If the message comes back after this “too early” window, but before a 24 hour expiration window, the message is passed through, and an entry is made in the database allowing that triplet to send mail unhindered for a few days (depending on configuration). If enough messages come from the same ip address and domain pass Greylisting, that whole domain can be automatically white-listed through the check.

The goal of greylisting is not to penalize legitimate mail servers but only to stop non-compliant botnets from getting through.

Greylisting is very effective because it keeps non-compliant SMTP servers from sending mail to our (or even your) servers. Most virus infected computers that send or relay spam won’t re-queue messages, or will re-queue them for only the briefest amount of time. Why? Their goal is to blast as much email/virus payload as possible, and any slowdown or long retry time is very counterintuitive to this goal.

Problems with greylisting are legitimate, by mis-configured SMTP servers either not re-queuing the messages because they are set to treat 400 series bounces as 500 series (permanent) bounces. Or they re-queue the messages, but report to the original sender that the message bounced.

Yahoo implements a more esoteric set up, where they have 4 servers listed in the MX record, and at any time, any of them will bounce messages. This is another way to test for non RFC compliant servers, as a server is supposed to try all of the MX entries in turn, by weight value. Most virus infected computers won’t do that. At least that is what it looks like from the outside.

Because some of our users may have problems with receiving mail, our web-based interface, ipMom, gives you the option to disable greylisting. If you log into ipMom with your email address and password, you’ll notice a “Greylist” option . Set it to off, and greylisting is no longer affecting your mail. Keep in mind that this does let more spam into the system, although our other anti-spam protections may still catch them.

I hope that helps!

If you are a small business with just a couple people, you can use addresses like sales@mydomain.com, support@mydomain.com and billing@mydomain.com and have all the email delivered to the same one or two mailboxes.

The use of aliases gives your business a more professional look while at the same time making it easier for your customers to remember how to get in touch with you.

Within your mail client, you can setup rules that sort or mark mail differently, depending on the alias it was sent to. If all your billing mail, for example, is in the same folder, it makes it easier for you to read through all of it before you post invoices.

If you are an individual user, aliases can help you track who is selling off your email address. Just setup a couple aliases that you can use when responding to different offers. Then watch to see which of your mail addresses are receiving any unwanted email.

Setting up your aliases is easy. Just go to our customer account management system ipMom and click on Aliases.

Phishing is spam that attempts to extract personal information from the recipient. Here are some quick points about Phishing:

1. Email asks for your password: ipHouse will never ask for your password via email. This is a common policy with many companies so feel free to make it your own policy: Never send a password via email even if you think you know the recipient.

2. Strange reply-to address: The reply-to email address is not an official email address. ipHouse employees and internal addresses are all @iphouse.net. This latest round had the reply-to as an email address in Brazil (.br) or a yahoo.com address. A general rule for anyone is to always check a provider’s website for valid contact information. When going to their website type in the address yourself or use an existing valid bookmark. Do not click a link in an email even if it looks valid is it may be a “masked” URL whose destination is a different address.

3. Credit card fraud. While this email was looking for passwords, many Phishing scams ask for credit card numbers. And for decades there have been phone-based credit card Phishing scams. ipHouse will never ask for your credit card number via email nor ever via a call we initiate. Feel free to make it your own policy with everyone – never send a credit card number via email and never give your credit card number out to someone unless you initiate the call.

4. Spam filters don’t catch everything. While our multiple levels of Antispam catch most Phishing expeditions, some can get through. This one was harder to catch as it didn’t have any off-site hyperlinks and had enough words that it looked valid to the filters. We don’t publish for spammers how we adjust but trust me that we do adjust. Of course we do want to see what might get through. For example, yesterday alone ipHouse blocked 1,463,418 spam, Phishing, and viruses. We pride ourselves on an extremely low “false positive” rate. If a spam or Phishing message does get through, please forward it with full headers to spam@ipHouse.net. If you have an individual question or concern, our Support team can help.

5. Learn more! Here are some links to several sites’ take on Phishing:

• Blogs about Phishing: PhishingScam
• Popular OS: Apple, Microsoft
• Popular Guides (always with a grain of salt please): WikiPedia , About
• Trade/Industry groups: APWG, National Cyber Security Alliance, AARP
• Government: Stop-Think-Click

- Eric

We can and do patch our machines and lock them down as much as possible.  However, as an ISP, our job is also to make sure that information flows smoothly to and from your account. To a very real extent, you are in direct control of the weakest security link for your account, your password.

We have lately seen a rash of accounts compromised because they had passwords that were less than ideal. You may think your account isn’t worth hacking, but you would be wrong.

Most hackers do not target individual accounts to determine the best ones to compromise. They just setup their password cracking programs, aim them at encrypted password files and let them do their thing. The password files are encrypted but have to be publicly accessible in order for customers to actually log-in to their accounts. The cracking programs are very fast and very sophisticated. In the first couple minutes they will have tried all dictionary words and common names not only in English but in other languages. Then they move on to any and every password combination that includes the actual username or makes simple number-letter substitutions like using a 0 for an o.

Once an account is compromised, the hackers can use it to gain access to other systems, read or re-direct your email and, most commonly, use your account to send spam out to the rest of the world. It doesn’t matter who you are or how interesting your email is, accounts are compromised on an equal opportunity basis.

Some people feel that it is more trouble than it is worth to have a secure password. Remember, it is okay to write down your password, just don’t write it down in an easily accessible location and never keep it with your account name. Some people use the phrase trick to create secure passwords that are easy to remember. For example: “Traveling up the amazon in 1974 by boat was a great vacation!” becomes the password “tuTA’74bbGV!” Don’t be afraid of forgetting your clever, secure password. We all forget passwords sometimes, just call the friendly ipHouse support team and we can help you re-set your forgotten password.

Protect your account. It is a good idea to change your password annually if not more often. If you are still using the password that was auto-generated for you when your account was originally setup, change it now.

Does your password pass the 5 basic rules of password security?

(1) At least 8 characters
(our system can handle passwords of over 200 characters).
(2) Not a dictionary word or a name.
(3) Not a dictionary word or a name with select numbers substituted for letters like 0 for o or 1 for l.
(4) A mix of lower case and capital letters with numbers and symbols thrown in for good measure.
(5) Your password is completely unrelated to your name and your account name.

You can change your ipHouse password now by going to:

https://ipmom.iphouse.com/

And remember, you need more than one secure password. If you use the same password for multiple accounts or in multiple places, that creates its own level of insecurity.

David is a math and statistics expert, implementing many of his solutions using his background in software development and database design. He consults primarily for small to medium-sized businesses and helps his clients with all their computer needs from software installation to network security. He has worked with individuals to setup their home offices with efficient, secure connections to their work places.

David describes himself as being, “vocal and tenacious about raising hell when a client’s vender doesn’t deliver.”  His clients appreciate this dedication. Thus far, all his clients have come from word-of-mouth referrals.

David shared with me that he wants to be equally vocal when a vender does a good job. He thinks that, “Many ISPs do not do good work. ipHouse has delivered. It seems like you guys can do no wrong.”  David is impressed with the breadth of knowledge of ipHouse staff. “It is nice to have a vender whose technical support team is savvy about issues beyond the traditional support call.”

ipHouse engineers have been waging a battle against spam since the 1990s. As the Internet has grown and changed during the last 15+ years, the amount of spam has increased exponentially.

The problem of online viruses has also grown. Effective spam and virus filtering is now an essential component of any mail server.

The dilemma is always how to balance false positives with reliable protection.

Mike Horwath, ipHouse senior admin, recently wrote about his frustration trying to find the perfect anti-spam solution.

ipHouse has developed a fairly comprehensive anti-spam solution for mailboxes hosted on our mail cluster. Not only are all incoming emails scanned for spam and viruses by our MailFoundry system, there are also a wide range of filters and blacklists that can be applied on a per mailbox basis. These customizable filters help customers get only the mail they want, because one person’s spam is another person’s legitimate email.

Through ipMom, ipHouse customers can decided exactly how many hoops they want their mail to jump through on its way to their inbox. Options include turning greylisting on or off, enabling various sender checks, and applying both DNS (IP address) blacklists and RHS (domain name) blacklists to incoming emails.

Greylisting is one of the most simple and most effective ways to stop spam.  If greylisting is turned on, new incoming email is deferred from the sending mail server. Mail servers that are configured correctly will just re-send the message and on the second send, it is successfully delivered to your inbox. This simple technique works because many spammers use mail servers that are not correctly configured.

Sender Checks check both the sending mail server and the domain name associated with the sender to make sure they are configured properly. Sender Checks can block a fair amount of legitimate email and should be used with caution.

Blacklists range from the highly conservative with very few false positives to the gung-ho that seem to block messages if they even look at another message that might be spam. More detailed explanations of the different types of spam and virus checks are available on the ipHouse support pages.

ipHouse has long provided customers running their own mail servers the ability to have their incoming email scanned by the MailFoundry system. Yet we have been frustrated by our inability to do more.  This summer, our engineers have been working on new anti-spam solutions for customers with their own mail servers.  We are just finishing the beta tests and hope to formally launch the product by the end of summer.

We are very excited about this upcoming feature.