Mail system policies

All connections to our mail system undergo a certain level of scrutiny. The order we process an incoming connection is detailed here:

PTR Record Test

The first test our mail system does is to test for a PTR record relating to the IP address of the remote connection. If the connecting IP does not have a PTR record the connection is closed with a "501 Connecting IP must have valid PTR record" response.

RFC1912 (Informational) states that "For every IP address, there should be a matching PTR record in the in-addr.arpa domain." The PTR (short for Pointer, also refered to as Reverse DNS) record is the responsibility of the ISP providing the internet connection. ISP's comitted to following best practice will provide a generic PTR record by default. You should contact your ISP if Xtreme's mail system closes your connection due to a missing PTR record.

http://www.dnsreport.com and http://www.dnsstuff.com provides a helpful insight into this and other configuration information for your domain and connection.

Sending domain Test

Quite simply a test to verify that the sending domain exists. If the domain does not exist the connection is closed with a "501 <DOMAIN> is invalid or DNS says does not exist".

SPF Test

SPF (Sender Policy Framework) is a system where a DNS entrys states the IP addresses that are allow to send email for that domain. Xtreme Networks SPF rule allows all of Xtreme Networks address ranges and nowhere else to send email from xtreme.net.nz. If an SPF test produces a Failed result the connection is closed with a "550 <IP ADDRESS> does not pass SPF requirements for domain <DOMAIN>.

The SPF entry is ultimately the responsibility of the owner of the domain. More information on SPF can be found at http://www.openspf.org.

Greylisting

Greylisting is a method where we take the sender and recipient addresses and then close the connection with a "451 Greylisting enabled, try again in 1 minutes". After one minute we then accept the email, and any further emails from the same sender to the same recipient for a 24 hour period before dropping the pair from the database. The theory behind this test is that most spam and viruses will only make one delivery attempt then move on to another email address.

Most mail servers have retry policies that easily handle a one minute delay in delivery. We can exclude domains from greylisting. All .nz and .govt.au mail is excluded from Greylisting.

DNS-BL Lookup

DNS Black Lists are maintained by various organisations whereby domain names or IP addresses will be submitted as being a source of spam or viruses. Xtreme Networks only checks the following four lists as we find them to produce acceptable positive results with very few false positives. The response provided when a match is found will depend on the match. More information on these lists can be found at http://au.sorbs.net.

dul.dnsbl.sorbs.net
web.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
http.dnsbl.sorbs.net

Further spam testing by means of SpamAssassin Heuristics and Bayesian Learning is available at $79.95 + GST per month per domain. This is also standard if you have your own SMTP server and have spam filtering with us. If your internet connection is not through Xtreme you can still have this service at $99.95 + GST per month.

We have three options available for the paid service:

Option 1: Email suspected as being spam is immediately deleted from our system.

Option 2: Email suspected as being spam is tagged in the subject line and forwarded to the recipient.

Option 3: Email suspected as being spam is diverted to a holding account where authorised company directors can review and forward any false positives as necessary.