Email Policy

(Rev: 01/04/2025)
Sending Email to a network other than your own is considered a privilege, not a god given right!

Sending to us? Expect the following checks...

Authorised Senders
    Checks included are SPF, DKIM, and DMARC.

    These tests are based on DNS resource records that the sending networks specify as to who is allowed to send Email using their domain, and tell us how we should deal with unauthorised connections, such as hard-fail (reject), soft-fail (pass this test but mark as spam)


IP Anti-Spoofing
    Testing to make sure the presented IP address and Hostname are not spoofed or forged.


Valid Addresses
    You need to use a valid Email Address when sending Email.


DNS Blacklist Checks
    This uses the Domain Name System to test if the connecting host has been known to spam, operates an open, and/or exploitable proxy, is an open mail relay, contains abusive or problematic hosts.

    Sometimes, when many hosts in the same address space have offended on a large scale, it is possible that a large proportion of, or the entire IP range belonging to the registrant is blocked.

    We make use of several DNSBLs, as well as our own.

    NOTE: There are some "paid for" whitelist/reputation services, honestly, save your money, very few in reality actually use them, they are in our opinion nothing more than a scam to make money themselves, and they have been abused with whitelisted senders sending spam.

    Trust is earned, not bought!


RFC1912 Enforcement
    Connecting Email Servers must have both a forward and matching reverse DNS record. The rule and enforcement applies to both IPv4 and IPv6.

    RFC 1912, Section 2.1, para 1 and 2 states "Every Internet-reachable host should have a name" ("A" record) and "Make sure your PTR and A records match" and "For every IP address, there should be a matching PTR record in the in-addr.arpa domain".

    Although this document makes no direct mention of IPv6, it has long been widely accepted as implied, so it is important that you allocate a static IP address to all of your mail servers, and ensure they have an A (IPv4) and AAAA (IPv6) hostname (forward) record, and that they have a matching PTR (reverse) record.

    You can perform some checks on your domain using https://zonecheck.org to assist you and your provider in resolving any issues.

    In rare instances, there may have been a problem with our DNS servers getting a timely answer from your DNS servers, if the above checks verify your DNS is configured correctly, we suggest waiting a few minutes and retrying.


Residential IP Checks.
    This checks via DNS to see if the connecting host is in a known "home user" (the old Dial Up) Listing.

    In addition, there are checks on your hostname for such things that infer it is a home user, such as but not limited to, terms like cable, DSL, ppp, dial or DHCP etc,

    In most cases, there is little need for a home user to send Email directly, by using your ISP's SMTP server you can greatly reduce the risk of your mail being blocked.

    99% of spam is sent by spam bots, which are mostly comprised of compromised Microsoft Windows PC's, this type of blocking eliminates the vast majority of spam entering the network.

    We refined these rules over many years, but like everything in the anti-spam world, nothing is perfect, our rules may falsly trigger, a DNSBL entry may be outdated if your ISP has moved the IP range from residential to business, the reject message should indicate who you need to talk with in such cases.

    For Home users, this can be overcome by configuring your SMTP server's setting for smarthost/relayhost to that of your ISP's SMTP server, some examples of doing this are -

      Smart Host Examples...

      Sendmail, add to /etc/mail/sendmail.mc - then remake sendmail.cf
           define(`SMART_HOST',`smtp.your.isp')dnl

      Postfix, add to /etc/postfix/main.cf - then run postfix reload
           relayhost = smtp.your.isp

      Microsoft Exchange, in exchange system manager, connectors
          add new, SMTP-Connector add your smtp.your.isp

    For Business users on a static IP running your own mail server, ensuree your ISP has moved you out of the residential IP pool and change your rDNS to reflect your own domain.


Generic IP Checks
    Mail servers tend to have specific names, that's if their admins are competent and not lazy, eg: mail.example.com or somename.example.com, etc.

    Using generic DNS, such as 1-1-12-123.example.com is very rare for a real mail server, it makes you appear to the rest of the world as a home user and you will be treated as such.

    If you are unable to have your ISP fix this, firstly consider changing to an ISP that gives a damn, or, if that's not practicable, follow the advice above to resolve.


Bad MX Checks
    Tests for illegal content in DNS MX resource records.


Bad HELO/EHLO
    Connecting machines must issue a HELO or EHLO statement.

    They must also present this as a valid hostname in DNS..


Senders of Backscatter
    This occurs when you send an Email to a network where the address actually does not exist, but the receiving network accepts the Email and then when the two mail servers finish communicating, checks to see if the user exists, and upon finding no user, then generates a brand new reject message back to the sender saying so.

    This is very wrong, the rejection should be done at the initial connection to the recipients server from the senders server, rejecting at the "Mail From" stage where the look up is done (on compliant mail servers) and does not have to generate a brand new DSN (Delivery Status Notification) message to the sender with a bounce message.

    This is a serious problem when addresses are forged and is exploited by spammers all of the time. Networks generating useless bounce/DSN messages, such as Google Groups, and ill-configured Qmail and Microsoft Mail Servers are very typical of this problem, there are also some ill-configured anti-virus and anti-spam systems that do the same, those should be avoided at all costs!


Internal Blacklist (non-DNSBL)
    The blocking of IP's, hosts, domains, and in some cases full netblocks, and in rare cases entire TLD's and associated netblocks may occur if-
      Multiple hack/script attacks are attempted to be carried out against this network. Multiple hosts/IP's are found to be source of phishing scams. We deem traffic from a host/IP should never be accepted for activities being detrimental to our network or users.
      We do not provide a public list of permanently blocked hosts or IP's, but local users may request information of if a specific blocking is in place.


Mailing/Mail-out lists
    Lists that are not fully "opt-in" will be blocked when brought to our attention for abuses, regardless of if they have a working opt-out or not.

    Lists that were opt-in but do not honor or offer unsubscribe options will also be blocked if brought to our attention by our members.


Virus Scanning
    All messages are checked by multiple Anti-Virus Scanners - their definition databases are updated hourly.

    Detected virus and malware messages are silently discarded.


Anti-Spam Checks
    All messages are checked by our Anti-Spam Scanners.

    Mail exempt under the Australian Spam Act, such as political or religious advertising and market research, is not exempt from our spam policies, this ridiculous exemption only means the ACMA can't prosecute you, it does not mean we can't block you, it does not give you carte blanche rights to spam or harras, nor does it provide immunity from your organisation being put onto global blacklists.

    Simply put, if one did not directly and manually opt-in to receive your messages, then it is spam, and it will be treated accordingly.

    We use thousands of header and body checking rules, as well as URIBL's to detect, score, and reject junk.

    Low scored, or suspected spam, has the Subject modified to [**SPAM**] with the original message attached to a warning notice. This means the recipient usually must take extra steps to view the suspect message, before opening them, they should read the spam warning in detail for information as to why it was classified as spam. Click here for an example.

    They also have hidden headers added to the message which includes an overall spam score, the matched rules and their individual scores, one of the headers added a X-Spam flag which allows you to set up your personal junk mail filter in your local mail client if you so wish. IMAP and Webmail users already have this configured.

    Example...
    
    X-Spam-Flag: YES
    X-Spam-Score: 5.4
    X-Spam-Level: ******
    X-Spam-Status: Yes, score=5.4
    
    
    High Scored spam is silently discarded. This will certainly be spam or malware. Messages are outright deleted with not even a notification to the recipients.

    Australians should be mindful we have The Spam Act 2003 (cth), actively enforced by the ACMA.

    We have a zero tolerance with spam, we may forward all Australian based or related spammers on to the automated ACMA submission system for investigation and prosecution.

    International senders of spam should be mindful that now days many countries also now have anti-spam laws and we may forward to your ISP and if applicable, your local Spam enforcement agency.

    As we touched on above, some countries anti-spam laws may exclude certain types of messages based on the organisations type (charity, political, religious, etc) from being labeled as spam, you are not afforded that legal protection here, you will be blacklisted.


Newly Registered Domains
    Newly registered domains will automatically have a higher than normal spam score set which reduces over time eventually becoming neutral after a period of time. The reason for this is often spammers register a domain, spam everyone a few days later, and are gone after a week or so. We are aware not all vermin act this way, some buy cheap-deal first twelve month domains, then use them only days before they expire, these vermin are mostly still caught by our usual multitude of anti-spam rules.


Phishing Checks
    These checks attempt to determine if a link in an Email is genuine or fraudulent by looking at the actual URL and comparing it to the presented visible URL name for any differences. Phishing is a very real risk for those targeted in identity theft and financial, and business scams.

    This test also checks against several databases of known phishing site URLs.

    Because false positives are possible, the messages are typically treated as spam, rather than blocked, so it is important to always read the warning notices if your message is tagged as spam, remember and apply the old food saying - if in doubt, chuck it out!


Email Bad File Type Checks
    Checks attachments against a list of administratively prohibited file types.

    These tests are not based on the filename, but unix file, which examines a file and will determine what it really is, for example, trojan.dll may be called readme.txt, the unix file wont be fooled and will see it as a .dll file and report this back to our anti-virus program which will reject the entire message.


Important: You should never solely rely on any Email Provider to protect you from spam, fraudulent phishing scams, malware, viruses, or other malicious content.

You also must take all necessary steps and precautions to protect yourself, although our anti-virus definitions are updated hourly, in most cases, it is near impossible to defend against what is known as 0 day (just released) viruses and malware.


Members who believe their senders are consistently being incorrectly tagged as spam, should contact support.