SPAM is a large problem that will only become larger. MEI SpamGate reduces SPAM and similarly undesirable mail by up to 90%, without adding any complexity to your mail server. Any mail server anywhere can subscribe to MEI SpamGate service.

As more employees discover and use email, their email addresses eventually get harvested by spammers. As the "killer" application for businesses on Internet, email is to valuable to abandon to degradation by spammers. There simply must be some defense against email abuse. Because mail abuse techniques and defenses are constantly evolving, many organizations do not have the resources to build and maintain their own mail abuse defenses.

There are numerous tools used by mail abusers to discover weaknesses in mail servers and for sending spam are increasingly sophisticated, applying continuous pressure on mail server defenses. MEI's SpamGate service allows any organization's Internet mail services to benefit from the latest mail abuses defenses developed and maintained by MEI's mail systems experts.

Using the SpamGate techniques, MEI clients have been able to reject 20% to 40% of incoming mail as invalid. In the first month of operation, one ISP rejected 1 million of 5 million incoming messages. Another ISP, who was aggressively targeted for mail abuse before using SpamGate, benefited from a weekday message rejection rate of 30% and weekend message rejection rates averaging 50% after employing SpamGate. From the user's point of view, there is a 90+ % reduction in spam. As these actual numbers demonstrate, mail abuse is a serious problem and SpamGate is a seriously effective solution.

Below we describe some of the techniques SpamGate employs to defend against mail abuse.

MAPS, "Mail Abuse Prevention System", is a group of 3 databases at www.Mail-Abuse.org that contains Internet addresses that can be used to reject mail. The 3 databases are:

• Black holes is a database of known sources of SPAM that repeatedly send out SPAM and have been the target of complaints.
  
  
• Relays ("RSS" relay spam stopper) is a database of mail servers that indiscriminately accept mail from any other mail server and forward the mail to any other mail server. This process is called "open mail relaying". Spammers hijack open relay servers to deliver spam since the spammer can obscure himself behind the open relay as the real source of the spam. The operator of the open relay mail server is then implicated in the mail abuse as well as having his mail server inundated by tons of SPAM traffic, and the complaints.
  
  
• Dial-ups ("DUL") is a database of world-wide Internet addresses reserved for accessing Internet by dial-up users. Recently, the Internet addresses of DSL telephone subscribers and Internet TV cable subscribers have also been added to this DUL database. Normally, dial-up users should send their outgoing mail to their ISP's mail server for forwarding to Internet. But mail abusers on DUL addresses bypass their ISP mail server and send spam directly to open relay servers and any other mail server.

• SMTP Protocol violations are frequently committed by mail abusers in order to send the spam as fast as possible. Such violations cause SpamGate to terminate the session immediately.
  
  
• RFC 822 Envelope Violation is common to abusive mail and a frequent cause for SpamGate to reject messages.
  
  
• Unknown recipient means that the "RCPT TO: Recipient@RecipientDomain" does not exist. While this can be an innocent error, there are two mail abuse activities that can be very destructive.
  
  
  • A "mail bomb" which is a malicious attack where 1000's of messages are sent to a mail server for an user account that doesn't exist. The objective is to overwhelm the mail server into a greatly reduced level of service.
    
    
  • A "dictionary/address harvesting attack" is a when the mail abuser sends 1000's of messages to many different random addresses to discover which addresses are accepted for delivery. The accepted addresses are then added to the spammer's address list as validated.
  
  While such these two attacks are impossible to stop at the source, MEI SpamGate absorbs the attacks and prevents any or most of the attacks from reaching the SpamGate client mail server.
  
  
• Unknown Sender Domain is when the "MAIL FROM: Sender@SenderDomain" does not exist, a common spammer tactic. MEI SpamGate checks with the Internet Domain Name System, DNS, to validate the existence of the @SenderDomain before accepting the message. A variant of this is a @SenderDomain that is not fully specified.
  
  
• Other Controls against mail abuse are under constant review by MEI since the battle of attrition against mail abuse appears to be without conclusion.

• A client implements SpamGate simply by modifying the client's DNS MX ("mail exchanger") records to route the client's mail traffic to SpamGate first rather than to the client's mail server.
  
  
• Note that in fact MEI provides two identical SpamGate servers, a primary and a secondary, for redundancy. If the primary SpamGate is unavailable, the secondary SpamGate will accept the mail
  
  
• SpamGate receives the incoming mail from Internet, performs mail abuse validations, and forwards the accepted mail directly to the client's mail server. The delay through SpamGate is typically only a few seconds for a message with an average size of 20 kilobytes.
  
  
• In the case where the client's mail server is temporarily unavailable, SpamGate will hold the client's mail until the client's mail server become available again.
  
  
• Clients whose mail servers are not continuously connected to Internet can use SpamGate both for its defenses and for its mail relay features. The client's off-line mail server connects to Internet temporarily to exchange incoming and outgoing mail with SpamGate. After the client's mail server goes off-line, SpamGate scans the outgoing mail and delivers it to the final Internet destinations.