Dyn Email Backup MX and Dyn Email Gateway services include a user list, which allows customers to specify which addresses exist at their mail server. This allows the Dyn email servers to reject messages for invalid recipients without having to perform call-aheads, which helps to reduce the load on both your server and ours and helps thwart dictionary spam.
To use the list, simply enter the user portion of valid mailboxes on your server (one to a line). For example, if your server has mailboxes for email@example.com, firstname.lastname@example.org, email@example.com and firstname.lastname@example.org, your user list should look like this:
bob joe postmaster abuse
Dyn Email Backup MX and Dyn Email Gateway would then only accept mail for these four addresses, and reject all other mail with an appropriate error message.
If you do not need or want to use the user list, you may simply leave it completely blank.
Please note: The user list will cause our Dyn email servers to reject all but the addresses contained on the list; please be sure to double-check that you have added all the necessary addresses to the list before enabling it. Please also note that you need to add individual plus-sign addresses (e.g. joe+folder for email@example.com) as well. User list changes may take up to fifteen minutes to take effect. The user list is case-insensitive (e.g. “joe”, “JoE” and “JOE” will all be accepted by the entry for joe).
DNS Blacklists are useful optional tools in blocking known bad senders, based on a wide variety of criteria. When a sending mail server connects to our Dyn email servers and requests to deliver mail to a particular individual, the sending server’s information (IP address, reverse DNS resolution, etc.) is checked against the chosen DNSBLs for the recipient. If the server matches one of the DNSBLs, the mail is rejected with a permanent 5xx error containing information on why they were rejected and which list they matched.
You can find a list of all available Dyn email DNSBLs here. DNSBLs can be enabled for our Dyn Email Forward, Dyn Email Gateway, and Dyn Email Backup MX services. By default, our Dyn email services use the low-risk Spamhaus Block List, which is enabled by default and cannot be disabled.
The rest are broken down into groups based on their relative risk of false positive rejections (legitimate mail that is denied). When using DNSBLs, please make sure you understand the nature of the lists you have chosen before implementing them. It is not recommended to enable every available DNSBL in an effort to combat spam, as it will result in a high number of false positives; instead, you should use a combination of DNSBLs and spam scanning to reduce spam and minimize the risk of accidental rejection.
Please note: DNSBL processing takes place before spam and virus scanning. If a sender is whitelisted in your spam settings, but their sending mail server is listed on an enabled DNSBL, their message will still be rejected. To allow that sender to deliver mail to you, they will need to have themselves removed from the DNSBL or you will need to disable that DNSBL on your service. Please also note that messages for postmaster@ and abuse@ are not checked against the DNSBLs.
Virus elimination is performed using Clam AntiVirus. ClamAV scans incoming messages through Dyn Email Gateway and Dyn Email Forward and outgoing messages through Dyn Standard SMTP against virus signature files. If a virus is detected in the message, it is deleted and silently dropped. Virus elimination is an optional feature for Dyn Email Gateway and Forward, and can be disabled if desired; mail relayed through SMTP is always scanned by default.
Our ClamAV signature files are updated every six hours from the open-source ClamAV Virus Database. If you detect a virus that should have been filtered by ClamAV, you can help in the fight against viruses by reporting the virus to ClamAV on their Virus Submission page.
Spam scanning for our Dyn Email Forward and Dyn Email Gateway services is performed using the open-source spam filtering service SpamAssassin. SpamAssassin may insert the following headers into scanned messages:
- X-Spam-Score: A numerical value which indicates the ‘spaminess’ of a message, determined by the spam flags triggered by the email’s content. This header also displays a number of plus signs equal to the numerical score, rounded down, for use in client-side spam filtering; for example, a score of 5.3 is displayed as “X-Spam-Score: 5.3 (+++++)”.
- X-Spam-Flag: If the message’s X-Spam-Score value exceeds the Tag Limit for the service, this header will display “YES”; otherwise, this header will not appear.
- X-Spam-Report: If the message’s X-Spam-Score value exceeds the Tag Limit for the service, this header will appear and list all of the specific flags that the message matched.
The full list of default tests and scores can be found here.
- X-Spam-Status: This header will appear if the message is not scanned due to message size. Messages over 100KB are not scanned due to reduced performance and efficiency in scanning heuristics.
Spam Threshold Options
The Spam Threshold Options allow you to determine at what X-Spam-Score values messages should be tagged or discarded. If a message’s X-Spam-Score exceeds the Tag Limit, X-Spam-Flag and X-Spam-Report headers are added to the message, and “*SPAM*” is appended to the subject line. If a message’s X-Spam-Score exceeds the Discard Limit, the message is silently dropped.
The recommended default values for the Tag Limit and Discard Limit are 6.0 and 18.0, respectively. The Tag Limit must be between 0.0 and 25.0, and the Discard Limit must be between 3.0 and 25.0.
The Address Lists allow you to whitelist permitted senders and blacklist unwanted senders. By whitelisting an address or domain, any mail matching the entry will reduce its X-Spam-Score by 100; likewise, by blacklisting an address or domain, any mail matching that entry will increase its X-Spam-Score by 100. This will help to ensure mail from certain senders is allowed or denied, regardless of the X-Spam-Score.
Both whitelisting and blacklisting allow for wildcards (*) to match multiple addresses. For example, you could whitelist every sender at a given domain by creating an entry for *@example.com; you could blacklist every domain in a certain TLD by creating an entry for *@*.tld; or you could whitelist every sending user at any domain with username@*. Partial matching is also possible, such as user*@*dns.*.
Please note: Changes to anti-spam settings for a particular service may take up to 15 minutes to take effect. Spam scanning is not applied to messages larger than 100KB in size. (Virus scanning and DNSBLs are applied regardless of message size.) Please also note that certain destination addresses in Dyn Email Forward have spam scanning automatically applied to help reduce the load on these providers.