LavaNet Home

ANNOUNCEMENTS   SEARCH LAVANET
05/13/08 Phishing emails targeting LavaNet users

UPDATE 5-13-08: Mail sent to hotmail.com, msn.com, microsoft.com appears to be delivered with testing. Emails that had delivery failures over the weekend may need to be resent.

more... that appears to come from LavaNet. These emails will ask you to reply and
verify/confirm account information. These emails are not from LavaNet, and
should be deleted.

more...
  
NAVIGATION   LavaNet policy on system-wide email blocking
  News
  Services
  Support
  About Us
  System Status
  Webmail

CONTACT
Phone
(808) 545-LAVA

Fax
(808) 529-0596

Address
733 Bishop Street
Makai Tower, Suite #1170
Honolulu, HI 96813

Maps
 

Almost anyone with an email account has received unsolicited bulk email (UBE, or more commonly, "spam") in their mailbox. Some people receive dozens of spam messages each day, or more. The amount of spam being sent is increasing exponentially, with no end in sight. Also common these days are computer viruses that spread via email. The viruses can range from annoyances that fill up your mailbox to serious problems if the virus infects your computer.

While spam and viruses have an impact on everyone with an email address, their effect on the servers that handle the mail can be crippling. The additional server load caused by spam and viruses can cause problems for legitimate mail, such as delays in receiving mail. This is doubly frustrating since the extra email traffic is almost universally unwanted.

In light of this, LavaNet has put certain blocks and filters on incoming email messages, solely to ensure that our mail servers spend more of their time processing customer email and less on spam and viruses. This is not a new policy, we have been doing some virus filtering from September 2001 and implemented the first spam-blocking list in May 2002. Both these changes were announced to customers by email at the time of their implementation.

Implementing any kind of email block or filter is not a decision we made lightly, since we believe strongly that customers should be in charge of decisions regarding the content of their Internet activities. The rest of this document explains what blocks or filters we have in place, why we put them in place, and what you can do if you wish to be excluded from the block/filter.

Viruses

Viruses are malicious programs that generally duplicate and distribute themselves by infecting computers and using your Internet connection or your email as a vehicle to get to other computers. For example, the Windows-specific "SirCam" virus generates a short, bogus email message and sends itself to everyone listed in the infected computer's email address book, as well as to every email address on every webpage you have recently visited.

Viruses like SirCam can spread without your knowledge, and can spread fast. In some cases, such viruses can generate so much extra traffic as to clog up the entire mail spool capacity of ISPs (and certainly the mail quotas for individual customers ISPs set). Again the emails generated by this virus are NOT actual messages, just a copy of the virus pretending to be an email from the user of the infected computer.

One of the serious consequences of this virus is the bouncing of legitimate email back to the senders because your ISP's mail spool is now full and is no longer able to accept any mail (infected or otherwise).

Therefore, we have implemented email virus filtering for these prevalent viruses but not limited to):

  • Beagle(all variants)

  • Dumaru

  • Klez

  • MiMail(A, C, D, Etc.)

  • Novarg(aka "MyDoom.A")

  • SirCam

  • SnowWhite

  • SobigE

  • SobigF

  • Sober.O

Customers should not assume this means that their computers and networks are safe from harm by a virus or related malicious attack. In fact, we strongly encourage customers to run anti-virus software on their own computer to protect themselves from attack. As stated in our user agreement, LavaNet assumes no responsibility for identifying and filtering malicious code, including viruses, worms, trojan horses and other Internet dangers. Our specific filtering is designed solely to protect our system from the overwhelming effects of email-spread viruses, to control and hopefully eliminate viruses over time. New viruses, older viruses and more may pop up from time to time. We will do our best to advise you of them and of how to avoid them, however the Internet can be a rather rowdy place, and no one "sheriff" can possibly take charge of all the "bad guys".

The virus filters are applied globally to all email delivered to LavaNet mailboxes. Viruses are potentially quite dangerous and we feel confident that false postives are almost impossible (none have been recorded in the last six years).

Spam

Due to the radically increasing volume of spam, LavaNet uses certain techniques to block email traffic that is judged extremely likely to be spam. The main technique we use is to check the IP address of incoming mail connections against several block-lists. Servers are listed in these block lists for various reasons (see detailed list below), but in every case mail from servers that are listed is extremely likely to be spam.

The advantage of refusing connections from blocklisted servers is that they are major sources of spam, so this will reduce the burden on the LavaNet mail servers so that they can focus on legitimate email. An obvious side effect of the use of block lists is less spam in your mailbox, which is something most customers desire. The main disadvantage of using block lists is that it is possible for listed mail servers to be sources of legitimate traffic in addition to spam. In our tests, the amount of legitimate email coming from listed mail servers is extremely small (less than 0.1%), but it does happen on rare occasions. If you have a correspondent that sends mail from a listed mail server, our servers will reject their email until their mail server has been removed from the block list. Often getting off a block list requires the administrator of the server to fix the configuration of their mail server so that it no longer relays spam. As an additional safeguard, all incoming mail to "postmaster@lava.net" and "abuse@lava.net" bypasses the block lists to ensure that people corresponding with LavaNet customers can report block list-related problems via email.

When someone using a listed mail server attempts to send mail to a LavaNet customer, our mail server will refuse the message. This should generate an immediate informative error message to the person trying to send the message, so if any of your correspondents are affected by this change, you will quickly find out. If you have a correspondent that is affected by a block list, please contact LavaNet Technical Support and they can discuss the options available.

LavaNet's philosophy on spam filtering is to empower our customers to make the decision and be able to control what gets filtered and what doesn't. For customers that wish to eliminate more spam from their mailbox, please check out our spam filter called Spammo. It provides a more individualized solution to spam filtering, focused on reducing spam in your mailbox rather than excessive load on our servers.

If, for whatever reason, you do not wish to have the block lists applied to your mail, you can request an exemption from the block lists. Note that if your address is exempted from the block lists, you will see a dramatic increase in the amount of spam in your mailbox, possibly many times what you see now. For this reason, we recommend against disabling the block lists for your account. If you want to be exempted from the block lists, contact support@lava.net.

The follow are the spam blocking techniques currently being used at LavaNet:

Local LavaNet blocking list

LavaNet always reserves the right to block incoming email from a server if that server is severely abusing our system (sending tens of thousands spams, mailbombing a customer, denial of service attack, etc). We do so only as a last resort, and we unblock the server when the threat has abated. For this reason, we maintain a locally-maintained block list. Servers are only added to this list if we have hard evidence that they have abused our mail servers.

Rejecting unknown return address domains

LavaNet refuses to accept mail with a return addresses containing a domain that does not appear to exist. Using a return address with a made-up domain is is a common technique used by spammers. This restriction can also help correspondents, since it prevents LavaNet from accepting mail messages when the user made a typo in their return address.

NJABL

The NJABL (Not Just Another Bogus List) is a highly-respected list of IP addresses that includes open relay servers, open proxy servers, dial-up and dynamic IP lists, and other things. We currently use the dnsbl.njabl.org list in our mail server configuration. For more information, see:

http://www.njabl.org/

DSBL

The Distributed Server Block List contains the IP addresses of servers that are open relays, open proxies, or have another vulnerability that allows anybody to deliver email to anywhere, through that server. For more information about the DSBL, see this web page:

http://dsbl.org/main

If you have the particular IP address of a mail server and you want to know whether it is listed on the DSBL, you can check this page:

http://dsbl.org/listing

Spamhaus block lists

The Spamhaus Project is a well-respected anti-spam organization that has done much to combat spam and spammers. In addition to working with law enforcement agencies to prosecute spammers, it operates several databases that make it easier for ISPs to automate combatting spam. The databases are conservative in the sense that is difficult to get on them, but the addresses they list are almost certain sources of spam.

SBL

The Spamhaus Block List (SBL) is a DNS-based database of IP addresses of verified spam sources (including spammers, spam gangs and spam support services), supplied as a free service to help email administrators better manage incoming email streams. For more information about the SBL, or if you have the particular IP address of a mail server and you want to know whether it is listed on the SBL, you can check this page:

http://www.spamhaus.org/sbl/index.lasso

XBL

The Spamhaus Exploits Block List (XBL) is a list of IP addresses of illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.

http://www.spamhaus.org/xbl/index.lasso

PBL

The Spamhaus Policy Block List (PBL) is a list of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges.

http://www.spamhaus.org/pbl/index.lasso

Spamcop

Spamcop is another well-respected blocking list which is based on reports of spam submitted by registered users. By combining this feedback, Spamcop is able to determine high-output sources of spam. LavaNet uses these data by refusing connections from addresses listed on the bl.spamcop.net blocking list. For more information about Spamcop, see this web page:

http://spamcop.net/

Greylisting

Greylisting is a technique that has gained popularity in recent years for being a moderately effective defense against spammers. It works by inserting a delay between the time a piece of email is first attempted to be delivered and subsequent retries. Most spammers use software that handles this ineffciently or not at all, and therefore this keeps spam out of the system.

The down side is that it comes at the cost of a delay for any legitimate email received. Typically, the delay is about 15 minutes, but this depends on the remote mail server's retry policy. However, LavaNet keeps track of the addresses of legitimate email senders, so this delay normally only happens the first time that a remote email sender contacts a particular LavaNet email address. Subsequent emails bypass the greylisting check.

For more information greylisting, see greylisting.org.

Policy on abandonded mailboxes

Because of the vast amounts of email received that is mostly spam, LavaNet reserves the right to delete, without warning to the user, mail boxes that have not been checked within the last six (6) months. These are considered to be abandoned mailboxes. It also reserves the right to delete, without warning to the user, any email which LavaNet determines is egregious spam. This strict policy is in place to limit the effects of spam upon LavaNet's limited resources.

Copyright © 2006 LavaNet, Inc. All rights reserved.