In an effort to reduce spam we at Mia.Net have a filtering system in place that allows us to constantly update our anti-spam system with new rules on a daily basis. In addition to this filtering system we are also using Blacklists. Below is a brief explanation of the types of filters and blacklists we use as well as a Lookup System that allows you to enter any Spam Error Codes you or someone you know may have received for further explanation. If you have had a message bounced, please use this lookup search to find out the code meaning. If you cannot find the code in the database, please email abuse@mia.net with the code number or error explanation. If you feel that legitimate email is being bounced please let us know. We can either White List your email address/domain and or IP address ranges, or remove the rule and or rules if there are too many false positives. If you or your service provider is in one of the blacklists we utilize you will need to have them contact the blacklist operator to be removed. We make every effort to reject only spam, however there are times where legitimate mail will be bounced. It is the trade off in the ongoing war against spam. If you have any questions or concerns, please email abuse@mia.net

Rule Explanations		Lookup a Filter Code The criteria you type below will perform a "like" match with TYPE or RULE or CODE fields. Virus Filters, Content Filters, Format filters, and 45 Day rules are searched currently. Active and Test Rules only?:   Code Column Legend: V codes are Virus, F codes are Format; C codes are Content; 45 are 45 Day rules
Format Rules - Contains rules finding spam based on format (eg ad rules, friend@public.com, etc) AntiVirus Rules - Contains rules that protect against known Viruses. Content Rules - Filters known spam phrases in the content of messages. Regional Rules - Filters based on domain and or region from known spam offenders. DNSbl Rules - These are "DNSbl" or DNS Black Listed IP Ranges. Contains known IP Ranges of spammers. Local BODY Rules - Filters spam phrases in the Body of the message. (Not Currently in the Search Database) Local Header Rules - Filters spam based on the headers of an email message. (Not Currently in the Search Database) Others Rules - Used for additional rules meeting different criteria. (Not Currently in the Search Database) WINNOW Rules - A set of ever changing, ever updated daily rule sets.
Why Black Lists?		Black List Filters Currently In Use
We have started using outside "blacklists" to handle incoming spam for several reasons. The biggest reason is that our mail servers and filters are spending more time processing spam mail, than legitimate mail. This means massive mail delivery slowdowns, delays sending and receiving mail, and heavy processor and ram load on our machines. To the Right are the current black lists we use. They are loaded and check in the order they are listed. Another reason we have resorted to blacklists is because very little spam makes it through these filters (and any that comes to our spam traps, gets immediately reported to http://spamcop.net/). There are bound to be some "false positives", and we deal with these on a case by case basis. However, nearly everything we block appears to be spam.		bl.spamcop.net oitc dnsbl.njabl.org (added 8/13/04) blacklist.jippg.org dev.null.dk hil.habeas.com list.dsbl.org virbl.bit.nl (added 8/13/04) oitc dnsbl.sorbs.net relays.bl.kundenserver.de relays.ordb.org relays.visi.com (pulled as unstable 12/13/04) sbl-xbl.spamhaus.org hil.habeas.com (added 8/13/04) DNSbl filters listed in order of effectiveness
Other Filters In Use
Attachment Filter UPDATED 8-13-04 This filter blocks .BAT, .CMD, .COM, .CPL, .EXE, .LNK, .PIF, .SCR and .VBS files, as well as blocking base64 and uuencoded zip files that contain those types of files. This updated version now checks all files in a zip attachment (not just the first one), blocks zip files containing zip files containing blocked file types, blocks attachments with names ending in .zip that are not zip files, has improved base64 decoding, and checks the first file of a .rar archive. No Message-ID Filter PULLED 1-5-04 This filter will bounce any message that has no Message-ID and is not from a host that is allowed to relay or has used SMTP AUTH. This can be useful for blocking spam as often spammers leave out the Message-ID header to try and hide the origin of their messages. No legitimate sites should be sending messages without Message-ID headers as section 3.6.4 of RFC 2822 requires that messages SHOULD have a Message-ID header. (THIS FILTER HAS BEEN PULLED AS IT GENERATES TOO MANY FALSE POSITIVES) Route Address filter 1.0.1 This filter will bounce any recipient that has a % or ! in it, or starts with an @. This is useful if you are using EIMS as a firewall for a system that will relay route addresses. 1.0.1 includes the sender address in the error log, which only works with EIMS 3.0 and later, EIMS 2.2 users should use version 1.0b2. Space Patrol Filter This filter will bounce any message that contains more than 8 consecutive spaces in the message subject. It does not check spaces used to wrap the Subject header across multiple lines. This filter can be modified with ResEdit to check for any header containing any string. NUL and LF filter This filter will bounce any message that has NUL characters in it, or stray LF characters. Stray LF characters are ones that are not part of a CRLF line break. This filter can be useful for preventing problems where clients stall downloading messages with NULs or stray LFs. This filter does not check messages sent with the SMTP BINARYMIME extension. Route Address filter 1.0b2 This filter will bounce any recipient that has a % or ! in it, or starts with an @. This is useful if you are using EIMS as a firewall for a system that will relay route addresses. Host Syntax Filter (Added 8-12-03) This filter checks the SMTP HELO/EHLO name to make sure it is compliant with relevant standards, and refuses mail from any host that isn't compliant. The relevant standards are section 3.5 of RFC 1034 (Internet Standard 13), section 2.1 of RFC 1123 (Internet Standard 3, which refers to RFC 952), section 4.1.2 of RFC 821 (Internet Standard 10) and sections 4.1.2 and 4.1.3 of RFC 2821. This filter will block hosts with underscores in their HELO/EHLO name, those hosts are not compliant with these standards. Happy99 virus filter This filter will bounce any message with an X-Spanska: header starting with "yes". Version 1.1.1 fixes the filter to not be so strict about line ends. Papa virus filter This filter will bounce any message with an Subject: header starting with "Fwd: Workbook from all.net and Fred Cohen". Version 1.1.1 fixes the filter to not be so strict about line ends. Archive filter This filter stores a copy of all messages received using SMTP (which includes outgoing messages from users) and stores the copy in a folder called Archived Mail in the Mail Folder. The messages are stored in EIMS Save as Files format. Interceptor filter This filter takes a copy of all messages received using SMTP then tells EIMS to discard it's copy. Received messages are put in a folder called Received Mail in the Mail Folder. This could be used by other software to check the messages (anti-virus software for example) and then if they are OK put them in the Incoming Mail folder for EIMS to process. VBS/Loveletter virus filter This filter will bounce any message with a Subject: header starting with "ILOVEYOU". Melissa virus filter This filter will bounce any message with a Subject: header starting with "Important Message from". Version 1.1.1 fixes the filter to not be so strict about line ends. HTML Comment Filter (Added 8-12-03)PULLED 9-8-03 This filter blocks messages that have more than a configurable number of HTML comments in them. By default this filter is configured to block messages with 30 or more HTML comments. It also has a second threshold for just logging messages, by default it logs any message with 2 or more HTML comments. The thresholds can be changed in the STR# resource. (THIS FILTER HAS BEEN PULLED AS IT GENERATES TOO MANY FALSE POSITIVES) Bulk Mailer Filter This filter checks the headers of messages for the signature of a common bulk mailer program. Bulk Mailer2 Filter Bulk Mailer Filter (Added 8-12-03) This is another filter that checks the headers of messages for the signature of a common bulk mailer program. It can be used in conjunction with the original Bulk Mailer filter, as they match different signatures. Host Name Filter (Added 8-12-03) This filter checks the SMTP HELO/EHLO name against the one in the STR# resource. This can be useful for blocking dictionary attacks that always use the same HELO/EHLO host name, and for blocking spam that always uses your servers IP address as the HELO/EHLO host name.
What Attachments do you Block?		Misc
These filters will bounce any message that contains a file with a particular extension. These filters work well at blocking PC email viruses and this is why we use them. There is no reason to be sending a .exe file through email as an example. The filter checks all MIME parts for a Content-Type header with a "name" parameter that ends with the extension or a Content-Disposition header with a "filename" parameter than ends with the extension. They also check for uuencoded attachments and check for unusual headers that Outlook and Outlook Express will interpret as being executables. Finally the CLSID filter blocks attachments with names that end with a }. .BAT .COM .EXE .HTM .LNK .PIF .SCR .CMD .VBS CLSID .ZIP .RAR .CPL		Check to see if an IP and or Domain is listed in a spam database SpamCop Lookup Database Requires membership from http://spamcop.com OpenRBL Lookup Database Distributed Server Boycott List

Updated Monday, December 13, 2004	Mia.Net and the Mia Logo are trade marks of Bella Mia, Inc. All rights reserved - Copyright 2004 Bella Mia, Inc. All other service marks and or copyrights are property of their respective owners.