Below we describe some of the techniques Stealth Spam Protection employs
to defend against mail abuse.
MAPS, "Mail Abuse
Prevention System", is a group of 3
databases at www.Mail-Abuse.org that contains
Internet addresses that can be used to reject
mail. The 3 databases are:
holes is a
database of known sources of SPAM that
repeatedly send out SPAM and have been the
target of complaints.
("RSS" relay spam stopper) is a database of
mail servers that indiscriminately accept mail
from any other mail server and forward the
mail to any other mail server. This process is
called "open mail relaying". Spammers hijack
open relay servers to deliver spam since the
spammer can obscure himself behind the open
relay as the real source of the spam. The
operator of the open relay mail server is then
implicated in the mail abuse as well as having
his mail server inundated by tons of SPAM
traffic, and the complaints.
("DUL") is a database of world-wide Internet
addresses reserved for accessing Internet by
dial-up users. Recently, the Internet
addresses of DSL telephone subscribers and
Internet TV cable subscribers have also been
added to this DUL database. Normally, dial-up
users should send their outgoing mail to their
ISP's mail server for forwarding to Internet.
But mail abusers on DUL addresses bypass their
ISP mail server and send spam directly to open
relay servers and any other mail server.
In the above diagram, Stealth
queries the MAPS database for the presence of
the Internet address of the sender's mail
server. If the address is in MAPS, the email is
Implementation of Stealth
Anti-Virus & Spam Protection is technically very
simple and without disruption to a client's
normal mail operations.
implements Stealth simply by
modifying the client's DNS MX
("mail exchanger") records to
route the client's mail traffic to
ITS Group Information Technology first rather
than to the client's mail server.
Note that in
fact ITS Group Information Technology provides
two identical Stealth servers, a
primary and a secondary, for
redundancy. If the primary Stealth
is unavailable, the secondary
Stealth will accept the mail.
ITS Group Information Technology's Stealth receives the
incoming mail from Internet,
performs mail abuse validations,
and forwards the accepted mail
directly to the client's mail
server. The delay through Stealth
is typically only a few seconds
for a message with an average size
of 20 kilobytes.
In the case
where the client's mail server is
temporarily unavailable, Stealth
will hold the client's mail until
the client's mail server become
mail servers are not continuously
connected to Internet can use
Stealth both for its defenses and
for its mail relay features. The
client's off-line mail server
connects to Internet temporarily
to exchange incoming and outgoing
mail with Stealth. After the
client's mail server goes
off-line, Stealth scans the
outgoing mail and delivers it to
the final Internet destinations.