Envelope Scan Options
If envelope has ADDRSPACE violations add xx points: This option will add additional points if the MAIL FROM and/or RCPT TO addresses are improperly formatted. This is a very good indicator that the message is likely to be spam.
If sender has sent to bad recipients add xx points for each bad recipient: Spammers will frequently attempt to send a message to multiple recipients. Some of these recipients may be valid and some may not. Generally if a message comes in and it had several bad recipients it is most likely spam. This option will add additional points for each invalid recipient requested.
If envelope contains more then 1 RSET command add xx points for each additional RSET: RSET is the command format meaning "reset". This basically tells Alligate or any mail server to disregard previous sender and recipient information and start over during the same transaction. It is not unusual to see a remote server request a RSET one time during the transaction. It is more unusual however to see the sender request this more than once. Spammers may attempt to request a reset multiple times during the transaction. You can add penalties for each additional request for a reset.
If SMTP commands contain lower case or mixed case characters add: When the remote server sends commands to your Alligate server, the standard format is to send them in all upper case. Mixed case commands or all lower case commands usually indicate the message is from a spammer.
If HELO command fails the HELO test add xx points: When the remote server sends the HELO command identifying itself, a test is run to identify patterns in the HELO command that could indicate the messages coming from a spammer or a zombie infected computer. The HELO test can serve several purposes. It can flag the sender for tarpitting, invoke greylisting, as well as add penalty points here in the envelope scanning section. The actual a low test is a regular expression and is defined under the greylisting options. For more information on the HELO test click here.
If HELO command is an IP address or an all numeric address add xx points: According to the rules, known as RFC's, the HELO command must refer to a fully qualified domain name (FQDN). IP addresses are not permitted, nor are all numeric addresses. This is an excellent indicator that the message is coming from a spammer.
If HELO command is not an FQDN add xx points: According to the rules, known as RFC's, the HELO command must refer to a fully qualified domain name (FQDN). As many spammers will simply use a fake name, or in some cases the name of their computer, this is an excellent indicator that the message is spam.
If the REVDNS and HELO address similarity is less than xx percent add xx points: Ideally, the REVDNS and HELO should be the same. If it were required it would be relatively easy to identify pieces spammers when these two values are not the same. Unfortunately in the real world these names are frequently not the same however in many cases they are similar. What this test does is to test the similarity of the REVDNS and HELO values. We have found through testing that the similarity of less than 40% is a good level to add penalty points at. Anything higher than 40% should probably not be penalized however anything under 40% is more suspicious.
If MAIL FROM is a NULL SENDER add xx points: Messages from NULL SENDERS are fairly common as almost all bounce messages returned from postmaster accounts indicating an unsuccessful delivery attempt will come from NULL SENDER addresses. Regular mail however should never come from a NULL SENDER address. This is not an exceptionally good indicator of spam, however most legitimate messages coming from NULL SENDERS will not fail any of the other tests because they are usually properly formatted. As such it does no harm to add a small penalty value of 5 or 10 points because it will not affect the the deliverability a legitimate message and may help catch additional spam messages.
If MAIL FROM has no MX record add xx points: The domain name of the MAIL FROM sender is checked to see if it has an MX record. If it does not, xx points will be assessed. The A record is not checked. RFCs specify that an MX record is not absolutely required, and that if a domain is missing an MX record, the A record should be used. This test is provided on the assumption that properly configured email servers should have an MX record for hosted domains.
If not an MXRate Good Sender add xx points: If the results of the MXRate lookup for the message indicates the sender is not a known good sender, xx points will be assessed.