How it works

Top  Previous  Next

The main workhorse of the Alligate system is the SMTP gateway that employs a combination of techniques to identify spammers as early on in the message transaction as possible.

 

These include:

 

Our proprietary MXRate Sender Reputation Database. MXRate is a system that analyzes millions messages daily to provide real time reporting to Alligate servers on the message sending habits of any particular sender.
A unique implementation of a procedure called Greylisting. Our system avoids the typical pitfalls of other greylisting systems by only imposing greylisting if certain user defined criteria are met.
Variable time "Tarpitting" is also employed to effectively discourage spammers and slow down attacks.
Numerous verification systems allow flexible recipient checking, sender country testing, dictionary attack prevention, relay protection, authentication, "port 587" support, and reverse dns lookup.

 

When a connection is requested from a remote computer, Alligate immediately starts it's anti-spam checks. The senders address is immediately checked using the MXRate Sender Reputation Database. At the same time the country of origin is checked. Depending on your Alligate settings, the connection mat be tarpitted at this point or disconnected entirely. If the connection is tarpitted, and the sender is indeed trying to send spam, many spammers will disconnect after several seconds without getting a response from Alligate.

 

If they survive the initial tarpitting, they are not done yet. We have mechanisms for checking each and every command received from the remote computer.

 

These include:

 

HELO command checking for unusual, illegal, and user defined formats that are excellent indicators we can use to identify spammers.
MAIL FROM command checking to determine proper formatting.
RCPT TO (recipient) checking to make sure the user is a valid user, and that the command is properly formatted. These include counting the number of both valid and invalid recipients and settings are provided so that you can terminate the connection of the ratio is too high, or the defined number of invalid recipients is reached.
Additional tarpitting can also be implemented at this phase to further "encourage" the spammer to terminate the message deliver attempt and disconnect.

 

Even if the sender survives the initial "envelope" tests, they may still have triggered some flags indicating that Alligate is still suspicious of the message. This is where greylisting kicks in and what it basically does is tell the sender that the message cannot be received at the moment and to try again later. Virtually all legitimate mail servers handle this without issue, and will resend the message after a few minutes. Once they do, they are "greylist authorized" and greylisting will not be performed on them again for however many days you specify. As long as they communicate with your server on a regular basis, they will remain greylist authorized. Most spammers however, have no mechanism for resending a message and will never try to send the message again.

 

Even if they survive all the checks and get through greylisting checks, even more tests are done to check the headers, message body, reverse DNS and third party blacklists. Additional penalty scores can be applied and the message can be rejected before it is ever passed along to your mail server.

 

In summery, Alligate makes every attempt to encourage the spammer to go away on their own. This makes Alligate an extremely safe and reliable product. False positives are virtually eliminated because in most cases Alligate does not actually reject the message outright. It just makes it so difficult for the spammer to get their message through, that they have to give up. Most spam sending programs do not adhere to the rules that legitimate servers do, and we take advantage of these weaknesses wherever we can.