The Truth About Incoming Email Filtering

Hello,

Recently I needed to make an intelligent choice about moving to a new hosting service. The first question that I asked was if it was possible to remove all incoming email filters and blockers. Then I asked a different representative the same question. A few said yes both times and DreamHost and JustHost were among them. I evaluated other features, and signed up with JustHost .

JustHost lied.

After a credit card bill was filtered I created a test case and opened a trouble ticket. It took several rounds of technical support denying any filtering or blocking. Repeating my test case educated a lot of JustHost support people until I finally got them to admit that they were filtering my email. They will not remove the filters.

Now I MUST move from JustHost as quickly as possible.

The obvious question is: Can all incoming email filtering and blocking be turned off at DreamHost? Really?

Thanks,
Mike

Almost all.

We have a few filters on incoming email to drop email related to some large-scale email spam campaigns. These filters are highly targeted — they are primarily based on From headers which we have confirmed are completely fraudulent (e.g, "Admin@fbi.gov"). Under no circumstances should they block any legitimate mail.

Beyond that, there are no default filters. All other junk filtering is optional, and can be disabled if you don’t want it.

I have no problem getting junk mail delivered to my DH mail

Feel’s odd that that was a happyface comment.

Andrew,

Thank you for your candid reply.

which we have confirmed are completely fraudulent

That is almost verbatim to what the JustHost tech said. The fact is that one of the confirmed as being completely fraudulent headers was from the legitimate billing notice of my Discover card.

I don’t have any problem with email filtering. I do it all of the time. The key is that “I” do the filtering. In other words, if I miss a message, it must be because I made an error, not someone who is supposedly looking out for my best interests. Our banks, investment firms, etc. are constantly pressuring us to go paperless. JustHost didn’t volunteer to pay my late fee because they discarded my billing email from Discover. If I make the choice to communicate with anyone, I also accept the responsibility to read my email.

There are two other ways of looking at this as well.

First, I could be a spam researcher. I choose DreamHost because they promised not to filter my email both times that I asked. I sign up, do my PhD research, and then have my paper and PhD rejected because some reviewer finds out that DreamHost didn’t mean that they didn’t filter my email; they really meant that they only blocked email that they “knew” I wouldn’t want.

Second, there is the other side of the coin. You probably haven’t generated those blacklists yourself, but you got them from some source whose business it is to make lists of spam sites. What makes you think those lists are accurate? The plain truth is that they aren’t. My domain or IP has been erroneously blacklisted several times. While those errors were not too hard to fix, email originating from me was blocked from tens of thousands of sites for a few days. Once I was blacklisted intentionally by a scammer. He sold his blacklists to companies like yours because his lists were longer than his competor’s, and therefore better. Then he offered to take me off his blacklist for $100. It took me weeks to resolve that problem. Every site he sold his list to became his partner in the scam. Are you sure that you aren’t one of his partners?

The bottom line is that my email is my responsibility and not yours. If you won’t let me take take that responsibility, then I’ll have to look elsewhere.

Thanks,
Mike
[hr]
sXi,

Thanks for your comments. But …

How do you know that you are getting all of your junk mail? Andrew said that you weren’t.

Mike

I get “common” scam mails daily that are automatically cock-blocked in GMail, Hotmail, etc. accounts.

To elaborate: I use Thunderbird which gets mail directly from the server and OperaMail which receives that same mail after being forwarded to GMail, where default scrubbing is done. The junk I receive directly in TB is the well known and patently obvious phishing stuff… fake paypal, fake bank of america, fake facebook, etc. that any filter set on minimum will deny.

Nothing from admin@fbi.gov tho - so yes DH may very well be blocking the FBI admin if he’s trying to email me.

The only way to ensure 100% raw email is to set up your own mailserver and rescind all filtering. Courier on CentOS is very efficient. Dovecot is more so, which allows a set up on very low resource systems, but it doesn’t purge trash automatically so you have to handle that yourself.

These lists are entirely our own, actually, and we’re pretty careful with them. I only mention them out of a duty to completeness; there are literally 60 sender addresses in the blacklist right now, and that’s it.

Andrew,

Do you make the list public? As A DH user, can I check the list every day?

Thanks,
Mike

Not at the present time, no.

Andrew,

Thank you for your reply.

I know that I sound paranoid to you, but I have been burnt so often before by folks making decisions for me, that I am very wary about your basic filter. You seem to be an honest expert, so perhaps you can give me some suggestions. I am looking primarily for an email solution. I only use my web space to make a few files available from time to time. Indeed, my home page is a fake 404. Although, with the limitations of your shared webmail, I need to run my modified copy of Squirrelmail in my web space.

For email I need:

1. No blocking of incoming email. I don’t care if mail is marked spam or routed to a spam folder. But, I need to see it all.

2. Some webmail features unique to my users. Horde has them. My own copy of Squirrelmail does fine as well.

3. Secure HTTPS access over standard port 443 since one of my users must have access from a government site that blocks most ports. See my post “Webmail Over HTTPS Port 443” in this forum for more information.

It has been suggested that I purchase a dedicated IP to solve #3. Does this somehow solve #1 as well?

Will purchasing a VPS from you solve all of these problems? If so, I expect that I have to run my own copy of a web server and email server, or is that somehow automatic? How much memory do you estimate that I would need to do what I described?

Thanks,
Mike

Honestly, if that’s all you’re after, we are probably not the host for you. While we do host email, our primary focus is web hosting, not email. (And in any case, your requirements would mean you wouldn’t be using our main email hosting clusters — you’d end up pretty much building your own email server.)

You’d probably be happier elsewhere. But we thank you for considering us.

Andrew,

Thank you for your remarks.

Do you have any suggestions about companies that I should be checking out?

Thanks,
Mike

https://gmail.com

GMail does quite a lot of mail filtering too, and a significant amount of it ends up getting blocked before it even hits the Junk folder. I suspect that wa7zpu would be even more bothered by that.

Finding a competent mail provider that doesn’t do some amount of filtering is going to be difficult — filtering is generally considered a feature, not a drawback. You will probably need to read up on running your own mail server, then find a VPS or dedicated server host specifically for this.

Thank you Andrew and sXi.

I agree about gmail’s filters. I have an unreliable account there.

I lament that we let Microsoft convince us that software doesn’t have to work. I lament that we have let the spammers win by making email so unreliable that no one expects it to work. I push back a little bit by using LINUX and by trying to avoid email filters.

Andrew, you have suggested using a VPS, but then said don’t use DH for it. I’d have thought that DH would be happy with such a low impact server.

Oh Well. Thanks for the advice.

Mike

The suggestion is to set up your own mail server on a VPS or dedicated server. Whether or not it’s low impact will be dependent upon the ammount of email that it’s processing.

If your domain is basically “mail only”; Debian 6 on a 256MB VPS would probably be ample. You can set something like that up for less than the price of a shared Apache host if you shop around. Disk space would be the bottleneck without spending a bit more.