Evolving Our Spam Prevention: The Journey to SusRanges

Oct 30, 2024 Edit: As we transition to this system today by spinning down the previous system, we expect inbound spam to increase for a few weeks while we rebuild our data set. Previous data sets cannot be migrated to this, as they were too inconsiderate of important details for this type of system.

At MXroute, fighting spam is an endless arms race. While content filtering has its place, we've learned that the most effective approach is network-based filtering. Today, I'm excited to share how we've revolutionized our spam prevention system after several iterations of learning what works - and what doesn't.

The Learning Process

Our initial approach used network-level firewalling to block known spam networks. Simple in theory, but problematic in practice. Some legitimate customers had servers in these networks, and residential ISPs proved especially tricky to handle without causing collateral damage.

We then tried blacklisting spam-heavy networks. While this caught more spam, it also increased false positives. We discovered that finding the sweet spot between aggressive spam blocking and maintaining delivery reliability was harder than expected.

Our third attempt introduced whitelist capabilities, allowing customers to override blacklist restrictions. This helped, but led to new challenges with spoofed emails and still didn't solve the residential ISP problem.

Introducing SusRanges: Our Game-Changing Solution

After much iteration, we're proud to introduce SusRanges - our most sophisticated spam prevention system yet. Here's why it's revolutionary:

  1. Near-Zero False Positives: Our most accurate filtering system to date
  2. Global Whitelist Control: Allows us to instantly correct any false positives
  3. Unparalleled Efficiency: The most effective spam blocking we've ever implemented
  4. Zero Customer Impact: Works seamlessly whether you're sending or receiving mail

How SusRanges Works

SusRanges identifies IP ranges that typically don't host legitimate mail servers. Take Chinanet for example - while it's a massive network, very few legitimate mail servers operate within it. For those few, we've prepared a whitelist in advance.

The magic happens in how we handle these connections. When we receive SMTP traffic from a SusRange-listed IP, we simply require SMTP authentication. That's it. If you're our customer, you're already authenticating, so you'll notice no change. But this simple requirement stops spam botnets dead in their tracks.

This approach means:

  • Our customers see dramatically reduced spam
  • Legitimate senders aren't impacted
  • Even if you're in a SusRange, your service continues normally
  • Compromised computers in these ranges can't spam our other customers

We're excited about this evolution in our spam prevention strategy. It's proving to be our most effective solution yet, delivering the spam reduction our customers want without the headaches of our previous approaches.