Graph of Incoming Email Connections

This shows the result of email connections from the outside world to our servers.

The light green area at the base of the chart signifies the proportion of connections from which we accept mail. All the remainder are refused for various reasons. As can be seen, there’s generally a larger proportion accepted during the working weekday than other times, but a particularly heavy spam run can either compress the green area (when we reject it) or expand it (when we accept those mails).

Currently, most of the rejects are for “technical” reasons – where the sender really isn’t playing by the rules of the various protocols. Our premium-rate customers have the capability of tuning filters specific to them; to the extent that this works in rejecting spam it would reduce the green area further. Of course, were the spam senders to reduce their efforts the green area would be much larger – so it isn’t really possible to say that either big or small is good.

conn_ref connections refused When one of our servers is in an overload situation. Note that many spammers deliberately send to our secondaries; we don’t really care that they crowd each-other out. Our legitimate customers are unaffected.
conn_ref_ip too many connections from a single IP address Some spammers open many sessions in parallel. We only accept a few.
rdns_rej Reverse DNS verify The name for the host found from the connecting IP address does not have an IP address listed which matches the connection.
H_rej unacceptable HELO name Illegal character, IP address, “localhost”, or a name which isn’t a host matching the connecting IP address.
proto_err SMTP protocol error Bad syntax, or not waiting for our response before sending another command.
B-rej bounce rejection Accounts can be marked for refusing items with an empty From address in the envelope. Such items are used for automated processing and rejection messages (“bounces”, “NDR”s) and are usually wanted, except when a spammer has picked on your name as the From for a spam run…..
condrop connection dropped by initiator We insert delays in the SMTP conversation when we find something suspicious. Many spammers give up.
relay_rej attempt to relay through us Someone who isn’t our customer asking us to send mail on their behalf.
NU_rej no such user a mistyped name, a spammer trying names at random, or another company checking an alleged From address with us.
SV_rej sender verify The senders mail host doesn’t exist, or it says the sender doesn’t exist.
V_rej virus payload Our virus scanner detected a known virus or phish. We will not pass these.
A_rej administrative reject The sender IP has recently sent a virus, or similarly annoyed us.
Q_rej quota reject The account is over-quota. Q-trej is a temporary quota reject.
tmp_rej temporary reject We couldn’t contact a mail-exchanger for the alleged From address, to check it, or user is over-quota.
noMX From address has no mail-exchanger The From address is totally made-up.
BCrej Body Content reject The message contains spam URLs or other hazardous material
Udnsbl DNS-based blocklist A sender is on a customer-specified blocklist – set to reject, not just warn.
Uenvl user filter on mail envelope Reject on source IP, From-domain or specific From address.
SVin_ok sender verify in Remote site checking an alleged From address with us.
in mail accepted We found no reason to reject (includes mark-as-spam and deliver-to-spam-folder).

For enquiries about our Email services, please contact