Email Protection
Contents
- Service Overview
- Service Requirements
- Message Delivery Settings
- Changing Message Delivery Settings
- Troubleshooting
- Information Required for Troubleshooting
- Not Receiving Any Emails
- For an Entire Domain
- For a Specific Address
- From a Specific Source
- Email Delays
- Spam Messages Are Not Being Properly Blocked/Tagged
- Legitimate Messages Are Being Blocked/Tagged in Error
Execulink’s Email Protection service has the following key features:
- Provides email security (anti-virus, anti-spam) for domains hosted on end user mail servers.
- Offers multiple delivery options for dealing with spam and viral e-mails.
- Relies on the end user mail server to validate e-mail addresses, greatly simplifying address management.
- Queues accepted inbound messages for up to 4 days, offering some redundancy in the event of an outage to an end user mail server.
In order for the Email Protection service to function properly, the following elements are all required:
1. The service must initially be provisioned by Execulink for the specific domain.
- Part of this provisioning process requires the end user to provide Execulink with the IP address and/or hostname of the mail server which is hosting their domain’s email.
2.All email addresses for a protected domain must be provisioned on the end user mail server.
3. End user routers/firewalls must be configured to allow incoming SMTP (TCP port 25) traffic from the following IP address range:
- 69.63.44.0 – 69.63.44.255 (69.63.44.0/24)
4. The MX record for the domain must be pointed to mailrouter1.execulink.com
The Email Protection service has a number of customizable message delivery settings for dealing with spam and/or viral e-mails. These settings are applied at the domain level, so all mailboxes for a particular domain will inherit the same values. There is no option to customize these settings on a per-mailbox basis.
Spam Delivery Settings
Before we can describe the various delivery thresholds for spam messages, it is imperative to understand what a Spam Score is, as the delivery thresholds rely upon that metric extensively.
- Spam Score – For every message that is received by the Email Protection servers, a Spam Score value is assigned based on an extensive set of rules and heuristics. This value ranges between 1 and 100, with higher values being indicative of a higher probability that a given message is spam.
Here are the delivery thresholds which rely upon this Spam Score:
- Discard Threshold – Any message with a Spam Score value greater than or equal to this threshold will be outright discarded. This threshold is typically reserved for blatant spam, as messages discarded in this fashion are not retrievable.
- Tag & Deliver Threshold – Any message with a Spam Score value greater than or equal to this threshold, but less than the Discard Threshold, will be tagged as spam and delivered to the end user mail server.
The final component of the spam delivery settings is the SpamCop Blocking List.
- SpamCop Blocking List – This setting can be enabled or disabled. The SpamCop Blocking List is a list of IP addresses that have been reported to have recently transmitted spam messages. More information about the list can be found at http://www.spamcop.net/bl.shtml. When this setting is enabled, any messages sent from IP addresses that are currently listed on the SpamCop Blocking List will be outright blocked and/or discarded prior to reaching the end user mail server, regardless of whether they appear to be spam or not.
Viral Email Delivery Settings
There are three options available to deal with messages that been been determined by the Email Protection system to be viral:
- Discard – The message is outright discarded before it reaches the end user mail server, and cannot be retrieved.
- Alert – The Email Protection system attempts to strip the viral portion of the message (if possible), tags the message as having originally contained a virus, and delivers the ‘cleaned’ version of the message to the end user mail server.
- Do Nothing – Effectively disables the virus filtering protection.
Changing Email Protection Service Settings
Any changes to the Email Protection service, whether it’s to update the IP/hostname of the end user mail server or merely to tweak some of the message delivery settings, can only be done by Execulink. If changes are required to any of the settings, a valid administrator for the account should get in touch with either our Technical Support team or our Account Support team. They will be able to send the request on to the appropriate department for completion.
Detailed below are a number of possible issues that could arise with the Email Protection service, the probable causes of those issues, and suggested steps to resolve them.
- Information Required for Troubleshooting
- Not Receiving Any Email
- For an Entire Domain
- For a Specific Address
- From a Specific Source
- Email Delays
- Spam Messages Are Not Being Properly Blocked/Tagged
- Legitimate Messages Are Being Blocked/Tagged in Error
Information Required for Troubleshooting
For almost all cases, if you need to escalate an issue to Execulink’s Technical Support team for further
investigation, please be prepared to provide the following information:
- Domain name
- Specific details for an unsuccessful email delivery attempt (if applicable):
- Date/Time the email was sent
- Sending email address
- Recipient email address
- Problem details
- If there was a bounceback/error message, be sure to provide specifics about it.
- With some issues (i.e. Email Delays), you may also be asked to provide the full internet headers for a problem message that has been received.
- If you are unsure of how to get this information, our Technical Support team should be able to walk you through it.
Not Receiving Any Emails
If no emails are being received, the first distinction that needs to be made is whether the issue is impacting the entire domain, just one specific address at that domain, or only messages sent from a specific source. This is important diagnostic information, as each scenario tends to have very different underlying causes. Also, if none of the listed possible causes for a delivery issue seem likely, feel free to escalate the issue to our Technical Support team, but be prepared to provide the information detailed in the Information Required for Troubleshooting section above.
For an Entire Domain
The inability to receive email for an entire domain will typically be caused by an issue with the domain’s registration or its DNS records, a misconfiguration with the Email Protection service, or a problem with the end user router/firewall or mail server. Each possible cause has its own elements that require verification.
- From a domain registration / DNS record perspective:
- Confirm that the domain has not expired.
- If it has expired, contact your Registrar to have the domain renewed.
- Confirm that the MX record for the domain is set to mailrouter1.execulink.com.
- If the MX record is set to something else, contact your DNS host to have the MX record updated accordingly.
- Confirm that the domain has not expired.
- From an Email Protection service standpoint:
- Execulink’s Technical Support team should be contacted to confirm:
- That the domain has been provisioned correctly for the Email Protectionservice.
- That the IP address/hostname for the end user mail server has been configured
correctly within the Email Protection system.
- Execulink’s Technical Support team should be contacted to confirm:
- From an end user router/firewall perspective:
- Confirm that the router/firewall will allow incoming SMTP (TCP port 25) connections from the following IP range – 69.63.44.0 – 69.63.44.255 (69.63.44.0/24).
- If the router/firewall will not allow incoming SMTP requests from the specified IP range, contact your router/firewall admin to update its config accordingly.
- Confirm that the router/firewall will allow incoming SMTP (TCP port 25) connections from the following IP range – 69.63.44.0 – 69.63.44.255 (69.63.44.0/24).
- From an end user mail server standpoint:
- Confirm that the mail server is up and running with all required mail services functioning.
- This will be the responsibility of the end user mail server admin.
- Confirm that the mail server is up and running with all required mail services functioning.
For a Specific Address
If only one address for a domain is not receiving email, here are a couple of possible culprits:
- The sender mistyped the recipient address.
- In this case, the sender(s) will need to resend the email, being careful to type in the recipient’s address correctly.
- The address is not provisioned properly on the end user mail server.
- The end user mail server admin would need to provision the desired address properly on their mail server.
From a Specific Source
If only one specific sender/source is unable to successfully send a message through to an address (or
addresses) at a protected domain, these are the likely culprits:
- The sender mistyped the recipient address.
- In this case, the sender(s) will need to resend the email, being careful to type in the recipient’s address correctly.
- The sending server’s IP address is on the SpamCop Blocking List, and that option is enabled for your domain’s Email Protection service.
- In this case, the sender will need to follow-up with their network administrator to investigate why their IP was listed, and to take steps to prevent it from happening again.
- Alternately, an account administrator could contact Execulink to disable the SpamCop Blocking List option for their Email Protection service.
Email Delays
If incoming emails are taking an inordinate amount of time to finally reach their destination, here are some possible causes that would require further investigation:
- Issues with the sender’s outbound mail (SMTP) server
- The entity responsible for the sender’s SMTP server is the only one that can properly resolve this issue.
- Issues with the end user mail server
- If the end user mail server was unreachable for any reason (high load, server issues, internet connection problems, etc.), any messages that were attempted to be delivered during that time would have been queued for future delivery. The longer a system remains unreachable, the longer subsequent redelivery attempts for those messages will take. In such instances, waiting the appropriate amount of time for the queued e-mails to be processed may be required.
- Issues with the Email Protection servers
- Problems with the Email Protection servers could also potentially cause email delays. If this is thought to be the case, please follow up with our Technical Support team so they can verify.
Having specific details for a delayed email, as outlined in the Information Required for Troubleshooting
section, helps to speed any investigation.
Spam Messages Are Not Being Properly Blocked/Tagged
If messages that appear to be obvious spam seem to be eluding the spam filters:
- Have Execulink verify the various spam thresholds for the Email Protection service, to ensure a
misconfiguration has not occurred. - Consider lowering the Discard and/or Tag & Deliver thresholds, which will result in more spam being blocked/tagged. However, be aware that the lower these thresholds are configured at, the greater the chance of false positives, where legitimate messages are considered spam.
- There is also the possibility that the message is not being classified as spam as it is not yet being recognized appropriately by the spam filters. However, as the spam filters are constantly updated with new heuristics and spam definitions, such issues should not be long-lasting.
Legitimate Messages Are Being Blocked/Tagged in Error
If messages are being tagged or blocked that shouldn’t be considered spam:
- Have Execulink verify the various spam thresholds for the Email Protection service, to ensure a misconfiguration has not occurred.
- Consider increasing the Discard and/or Tag & Deliver thresholds, which will result in less spam being blocked/tagged. However, be aware that the higher these thresholds are configured for, the greater the chance of spam messages eluding the spam filters.
- If the message contains some element that is completely consistent with what is found in spam messages (i.e. a ‘spamvertized’ URL, etc.), that could cause the filters to flag the message as spam.