MailMum Whitepaper

 

Forward

MailMum offers individual services for email administrators to monitor incoming mail traffic and to control it by blocking IP addresses or even IP networks of abusive systems using Real-time Blackhole List (RBL) technology. The admin has full control over the listings by defining parameters, blacklisted (abusive), and whitelisted (trusted) IP addresses. The defined rules may apply for the whole account down to an individual server.

Mail System Today

Provided by several sources email traffic is up to 90% or unwanted emails (called spam or junk). Controlling them through spam filters (like SpamAssassin or Rspamd) is hard as it is expensive by teaching, running, and maintaining them. Also, this high load of unwanted emails wastes a lot of costly resources that must be paid and run by specialists.

The biggest pain on spam is the same/similar spam from the same people but sent through different systems. The user sees them and asks themself, why this „same thing“ can’t be stopped/rejected by admins.

To understand what problems admins face running an email server, we need to understand what can be done and which consequences are implied through these actions.

Blacklisting

Blacklisting is listing an IP address in a blacklist for different reasons. Using such blacklists results in rejecting incoming email server traffic from listed IP addresses before any email data is received or even processed through an email server.

Current State on blacklisting

Currently, Real-time Blackhole Lists (RBLs) are global. If an IP address is listed on a blacklist, it is rejected by all servers using this blacklist.

Removing a server from a blacklist is considered to be hard to stop spammers from easy delisting. Only the company running this blacklist is in full control of this blacklist and defines all the rules on this list.

A lot of public RBL services rely on users providing them spam emails to create blacklist which is considered very harmful as a common email user is not aware of the problems and work he can provide for an email admin by getting his server listed on a public blacklist.

Some services like Sender Score work with a reputation system, where algorithms decide based on parameters whether an IP address is harmful or not. Getting a bad reputation is hard for email admins as they only can wait until their reputation gets better, so they can send emails to customers using such services.

Selecting a blacklist for blocking unwanted emails is also hard, as you must evaluate the quality and the usefulness of such a list for your systems. Also, most services don’t have information or statistics you can use to evaluate it.

Often admins avoid using public blacklists or live with disadvantages due to missing whitelisting of important servers or services. That’s why there is a lot of room for improvement.

Additional Problems regarding blacklisting

Using such a blacklist on an email server is trusting the blacklist provider for all incoming emails which is considered harmful or even wrong (TODO see …) as blacklisting services like Gmail by Google, Mailchimp, etc. results in a significant rejecting of valid email traffic which results in support and work. Whitelisting services on a blacklist are not possible, as these are global blacklists which can be right for one use case and wrong for another.

Blacklisting in MailMum Service

Our service is different in many cases. Every blacklist is individual down to a single server. It is in full control of the admin who is maintaining it. He can set up the system and create his blacklists and whitelists for every server IP, server group, or the whole company.

Every admin can create his blacklists based on incoming spam by special email addresses. This is done automatically as admins can forward spammy email addresses to our services to generate an automatic listing of IPs sending unwanted emails to their users. These so-called spam traps are one part of the provided automation.

Also getting blacklisted on MailMum is not global. Blacklisting is done between two servers (sender and receiver) of emails reducing pain for the admin being blacklisted.

Whitelisting

Whitelisting is listing an IP address in a list, which email traffic should not be rejected.

Current State on Whitelisting

Whitelisting IP addresses is hard as every admin has to maintain a list of services, which are relevant/important to him. Big providers like Gmail run several systems in parallel and can add or remove IP addresses for outgoing email traffic at any time. This must be monitored by admins who want to whitelist a provider or service (like Postmark, Drip, …).

As whitelisting and blacklisting works in contrast to each other, email server setup must be done in a way, that whitelisting should skip blacklisting if matched. This setup is not possible for every email server system. Also, a whitelist must be set up and managed for every server separately which is considered error prawn.

Whitelisting in MailMum Service

Whitelisting is a very important part of MailMum service, as the admin can whitelist his relevant networks or services on MailMum without any additional setup on his email servers. Controlling and running the blacklisted and whitelisted IP addresses is done by MailMum.

We provide selectable providers like Gmail, Outlook by Microsoft, or Sendgrid which are maintained by our systems and specialists. The admin has to select the services, which are relevant for him or his servers.

Blacklisting an IP range or network skips blacklisting whitelisted IP addresses by our systems. Our systems control whitelisting even if an admin blacklist a whitelisted IP or service. Information regarding overlaps in blacklisting and whitelisting is shown in frontend and API requests.

Delisting

Delisting is removing an IP address from a list.

Current State of Delisting

Delisting (removing) IP addresses from a list is considered to be hard, expensive, and sometimes impossible based on the blacklist rules (TODO see …).

Especially reputation based blacklists are a big pain for admins having only one or view IPs/servers to send out emails. They must wait to be delisted or get enough reputation to send emails to servers using these lists. Being listed hurts the reputation of an admin and even his customers, as the email service limited, until the delisting is finished.

MailMum Delisting Service

Currently contacting a blacklist or getting delisted is not communicating admin to admin but admin to a service controlled or mostly not controlled by humans.

As our service operates on an IP address to IP address base, listing and delisting are always done on source and destination IP base. This way an email admin (sender) contacts another email admin (receiver) to get delisted.

Delisting by source and destination IP is easier to get delisted for an admin. He communicates to an admin who can see his IP traffic/reputation and can decide, whether he rejects or accepts this request. Personal communication and common pains help to build better sys-/mailadmin communication and the related ecosystem.

But it is even harder for spammers sending unwanted emails to many different servers, as they must delist every server (receiver) they were spamming to get delisted and not only one entry on a global blacklist.

Making a decision based on figures

As MailMum is a data platform and not a simple blacklist you can make your decision based on data and even on data history we have built to support your decisions. You can start on MailMum with zero whitelisting and blacklisting. By collection data, MailMum provides you with valuable information you can use to whitelist or blacklist services or networks.

Blacklisting can be done based on historical data for IP and IP networks. We provide additional information for the IP address, IP network, and even services running on this to support the decision process. Removing stale entries is easy too.

Whitelisting relevant services can be done through data too. You can monitor their traffic and change decisions. Removing stale entries is easy too.

Comparing server log entries and personal feedback from users helps clarify the process.

Summary

By providing MailMum service there are a lot of improvements for the email ecosystem outside big cloud providers like Gmail from Google or Microsoft Email services.

As the MailMum service sees only sender and receiver IP addresses of servers, there are not facing privacy issues. The content and the communication stays in control of the companies using this service and in full control of the specialists responsible for them.

Building up a community, data, and reputation of IP addresses helps to create a sustainable service for a better and more diversified and independent email ecosystem.

Tags