DKIM or DomainKeys Identified Mail is a method to allow an organization to assume responsibility of a message. This in turn helps the recipient to validate the email as coming from a legitimate source. In our case CronLab assumes responsibility of all messages leaving its outgoing filtering servers by implementing DKIM with its own encryption keys. Therefore the IT administrator doesn’t need to make any adjustment to their settings but can rather be comforted by a higher deliverability rating thanks to CronLab implementing this technique.

More information available at: http://en.wikipedia.org/wiki/DKIM

SPF or Sender Policy Framework is an email validation system, telling the receiving email server which the allowed senders for a certain domain are. Any user of CronLab’s outgoing filtering should include the string spf.cronlab.com in its DNS settings to ensure that CronLab’s servers are authorized to send information on behalf of their domains.

More information available at: http://en.wikipedia.org/wiki/Sender_Policy_Framework

There are two options in handling unknown recipients:

1) Block the email already at the transmission with a REJECT code

2) Accept the message, but subsequently returning it to the sender with a BOUNCE code

As virtually all senders of spam use forged from-addresses the BOUNCE code will result in an email to an innocent user, a so called backscatter. This could lead to the email server sending the BOUNCE to be blacklisted. It is therefore important to send a REJECT code already in the transmission to avoid any backscatter.

Additionally, CronLab counts its licenses based on number of users with a certain number of aliases allowed per user. Not implementing the REJECT code will quickly result in more email addresses being filtered than the license actually permits.

The following link explains how to set this up in Microsoft Exchange 2007: http://technet.microsoft.com/en-us/library/bb123891%28EXCHG.80%29.aspx

To be able to send emails on behalf of someone else, you need to configure an alias. In the example above userb@domain needs to login to his/her Message Center, and add usera@domain as his/her alias.

The postmaster user may also configure a domain alias who will be granted permission to send emails on behalf of any user of the domain. There is no default domain alias, so even if you want the postmaster to be the domain user, this must be configured in the postmasters Message Center

Log in as postmaster@domain.com in the Message Center. The postmaster account has higher level access privileges compared to regular users.

The postmaster account at any domain can search through all messages for that domain, up to 30 days old. This only includes the header information (from-address, to-address, subject, etc) in order to preserve privacy. Any user can also search through his or her own spam and legitimate emails.

In the search engine for the postmaster of every account you can trace all messages up to 5 days old, including detailed delivery information. If you cannot find the email at all in the search engine, then the email never even reached our filtering servers or that it was sent to an erroneous recipient.

We do not accept password protected ZIP-files, because these can not be safely scanned for viruses or other bad content. Please remove the password protection and resend the file to be able to make them reach their intended destination.

The recommended approach is to change port number to a non-standard port.

Configure MX records for your destination domain as well. E.g., if you are filtering example.com, and have your mailservers mail1.example.com and mail2.example.com, you should configure the following: 

example.com MX mx?.cluster.antispam.cronlab.com

 

mail.example.com MX mail1.example.com, mail2.example.com

 

Thereafter, request CronLab to filter example.com and deliver to mail.example.com; then the filtering service will use mail1.example.com or mail2.example.com depending on priority and availability.

This could be because there exists an errenous MX record for the destination domain, see above regarding redundant mail servers.

No such caps have been put in place.