imap.ald.net, secure IMAP and IMAP-based POP3 accounts

imap.ald.net

ald.net Services is pleased to offer world-class secure IMAP email services with a full complement of anti-spam and anti-virus filters. We also offer IMAP-based POP3 accounts.

IMAP
IMAP is an email protocol that is superior to POP3. It is particularly useful for users who need to access their mail from multiple locations. For a description of IMAP, see our announcement on aldbb.ald.net, and see What is IMAP? at IMAP.org.

FEATURES

Secure Access to your email from multiple machines
Secure Web-based access to your email from just about anywhere
SMTP authorization (required), Transport Layer Security (TLS) (optional)
TLS supported on both port 25 (smtp) and port 587 (submission) - useful when your hotel or ISP blocks port 25, or if port 25 is being tied up by spammers
Multiple Mailboxes
Multiple Identities supported
"Plus" ("+") addressing (unlimited throwaway addresses) at your request
Generous Storage Space (100 MB - add more as needed)
Automatic 30 day Expiration of Trash folder (deleted messages) only
Greylisting with Automatic Whitelisting - eliminates the majority of spam (optional - default on)
Manual Whitelisting and Blacklisting at your request
Blocking of "illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits". (optional - default on)
Anti-Virus filter - definitions updated every 15 minutes. (optional - default on)
Header and Subject marking of suspected spam, untrusted sender, etc. (optional - default on)
IMAP Keywords for labeling and sorting your email (if supported by your IMAP client)
Server-based threading and sorting (if supported by your IMAP client)
Sender Policy Framework (SPF) Records so your mail will be trusted.
SPF Records for your domain(s) that we host (optional)
Nightly backups with ability to restore deleted items up to a week after removal at your request
Dedicated Server with no user shell accounts means better security

How do I sign up? If you are a current ald.net customer, email us at . If you are new to ald.net, use our secure sign-up form.

What IMAP Client Should I use?
We have tested several possible IMAP clients and have drawn some conclusions that we hope will help you. Please read our current recommendations.

Secure web-based IMAP Services:
You may access your IMAP (or IMAP-based POP3) account in a secure fashion from any internet-connected web browser using your account name and password. To use this service, visit

at https://imap.ald.net .

A testimonial:

Just a note to say thanks for getting us set up on the new machine for email. We're getting almost no junk mail now. What a difference! Somehow, the system marks most of the remaining spam as such, too, which makes it easy for me to dispose of on this end. I appreciate all your help!
--Debra J. Ocepek

Information and Discussion:
For more information including pricing and our roll-out plan, visit our new bulletin board system

at http://aldbb.ald.net .

Here are the most recent postings:

Details on how it all works.

Greylisting:
For our first line of defense against spam and viruses we are using a relatively new technique called greylisting. You are probably familiar with "blacklisting" - often used to block mail from known spammers, and "whitelisting" - often used to unconditionally permit mail from trusted senders. Greylisting doesn't deny or accept a message on a first attempt to send it, but instead asks the sender's mail server to try again later.

Most spammers and most viruses these days use a "shoot and move on" mailing procedure, and so they don't try a second time, and we don't see the spam at all. If the message is presented again anytime after the mandatory waiting period (we are using a 25 minute pause) and before the time-out period (we are using 7.5 days), the email will be checked against the xbl.spamhaus.org blacklist. If it passes, it will be accepted by our system and then examined by our antivirus program and a variety of other checks. If the mail passes those tests it is further screened by a battery of spam-detection tests which will note the results in mail headers and then placed in the recipient's mailbox. See the web page we've set up to explain why an email may have been bounced.

We have the option to exempt a recipient from the antivirus and antispam filtering (but not just one or the other, currently).

Auto Whitelisting:
When the greylisting program accepts an email after the initial delay, it lists the combination of the sender's address, the sender's mail relay address, and the recipient's address into a whitelist database along with the current date and time. This combination will be "whitelisted" (not delayed at all) for the next seven and a half days. If the same sender sends mail through the same mail relay to the same recipient any time in the next 180 hr, it will be accepted, and the whitelist time will be reset to 7.5 days (180 hr) from that time. If no email with that combination is received during the whitelisting period, the whitelisting expires and the next email will have to go throught the initial 25 minute delay again.

We also have the ability to permanently whitelist a sender domain, mail relay address, or to exempt a recipient address from the greylisting process.

Blacklisting:
We employ one very conservative "Exploits" blacklist (xbl.spamhaus.org) to screen mail that gets past the greylisting. This particular blacklist "is a realtime database of IP addresses of illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits." It doesn't try to block all spam, and generates few, if any, false positives.

Antivirus:
The antivirus system we are using is ClamAV. It checks every incoming and outgoing message that is accepted by the system (unless we have specifically exempted the sender or the recipient) for known viruses. We check for new updates four times an hour to be sure we have the most current virus definitions possible. Greylisting blocks most of the viruses, but a few still get through just from random chance. We have seen viruses that were delayed for 90 hr by the greylisting before being submitted a second time, accepted, and then quarantined by the anti-virus filter.

Our antivirus filtering is no substitute for having your own antivirus software running on your computer because no antivirus system is perfect, and because email isn't the only way viruses can infect a computer.

Spam Tagging:
We use SpamAssassin to "tag" spam that gets past the primary blocks. SpamAssassin adds several headers to identified spam, permitting you to train your mail client to accept, classify, reroute, or delete mail based on these headers.

SPF:
We are using SPF (Sender Policy Framework - formerly Sender Permitted From) in two ways currently. First, we permit sites that publish valid SPF records to skip the greylisting step. Second, we use SPF results as one of the scoring criteria for SpamAssassin. We hope to begin blocking mail that says it is from us, but actually isn't, at some point in the future. Permitting this is one of the major benefits of the SPF protocol. We had tried blocking based on SPF for a short time, but found that there were too many false positives.

Results:
We have found the combination of greylisting and one blacklist to be far superior in blocking spam compared to the multiple blacklists that we are running on the old POP3 mail server.

Greylisting, spam blocking, and antivirus filtering are optional, but are turned on by default. Check yesterday's and today's accept/reject logs to see how well these work. (Note - a virus/worm-infected file will be counted twice, once when it is first accepted, and again when it is quarantined.)

Drawbacks:

Forwarding: Mail forwarded from another server will bypass greylisting (because the forwarding server will be auto-whitelisted). However, the anti-virus and spam tagging will still be in effect.
Delays: Greylisting, as effective as it is in reducing spam and viruses, does have a price. It delays the first email from a correspondent for at least 25 minutes. Most email sites will retry every half hour or so, and most (approximately 90-95%) of initial emails will delayed by an hour or less. Approximately 5-10% of emails will be delayed for longer periods, mostly because the site that is relaying the long-delayed mail is not retrying frequently, or is trying from several different mail relay hosts (each of which will be separately greylisted), or otherwise has a non-standard configuration. We keep updating our list of such sites so we can exempt them from the greylisting. Check yesterday's and today's delay logs to see how the initial delays are going. (Note - a virus/worm-infected file will be counted twice, once when it is first accepted, and again when it is quarantined. Such infected files often also show > 1 day delays.)

Copyright © 2004 ald.net Services, ltd. All Rights Reserved. Information in this document is subject to change without notice. Last updated May 3, 2005
Brought to you by:	Complies with: