There are a couple common scenarios of spam being sent through our servers:
- Forwarding: Many users like forwarding email somewhere, e.g. to their Gmail. If our server receives suspicious email messages and forwards then to Gmail, it does not take long before the Gmail servers suspends all messages coming from our server.
- Automatic responses: Users often have autoresponders, e.g. vacation messages or simply contact acknowledgements. Trouble with this is that the autoresponders reply to spam as well. Spammer usually use spoofed email addresses, meaning the automatic responses (containing spam) go to innocent third parties.
- Compromised mailboxes: Sometimes a user's mailbox gets compromised, e.g. virus on their computer or using a weak password. Spammers love opportunities like this to use someone's login to send junk email.
- Port 25: Your message may contain language that is common in spam. To get a rough indication of how SpamAssassin views you email, send the message to email@example.com. The fine folks at Port 25 has a service that will scan your email for various good attributes like SPF and DKIM records, and also perform a rudimentary scan with SpamAssassin. You will receive an email response back with the analysis results; see what the SpamAssassin results say, and also (if relevant) whether your message in not in compliance with your domain's SPF or DKIM records. More about the Port 25 authentication checking service at https://www.port25.com/authentication-checker.
- URIBL blacklist: If you email message contains links to third-party websites, then those links may be considered suspicious. Our service use the URIBL service to sniff out web links that are trending in spam. The Port 25 check above will show a zero score for the URIBL due to the way that service is configured; our servers will however trigger for bad URLs. To perform a manual blacklist check, use the lookup function at http://uribl.com/about.shtml.