Protecting Your Email Server - Without a Firewall

Lets take a look at how you can protect your email server from direct delivery spam when you're on a shared hosting server and sharing compute resources with other customers.

Hosted Email

The majority of Internet domains are hosted on shared servers, usually with control panels such as cPanel, Plesk or Direct Admin for management. This is a very low cost solution and works great for small organizations that need hosting and email services.

The Drawbacks

There a few drawbacks with shared hosting solutions. They generally don't come with any anti-spam or anti-virus protection - if they do it is usually seriously lacking, allowing a large portion of spam to reach your inbox.

Another drawback is you don't have access to a firewall so you can't restrict who can connect to your server. This can cause issues for both your email server and your website - with hackers and spammers sending spam and trying to compromise your server.

Direct Delivery

How can you restrict access to your email server, even though you don't have a firewall? You can hide it! Your domain publishes a list of MX records, which tell other email servers where to deliver your mail - the servers listed in your MX records are responsible to receive your mail.

Often, the MX records for a domain on a shared hosting server will just be a single server... something like this:

mail.example.com

By pointing your MX records to MX Guarddog's servers, we filter your incoming mail and deliver all clean mail to your server. After activating MX Guarddog your MX servers might look something like this:

example.com.c2.mx1.ik2.com
example.com.c2.mx2.ik2.io
example.com.c2.mx3.ik2.eu

By using MX Guarddog you are taking one step towards hiding your server. With our servers being used as your MX records it reduces the surface area a spammer, virus or hacker can reach your server.

We are seeing an increasing amount of spam that is delivered via direct delivery - or a direct delivery attack as we call it. Spammers ignore your MX records and try and find your email server by connecting to common names like:

mail.example.com
smtp.example.com
www.example.com

If you are on a shared server, odds are good they will be able to establish a connection and deliver their spam direct to your inbox - without their messages being scanned for spam for virus infection. You need to protect your server.

Direct Delivery Prevention

On our direct delivery page we describe how you can protect yourself, including such things as limiting access to your server using a firewall, creating rules in Microsoft Exchange and changing your email server port.

These solutions are powerful in the fight against spam and virus attacks but all require you to manage your own server and are simply not available on a shared server - that sucks!

Direct Delivery - A Solution

On our direct delivery page one of the suggestions is to change your name. What we mean by that is changing the name of your server(s).

If spammers lookup the name of your server, often mail.example.com, you can change the name to something else. If you were to change the name of your server (the DNS A record) to mymail.example.com when the spammer attempts to lookup mail.example.com their lookup request will fail and they will not be able to locate the address of your server - they can't find a route to your email server! They have been prevented from a direct delivery attack - success!

It is not possible to get rid of www.example.com, if you did no users would be able to connect to your website. You could use a service such as CloudFlare which is designed to improve the performance of your website and stops hackers from harming your website. If you are using CloudFlare no spammer, virus or website hacker will be able to find the true IP address of your website - they can't find a route to your email server - success!

Making Changes

The topics discussed above are fairly simple, but if you are new to networking or don't fully understand the changes required in your DNS servers you may need to seek assistance to make these changes.

If you rename your server, don't forget to update the your email servers page at MX Guarddog or we will not know where to send your mail. Any legitimate user or service will also need to change the name they use to access your server.

Implementing these changes will keep spammers away from your server but will also keep MX Guarddog from reaching your server if you don't inform us where to send your mail.

A Hosted Email Alternative

If renaming your server is not possible and you may want to consider Zoho Mail.

At the time this article posting (June 2016) Zoho is the only shared hosting service that we know of that allows you to create a firewall.

Updated 2016/06/14