Anti-Spam Techniques


Last Updated: 03 Jan 2010 GMT +8.

To reduce e-mail spam, CHOON.NET qmail-based systems use various anti-spam techniques. Some of these techniques have been bundled in products, services and software to ease the burden on users and administrators. There is no single technique is a complete solution to the spam problem, and each has its own trade-offs between incorrectly rejecting legitimate e-mail vs. not rejecting all spam, and the associated costs in time and effort.

Read more about Anti-Spam Techniques at

Greeting Delay

As per's definition:

A greeting delay is a deliberate pause introduced by an SMTP server before it sends the SMTP greeting banner to the client. The client is required to wait until it has received this banner before it sends any data to the server. (per RFC 5321 3.1). Many spam-sending applications do not wait to receive this banner, and instead start sending data as soon as the TCP connection is established. The server can detect this, and drop the connection.

CHOON.NET uses customized software to attain such functionality. You can read more about it at our greetdelay page.

Multi-Invalid Rcpts / Dictionary Attacks

Spammers like to send spam message within one connection with many invalid random rcpts hoping to get the valid rcpt address(es) in order to harvest them and spam them more in future. This is what some people called it as dictionary attacks.

CHOON.NET uses customized software to block such attempt with certain tolerance invalid rcpt attempts.

PTR/Reverse DNS checks

These days, many mail servers are configured to make sure reverse DNS is properly set up for the server that is attempting to give them mail and they may reject the mail if reverse DNS is not properly set up. This is used as an attempt to cut down on spam and viruses as it is believed that spammers use machines that are not intended to be mail servers and many times those machines do not have proper reverse DNS set up such as dailup, cable and dynamic users.

Partial quote from's definition:

Internet standards documents (RFC 1033, RFC 1912 Section 2.1) specify that "Every Internet-reachable host should have a name" and that such names are matched with a reverse pointer

No exception, CHOON.NET is also using this check to reduce spam and it is provided to managed clients as an option. Shared hosting clients are automatically protected with this check to cut down spam to their mailboxes.

CHOON.NET offers two type of checks that managed clients can opt to either one of the following but not both:

1. Paranoid (this is the default). After looking up the remote host name in DNS, look up the IP addresses in DNS for that host name, and remove the remote host name information aka environment variable $TCPREMOTEHOST if none of the addresses match the client's IP address.

2. Not paranoid.


CHOON.NET used to use greylisting to reduce spam. However, these days spammers can bypass greylisting quite well according to feedback from our valued clients. Since this technique has one major trade-off which all initial mail is deferred and sender mail servers are supposed to retry. Instead of wasting time to handle such complaints from our valued clients about mails not being received on timely manner, CHOON.NET will cease using greylisting for all new managed clients qmail-based servers. Existing clients can opt to remove greylisting from their mail server.

Read more about greylisting from

Multiple SMTP Commands 5.5.1 Not Implemented

CHOON.NET uses customised software to check for multiple SMTP commands which causes server response "5.5.1 Not Implemented." within a single connection. Spammers mostly like to send data once the connection is established before waiting for the smtp server greeting banner which is being delayed by our customised greetdelay program. This will caused our smtp server response with 5.5.1 Not Implemented..

CHOON.NET uses this pattern to block such attempts by putting the spammer's IP in our DNSBL or Relay Block List (RBL).


CHOON.NET uses DNSBL to block those IP addresses that are known to be sending spam and/or abusing our managed mail servers.

Read more about DNSBL at

Apart from maintaining DNSBL (RBL), CHOON.NET also maintain Relay White List (RWL) which list those known IP addresses that our valued clients do not wish to be blocked such as local banks, gov. and edu. etc. Such RWL will have a trade-off if any of those IP addresses whose system are infected by viruses and used to send spams from background.

Portal Log In/Sign In

Log In/Sign In to the Portal requires cookies and javascript.