| I was trying to ask generically because Microsoft deals with a universe-sized quantity of email traffic in comparison to my self-hosted barely used domains. By tiers (which may be the wrong word, maybe just 'layers'), only relating to my setup, I mean things like: - Tier 1: Spamhaus DROP and eDROP lists are outright blocked - Tier 2: IP addresses that have illegitimately connected to my mail server ports are outright blocked (port scans, invalid login attempts, etc. - I manually check some of these against abuseipdb.com to determine their validity) - Tier 3: IP addresses that have scanned non-open ports on my systems are outright blocked from connecting to my mail server ports Just running these rules for a couple of months has dropped unwanted connections to my mail server ports a heavy percentage. One theory being that if you can block known-bad and highly-likely-bad connections, then actual spam detection (through email content review) is minimised to a certain degree. I actually want to implement additional anti-spam IP address block lists and just haven't gotten around to it yet, but the above does a good enough job for my essentially unknown domains (as I said, a universe of difference to what Microsoft has to deal with) - Tier 4: Black-box spam detection built-in to the all-in-one mail server solution I use (I don't know how it works, I don't know how to edit the 'rules' or even if I can). 'Tiers' I would expect Microsoft to have would be: - Their own lists of known-bad IP addresses / ranges / ASNs - Reverse DNS lookup validation - DKIM checks - SPF checks - More protocol level 'things' beyond the understanding of a simple network admin such as myself. - Weighting the results of all of the above to determine some kind of 'spam likelihood' score. All of this is before reviewing the content of the actual message. |