SMTP Reputation Stats

(Added in v6.20)

If you receive email by direct incoming SMTP (not via an ISP or filtering service) then you can tell VPOP3 to report sender reputation statistics back to VPOP3. This is enabled/disabled in the Settings → Misc Settings page.

We hope you will enable this option. If your mail goes through any other company's mail system then they are probably tracking far more information than we will be.

By pooling the information that each copy of VPOP3 has into a central repository we hope to improve spam filtering reliability. Large mail server providers already perform sender reputation monitoring, but standalone copies of VPOP3 will not have access to enough reputation data for this to make a difference. By pooling the data we hope to improve things.

For instance VPOP3 will report which IP addresses are trying to connect to it, and which are trying to log in with invalid credentials, or which are sending to unknown email addresses etc. By pooling this information we should be able to determine whether a sender IP address is reputable or not.

The information reported by VPOP3 is:

  1. VPOP3 licence key (to track the reliability of data from the VPOP3 installation - eg if we detect that mail is received via an SMTP filtering service we can ignore data from this copy of VPOP3).
  2. sender IP address
  3. failed/successful login attempts (just a count, no more information)
  4. number of messages in this SMTP session
  5. for each message
    1. sender domain (not full email address) - optional
    2. number of valid recipients (just a count, not the email addresses)
    3. number of invalid recipients (just a count, not the email addresses)
    4. number of failed attempts to relay messages (just a count, not the email addresses)
    5. message size
    6. spam filter score (if any)
    7. timestamp

So, there is no identifiable information there, except possibly the sender domain (this is used to correlate sender domains with IP addresses to help with detecting forgery attempts).

The data is not, and will not be, used for any purposes other than for assisting spam filtering by tracking sender reputation.

Messages sent by logged in users or internal IP addresses are not reported. The successful login attempt from an external IP address IS reported, but no further information on that session is logged. This helps with reputation logging because login attempts are from email clients not other mail servers, so you should never receive incoming mail from that same IP address without authentication.

Currently the data is not used in by the spam filter as we are waiting to see if we get enough data to be able to track sender reputation usefully.

Technical

If you want to see what data is being sent to us, the 'smtpstats.reputationstats' table in the database contains the data which is to be sent, and has recently been sent, to us.