541 SPAMCOP Blocked, look at http://www.spamcop.net/bl.shtml?DENIED_IP
Once a mail is received in Altecom's mail services, this pass through a
filter system to avoid innecessary messages such as SPAM and Virus. The
filters are applied by this order:
Temporal error: It is an informative message to sender's server, in
order to attempt to send the message later, without intervention or
notification to the sender. (Error 4xx)
Permanent error: It is an informative message for the sender's server
which denies the sending and has to notify the sender that the message
won't be delivered to the destiny, whitout his/her intervention. (Error 5xx)
It checks that the IP of the server which sends the email isn't in a
black list of conflictive IPs. There are thousands of black lists, but
Altecom only checks the 3 world's most reliable: SpamCop, SpamHaus and
ORDB. If the email is in one of these lists, it is dennied with a
permanent error (541) and it is notified to the sender with a link of
the black list where he/she is, so he/she can solve the problem. If the
mail isn't in any of these list, it continues to the next step.
To avoid that the remote server could saturate with the massive sending
of messages, we've limited the incoming messages from the remote server
to 10, the messages from the 11 are returned with a temporal error
(421), informing that the maximum number of sendings has benn surpased,
and the remote server will try to send the message later. The normal is
1 or 2 simultaneous messages per server. If everything is correct it
hops to the next filter.
This process is very simple, our server checks the mail address of the
sender and the domain name servers in order to be able to return the
mail if necessary, if the origin domain doesn't exist or it doesn't have
correct dns to be able to answer, the mail isn't accepted, as it is for
sure a fraudulent sending and it is returned with a permanent error (553).
It validates that the destiny email address exists, if it doesn't exist,
the email is returned with a message of permanent error (511) informing
of the mistake to the sender. If the address is correct it continues to
the next step.
When the email is received it is validated in the authorised database,
if it isn't in that list, the origin 25 port is cheked (SMTP server) to
see if it is opened. If it is opened the email can pass and it is adedd
to the authorised mail database. If the origin doesn't have the port
opened, it's dennied during 5 minutes with a temporal error (451), so it
can be tried again later. If it tries again after 5 minutes, the emial
is accepted as it's really a SMTP server which sends the message even if
the port 25 isn't opened, and it is added to the accepted database so as
not to do this process again.
The registers of the database expire after 40 days if no emails have
been sent with the same origin or destination, if it has been sent then
the counter goes again to 0 remaining 40 days in the registry. Most of
the SPAM is sent from direct bandwidth connections witout having SMTP
server, due to virus and zombie computers. With this filter the 90% of
non desired emails are deleted, as these computers won't try again the
sending for the time that it takes.
Any Internet user can send mail with the domain he/she wants, without
the authorization of the domain's owner. The SPF system prevents this
problem validating in the TXT registers of the DNS, the origin IPs from
where it's possible to send the mail using the domain. This method
requires that all the server administrators from all arround the world
configure these parameters in their DNS, in order to avoid that someone
can falsify its identity. If an email is received from an IP whose
domain doesn't authorize, it will be returned with a permanent error and
it will iforn about the cause od the return with a link to an
More information: http://www.openspf.org
The attached files are analyzed to avoid that they are infected and they
could damage the customer's equipment, if a virus is found the message
is directly deleted and the sender receives an error message.
If files are sent with the extensions: .vbs .lnk .scr .wsh .hta .pif
.shs .exe .com .bat .cmd the mail will be rejected informing the sender
that this kind of files are not accepted directly (without being
compressed in .zip). If the file is correct and there isn't a high risk,
it goes to the next filter, if not, it returns a message of permanent
This is the last step before delivering the message in the users's
mailbox, and it scans the text to determine if the message has typical
SPAMS text, if it's the case, the subject is modified by adding [SPAM?]
at the begining. To avoid this system the Spammers send the text in
images, so they cand avoid this filter, for this reason we've integrated
an OCR (a text recogniser inside images) to our system, so we can now
detect SPAM inisde the images.
421 Too many connections. Please reduce connections per minute.
553 sorry, your envelope sender domain must exist: dominiofalso.tld
511 sorry, no mailbox here by that name (email@example.com)
451 GL - temporary problem. Please try again later.
550 Please see http://firstname.lastname@example.org&ip=192.168.0.1
541 Your email was rejected because it contains a bad attachment
541 Your email was rejected because it contains the "nombrevirus" virus