Hmailserver is one of the most popular alternative windows smtp servers. Despire it’s tiny codebase, it comes with a lot of features, including a robust antispam system. As of 2020, the methods hmailserver can use for blocking spam are - spf/dkim check - HELO check - sender DNS MX check - tarpitting - greylisting It can use realtime blocklists, can even integrate with spamassassin systems. However, it is not enough.

Scoring multiple lists

For example, realtime blocklists can contain false positive listings, causing legitimate emails to be rejected as spam. One should not simply reject an email based upon the blacklisting by one single rbl. The saner approach is to check the sending IP against multiple email blacklists and scoring the lists according to their effectiveness and accuracy. If a sending IP is listed in multiple high accuracy and highly effective blacklists it can be safe to assume that it is a malicious IP. At oikik, we strive to minimize the false positives, so we score the sending IPs against multiple antispam lists and when we are confident that it is indeed a spammer only then we reject it. This gives us a distinct advantage over hmailserver’s buil-in antispam settings.

DMARC policy handling

Although hmailserver can handle spf check and dkim check individually, it cannot check and validate DMARC policies. DMARC policies ensure that spammers cannot set a dkim record on their domain, spoof the victim domain From headers, and then hit the inbox. Oikik’s dmarc policy validator ensures that a victim domain’s DMARC policy is enforced by recipient domains, and thus preventing spam operators from bypassing antispam protections.