Meet one.com
Starting out in 2002 as a small startup in Denmark, one.com has grown into an international company, now part of group.one. Providing web hosting, domain registration, mailbox services, and website building tools, today they host customers across more than 100 countries! With a purpose to be “Your number one online partner,” they are committed to helping customers grow their online presence successfully and securely.
Security at one.com
As a shared web hosting and mailbox provider, one.com has a responsibility to provide robust mitigation against security threats to ensure a reliable and secure service to its customers – most critically to protect against:
Phishing and malicious email: Dan Malm, Systems Engineer at one.com shared over the past 3-4 years the company has witnessed an uptick in phishing attempts targeting customers, so, “Protecting the infrastructure from phishing and other malicious emails is a significant and persistent challenge.”
Compromised accounts: In a shared hosting environment, if one account is compromised, all other accounts on the same server are vulnerable to exploitation. This is not just a theoretical risk for one.com but a constant source of work for the abuse team.
In addition to continuous monitoring of threats and vulnerabilities, customer education, and other technical measures, one.com has deployed several filtering tools and services, including Spamhaus’ Data Query Service (DQS), to help mitigate these risks.
How does Spamhaus’ data support email protection?
one.com takes a layered approach to email filtering to enhance security and strengthen defenses against the wide array of email-borne threats. Following industry best practices they have developed a custom integration of Spamhaus DNSBLs to analyzeand filter out the bulk of unwanted emails at the pre-data phase. At the point of SMTP connect, one.com queries:
First, the sender IP via the ZEN Blocklist,
Next, sender domain with the Domain Blocklist (DBL), and,
Finally, the sender address via the Hash Blocklist (HBL).
If the IP address is listed, one.com drops the connection immediately, without scanning any content. Operationally this saves time and reduces costs related to bandwidth, storage activity, as well as overall memory, storage, and CPU requirements.
Once this phase is complete, content inspection commences. Here one.com has implemented the industry-leading DQS with SpamAssassin. The email filtering solution enables one.com to scan the message content and check the sender’s IP, domain, and email addresses, as well as detecting cryptowallets, malware files, and URLs. If the message can be classified as spam, it is marked accordingly and filtered into the spam folder.
And, for email on the outbound?
On the outbound, one.com uses the Spamhaus Blocklist (SBL) and Exploits Blocklist (XBL) as indicators of compromised accounts. The DNS blocklists are integrated into internal filters to check the sender IP. Connections from a listed IP are then used to signal possible account compromise. Where compromise is confirmed after investigation from the Compliance team, the account is suspended, meaning no emails can be sent until the issue is resolved. This protects one.com’s IP reputation, while also protecting the brand reputation of their customers, and their ability to consistently and securely send email.
What are the main benefits for one.com?
With decades of experience as the trusted authority in IP and domain reputation data, Spamhaus was the clear choice for one.com. After using Spamhaus’ data for many years, one.com highlights three key benefits:
Reduced processing and storage costs – Where an IP is listed, inbound email is dropped early on in the process before one.com scans the content, saving on storage and processing costs.
Overall reduction of spam – With DQS, one.com protects its customers and infrastructure from up to 99% of malicious emails.
Control of compromised accounts – Using the SBL and XBL, one.com has set up automation for handling compromised accounts, meaning they can react quickly and suspend accounts before they cause bigger problems.
Enhanced protection through targeted filtering
It’s important to remember that not all organizations receive the same spam, phishing, or malware emails. Each organization will encounter unique traffic based on its location and industry. By sharing basic email connection data, Spamhaus can identify spammers and threats in one.com’s customer’s email traffic – without needing any personally identifiable information (PII).
This not only enhances the performance of our data for one.com but at the same time benefits all other users. When asked why sharing data with Spamhaus is important to one.com, Dan responded, “Keeping our customers safe is absolutely critical to us. Spamhaus enables us to do this – ultimately helping you, helps us, but it also helps make the Internet a safer place for everyone.”
As part of this service, Spamhaus processes 175 records per second every day on behalf of one.com. From this process, an average of 180 listings are considered to be of low reputation or associated with spamming, and a further 80 listings are considered malicious, suspicious, or from compromised bot-controlled machines. That’s an additional 240 emails, every day, which one.com and its customers are now safe from, following a simple data-sharing setup.
To learn more about Spamhaus’ Enhanced Protection, please contact us here, or to sign up for a free 30 day Data Query Service trial, click here.