SpamStopsHere
Oct 11

SpamStopsHere

Last week, I posted about installing SpamAssassin for Exchange. It was a simple install, and it worked pretty well. I was getting a 50% filter rate right out of the box, and I was confident I could get it up to 70% or so by cranking down the threshold.

In a comment to that post, Matt Smith turned me on to SpamStopsHere, which is a filtering service. I’m currently in the middle of a 30-day trial, but there’s no going back: they have essentially turned off the spam faucet — completely.

SpamStopsHere (SSHere) is the “nuclear option” for spam filtering. You actually change all your MX records in DNS to send all inbound email to them first. They filter it on their servers and only forward what’s left over. (I shudder to think what kind of big iron they have running over there to process all that mail…)

SSHere gives you the five or six IP addresses from which they will connect to your server so you can lock it down to only accept email from those addresses.

(This is necessary because when some crafty spammers query DNS for your domain and find nothing but SSHere domain names, they try to get around it by just blindly sending the email to “mail.yourdomain.com” (Cowards! Face the filters like men!). Several hundred spams a day were getting around the system by doing this. But by locking down my SMTP servers to accept only connections from SSHere addresses, there’s effectively no way to get email into my network that hasn’t been filtered.)

What this all means is that you never even see the spam — your server only fields messages that have gotten through the SSHere filters. And that ain’t much, believe me.

They have six levels of filtering. The first three catch the really easy stuff — I just toss anything that pops on one of these filters. I don’t even send an NDR — the email just disappears into the ether.

The second three filters are more fine-tuned. For example, one of them simply filters out email from the 11 countries from which 90% of spam originates (China, Nigeria, etc. — though you can allow certain countries to pass, if you have people there that send you legitimate email; or you could just whitelist one or two people). For these three filters, I have the email forwarded to a special mailbox on my network, just in case there’s a false positive (there hasn’t been so far).

They have whitelists, blacklists, and custom filters. Plus, you can filter out email with selected attachment extensions (.vbs, .exe, .scr, .bat, etc.). On top of all that, you can pay extra and get anti-virus screening on all the email that passes through the system.

The result? A 99% filter rate, and not one complaint about a false positive. (I count as “filtered” email that pops on the second group of filters and gets forwarded to my sandboxed email address.)

(Yes, 99% — we get spammed like crazy over here. I have three brokers who have had the same email addresses for eight years now — and at least five of those years had the addresses in unencoded “mailto” links on a well-spidered Web site.)

What’s great about having this done off-site is that my email server has hardly anything to do now. It’s fielding 1/20th of the email it was before (why not 1/100th? Because it still receives emails flagged and sent to the sandboxed account.), and it doesn’t even have to run them through SpamAssassin anymore. It’s almost idle. Additionally, spam is a Bad Thing. And anything that keeps Bad Things off my network is, by definition, a Good Thing.

Pricing is good: I’m paying $26 a month for one domain and 15 email addresses. Worth every penny.

Another thing I appreciate: SSHere’s Web site is full of great technical and support information. This solution isn’t for the faint of heart or people with a single email address, so they assume you know something about email when you come to check them out. They discuss all the gory details of the DNS-based solution, and explain all their filters in graphic detail so you have complete confidence in what they’re proposing before you pull the trigger.

Ironically, this whole situation has made me a little…sad, really. I’m obviously happy with the service, and I’ll keep using it, but there’s no gee-whiz factor to it. I mean, there’s no sense of accomplishment like when you set up your own spam filter and thwart the bad guys single-handedly. I just changed a few DNS records, locked down an SMTP server, and that was it — spam go bye bye. Where’s the sport? The challenge? The thrill of victory?

But [sigh], that’s another post entirely…

(Note: SSHere has a referral program. But if you decide to use them, give them Matt’s name, not mine. He’s responsible for bringing them to my attention, and I don’t want anyone to think I’m shilling for something just to get free stuff.)

by Deane   October 11, 2005 10:09 PM   |

Comments

by Matt Smith,   October 12, 2005 12:45 AM  

I was pretty sure it wouldn't take you the full 30 days to report back on your findings. Glad to see that you are having such positive results with their service.

I quickly put up a new post on my site just to make it look like I hadn't totally abandoned it. Hope my DSL upload pipe can handle the traffic now that I've been Gadgetopied!

Keep up the interesting posts!

by Matt Smith,   October 12, 2005 2:36 PM  

I just ran across this old post from March 2004: Winning the War on Spam. Just think of all the headaches you would have saved yourself had you taken my advice back then!

by A not-so-satisfied SpamStopsHere customer,   October 13, 2005 5:47 PM  

I have been an SpamStopsHere client for about a year. I agree that SSH has dramatically cut the amount of spam I receive. However, they do not block everything. Based on comparing my own statistics with theirs, on a monthly basis, approximately 15 - 25% of the "good" spams that they filter and forward to me are actually spams. This equals about 3 - 5 spams per day that get through. I dutifully send them back to the SSH guys but they continue to squirm through the cracks. I have discussed this with several people on the SSH staff, including the owner, and am confident that they are trying to fix this problem. However, I believe I spend more time reporting the spam emails to SSH than I might if I just cancelled the service and relied on Qurb, which I have installed on my PC, to filter and delete them.

by Matt Smith,   October 14, 2005 9:42 AM  

I know you've talked before about PageRank and how Gadgetopia rises to the top pretty fast, but this was the first time I had seen it happen (and yes, I was checking). Within three days of this post, you are the third result for spamstopshere and the other two are their sites. Pretty impressive!

by jd,   October 17, 2005 11:05 AM  

The term/acronym/command "SSH" in networking stands for SecureSHell. Its TCP/IP port is 22. It is in common parlance. SecureSHell pre-dates SpamStopsHere.

As a "security" industry product, it is unlikely the "SpamStopsHere" manual/people suggested referring to them as "SSH"; and if so, SHame Is on Them. If it is the Gadgetopia page author's idea, no shame.

In any case please consider rewriting this review without using the pre-existing term "SSH"; at least for the sake of credibility.

e.g: ".. locking down my SMTP servers to accept only connections from SSH addresses .. "

( I guess contracting it to "SpaStoHer" doesn't help.)

by Deane,   October 17, 2005 11:59 AM  

The term/acronym/command “SSH” in networking stands for SecureSHell.

Yes, I knew this. It was a calculated risk.

I can't think of a better way to abbreviate it.

by dj,   October 17, 2005 3:37 PM  

something like SSHere ?

by Deane,   October 17, 2005 4:18 PM  

something like SSHere ?

Done.

by Matt Smith,   October 20, 2005 9:35 PM  

Swag disclosure

by Mark,   October 27, 2005 2:49 PM  

SpamStopsHere has an FAQ article that should address any problems if accuracy is less than 98%.

I remember the first time a reseller of ours referred to our service as SSH. It took me awhile to figure out what he was talking about. We definitely didn't start this use of the term and we hope that it doesn't catch on.

Add Comment

Want to advertise on this site? Contact FM.
Laser Toner Cartridges UK laser toner, toner cartridges, hp toner, lexmark toner, samsung toner, canon, toner, epson toner, oki toner, kyocera toner, xerox toner, remanufactured toner, compatible toner
Direct TV Deals Free 4 room direct tv deals. no equipment to buy. free fast professional direct tv installation. this is the best direct tv deal available anywhere.
SEO Article Learn from the experts with our SEO article.
rope light Shopping with birddog distributing, inc., gives you access to the lowest prices, the best customer service and the quickest delivery times possible.
Laptop AC Adapter We offer genuine factory direct replacement AC adapters.
Direct TV Best satellite TV deals.
Direct TV Deals Direct TV programming deals are varied and include packages containing from 50 channels up to over 250 channels.
8mm film to DVD Retain family memories with the only frame by frame digital restoration service in the United States for your 8mm film to DVD today
Rubber Stamp Shop for custom self-inking stamps, hand stamps, address stamps, label stamps, check endorsement stamps, check deposit stamps, date stamps, pre inks, pocket stamps, ink and much more!