Last week, I posted about installing SpamAssassin for Exchange. It was a simple install, and it worked pretty well. I was getting a 50% filter rate right out of the box, and I was confident I could get it up to 70% or so by cranking down the threshold.
In a comment to that post, Matt Smith turned me on to SpamStopsHere, which is a filtering service. I’m currently in the middle of a 30-day trial, but there’s no going back: they have essentially turned off the spam faucet — completely.
SpamStopsHere (SSHere) is the “nuclear option” for spam filtering. You actually change all your MX records in DNS to send all inbound email to them first. They filter it on their servers and only forward what’s left over. (I shudder to think what kind of big iron they have running over there to process all that mail…)
SSHere gives you the five or six IP addresses from which they will connect to your server so you can lock it down to only accept email from those addresses.
(This is necessary because when some crafty spammers query DNS for your domain and find nothing but SSHere domain names, they try to get around it by just blindly sending the email to “mail.yourdomain.com” (Cowards! Face the filters like men!). Several hundred spams a day were getting around the system by doing this. But by locking down my SMTP servers to accept only connections from SSHere addresses, there’s effectively no way to get email into my network that hasn’t been filtered.)
What this all means is that you never even see the spam — your server only fields messages that have gotten through the SSHere filters. And that ain’t much, believe me.
They have six levels of filtering. The first three catch the really easy stuff — I just toss anything that pops on one of these filters. I don’t even send an NDR — the email just disappears into the ether.
The second three filters are more fine-tuned. For example, one of them simply filters out email from the 11 countries from which 90% of spam originates (China, Nigeria, etc. — though you can allow certain countries to pass, if you have people there that send you legitimate email; or you could just whitelist one or two people). For these three filters, I have the email forwarded to a special mailbox on my network, just in case there’s a false positive (there hasn’t been so far).
They have whitelists, blacklists, and custom filters. Plus, you can filter out email with selected attachment extensions (.vbs, .exe, .scr, .bat, etc.). On top of all that, you can pay extra and get anti-virus screening on all the email that passes through the system.
The result? A 99% filter rate, and not one complaint about a false positive. (I count as “filtered” email that pops on the second group of filters and gets forwarded to my sandboxed email address.)
(Yes, 99% — we get spammed like crazy over here. I have three brokers who have had the same email addresses for eight years now — and at least five of those years had the addresses in unencoded “mailto” links on a well-spidered Web site.)
What’s great about having this done off-site is that my email server has hardly anything to do now. It’s fielding 1/20th of the email it was before (why not 1/100th? Because it still receives emails flagged and sent to the sandboxed account.), and it doesn’t even have to run them through SpamAssassin anymore. It’s almost idle. Additionally, spam is a Bad Thing. And anything that keeps Bad Things off my network is, by definition, a Good Thing.
Pricing is good: I’m paying $26 a month for one domain and 15 email addresses. Worth every penny.
Another thing I appreciate: SSHere’s Web site is full of great technical and support information. This solution isn’t for the faint of heart or people with a single email address, so they assume you know something about email when you come to check them out. They discuss all the gory details of the DNS-based solution, and explain all their filters in graphic detail so you have complete confidence in what they’re proposing before you pull the trigger.
Ironically, this whole situation has made me a little…sad, really. I’m obviously happy with the service, and I’ll keep using it, but there’s no gee-whiz factor to it. I mean, there’s no sense of accomplishment like when you set up your own spam filter and thwart the bad guys single-handedly. I just changed a few DNS records, locked down an SMTP server, and that was it — spam go bye bye. Where’s the sport? The challenge? The thrill of victory?
But [sigh], that’s another post entirely…
(Note: SSHere has a referral program. But if you decide to use them, give them Matt’s name, not mine. He’s responsible for bringing them to my attention, and I don’t want anyone to think I’m shilling for something just to get free stuff.)