SpamStopsHere

By Deane Barker on October 11, 2005

Last week, I posted about installing SpamAssassin for Exchange. It was a simple install, and it worked pretty well. I was getting a 50% filter rate right out of the box, and I was confident I could get it up to 70% or so by cranking down the threshold.

In a comment to that post, Matt Smith turned me on to SpamStopsHere, which is a filtering service. I’m currently in the middle of a 30-day trial, but there’s no going back: they have essentially turned off the spam faucet — completely.

SpamStopsHere (SSHere) is the “nuclear option” for spam filtering. You actually change all your MX records in DNS to send all inbound email to them first. They filter it on their servers and only forward what’s left over. (I shudder to think what kind of big iron they have running over there to process all that mail…)

SSHere gives you the five or six IP addresses from which they will connect to your server so you can lock it down to only accept email from those addresses.

(This is necessary because when some crafty spammers query DNS for your domain and find nothing but SSHere domain names, they try to get around it by just blindly sending the email to “mail.yourdomain.com” (Cowards! Face the filters like men!). Several hundred spams a day were getting around the system by doing this. But by locking down my SMTP servers to accept only connections from SSHere addresses, there’s effectively no way to get email into my network that hasn’t been filtered.)

What this all means is that you never even see the spam — your server only fields messages that have gotten through the SSHere filters. And that ain’t much, believe me.

They have six levels of filtering. The first three catch the really easy stuff — I just toss anything that pops on one of these filters. I don’t even send an NDR — the email just disappears into the ether.

The second three filters are more fine-tuned. For example, one of them simply filters out email from the 11 countries from which 90% of spam originates (China, Nigeria, etc. — though you can allow certain countries to pass, if you have people there that send you legitimate email; or you could just whitelist one or two people). For these three filters, I have the email forwarded to a special mailbox on my network, just in case there’s a false positive (there hasn’t been so far).

They have whitelists, blacklists, and custom filters. Plus, you can filter out email with selected attachment extensions (.vbs, .exe, .scr, .bat, etc.). On top of all that, you can pay extra and get anti-virus screening on all the email that passes through the system.

The result? A 99% filter rate, and not one complaint about a false positive. (I count as “filtered” email that pops on the second group of filters and gets forwarded to my sandboxed email address.)

(Yes, 99% — we get spammed like crazy over here. I have three brokers who have had the same email addresses for eight years now — and at least five of those years had the addresses in unencoded “mailto” links on a well-spidered Web site.)

What’s great about having this done off-site is that my email server has hardly anything to do now. It’s fielding 1/20th of the email it was before (why not 1/100th? Because it still receives emails flagged and sent to the sandboxed account.), and it doesn’t even have to run them through SpamAssassin anymore. It’s almost idle. Additionally, spam is a Bad Thing. And anything that keeps Bad Things off my network is, by definition, a Good Thing.

Pricing is good: I’m paying $26 a month for one domain and 15 email addresses. Worth every penny.

Another thing I appreciate: SSHere’s Web site is full of great technical and support information. This solution isn’t for the faint of heart or people with a single email address, so they assume you know something about email when you come to check them out. They discuss all the gory details of the DNS-based solution, and explain all their filters in graphic detail so you have complete confidence in what they’re proposing before you pull the trigger.

Ironically, this whole situation has made me a little…sad, really. I’m obviously happy with the service, and I’ll keep using it, but there’s no gee-whiz factor to it. I mean, there’s no sense of accomplishment like when you set up your own spam filter and thwart the bad guys single-handedly. I just changed a few DNS records, locked down an SMTP server, and that was it — spam go bye bye. Where’s the sport? The challenge? The thrill of victory?

But [sigh], that’s another post entirely…

(Note: SSHere has a referral program. But if you decide to use them, give them Matt’s name, not mine. He’s responsible for bringing them to my attention, and I don’t want anyone to think I’m shilling for something just to get free stuff.)

Gadgetopia
What This Links To
What Links Here

Comments

  1. I was pretty sure it wouldn’t take you the full 30 days to report back on your findings. Glad to see that you are having such positive results with their service.

    I quickly put up a new post on my site just to make it look like I hadn’t totally abandoned it. Hope my DSL upload pipe can handle the traffic now that I’ve been Gadgetopied!

    Keep up the interesting posts!

  2. I have been an SpamStopsHere client for about a year. I agree that SSH has dramatically cut the amount of spam I receive. However, they do not block everything. Based on comparing my own statistics with theirs, on a monthly basis, approximately 15 – 25% of the “good” spams that they filter and forward to me are actually spams. This equals about 3 – 5 spams per day that get through. I dutifully send them back to the SSH guys but they continue to squirm through the cracks. I have discussed this with several people on the SSH staff, including the owner, and am confident that they are trying to fix this problem. However, I believe I spend more time reporting the spam emails to SSH than I might if I just cancelled the service and relied on Qurb, which I have installed on my PC, to filter and delete them.

  3. I know you’ve talked before about PageRank and how Gadgetopia rises to the top pretty fast, but this was the first time I had seen it happen (and yes, I was checking). Within three days of this post, you are the third result for spamstopshere and the other two are their sites. Pretty impressive!

  4. The term/acronym/command “SSH” in networking stands for SecureSHell. Its TCP/IP port is 22. It is in common parlance. SecureSHell pre-dates SpamStopsHere.

    As a “security” industry product, it is unlikely the “SpamStopsHere” manual/people suggested referring to them as “SSH”; and if so, SHame Is on Them. If it is the Gadgetopia page author’s idea, no shame.

    In any case please consider rewriting this review without using the pre-existing term “SSH”; at least for the sake of credibility.

    e.g: “.. locking down my SMTP servers to accept only connections from SSH addresses .. “

    ( I guess contracting it to “SpaStoHer” doesn’t help.)

  5. The term/acronym/command “SSH” in networking stands for SecureSHell.

    Yes, I knew this. It was a calculated risk.

    I can’t think of a better way to abbreviate it.

  6. SpamStopsHere has an FAQ article that should address any problems if accuracy is less than 98%.

    I remember the first time a reseller of ours referred to our service as SSH. It took me awhile to figure out what he was talking about. We definitely didn’t start this use of the term and we hope that it doesn’t catch on.

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.