Technical Details 
Email, demystified.

SpamStopsHere uses a virus filter option, three spam filters, three optional policy filters, and additional levels of filtering to accurately and completely filter all types of spam. These levels are briefly described in this section and in more detail on our Spam Filter Details page.

Antivirus Filtering

SpamStopsHere uses the top rated antivirus engine for its platform, which scans e-mail for known viruses for Windows, Macintosh, and UNIX/Linux operating systems as well as using state-of-the-art heuristics to identify brand new threats with accurate results.

Spam Filters

The "URL/Phone # Filter" is the heart of our service. It is a database of all the "Click me" links (URLs) and "Call me" phone numbers found in recent spam messages. It is updated every few minutes and receives thousand of additions per day.

The "Phrase Filter" is a database of distinctive phrases (typically entire sentences) used in recent spam. For example, while our service won't ever block an email that references "Viagra" numerous times, the Phrase filter will block e.g. "Cheapest Viagra on the Net". These phrases are carefully hand-selected by our staff to ensure that they would never occur in a legitimate e-mail.

The "Pattern Matching Filter" is a small set of heuristic filters to catch HTML tricks and other techniques used by spammers to attempt to defeat the above two content filters (E.g. a URL with an IP address encoded in hex characters). We only employ rules which we are very confident will not block legitimate e-mails.

As shown in the following table, these first three levels of filtering catch nearly all the spam blocked by our service. They are so unlikely to block a legitimate email (less than 1 in 100,000), that we recommend against reviewing the e-mail identified by these filters.

• URL/Phone Filter - 93%
• Phrase Filter - 5.5%
• Pattern Matching Filter - 0.9%

Policy Filters

The "Additional Filtering" is an additional small set of rules that each customer can enable/disable according to their preferences. The rules are organized into "Recommended", "Optional" and "Aggressive" categories. For new customers, only the Recommended filters are enabled by default. The Optional category includes blocking all emails that are in Chinese, Korean, Russian or other character sets. These filters will match a message regardless of whether it is spam, however these enforce policies against things such as blank e-mail messages which are difficult to filter for content, since they contain no content.

The "Country" and "Real-Time" IP lists are databases maintained by third parties of the IP addresses of e-mail servers that are in other countries or are on a reputation blacklist. We recommend the use of these to tag a message as suspicious, but not to block e-mail. These typically identify less than %0.01 of incoming e-mail and many would be false positives if they were used to block e-mail.

The "Domain Whitelist" and "Domain Blacklists" are used for you to whitelist senders that may need to send you spam or e-mail that violates your policy filters, or for you to blacklist senders that are sending you unwanted e-mail that isn't bulk unsolicited e-mail, such as e-mail from your competitors trying to recruit your employees. More complex filters can be written with the "Custom Content Filter Rules".

As an additional filtering level, SpamStopsHere maintains a modest-sized "Spammer IP Blacklist" of mailservers that are known to send spam, that are outside of the US and Canada, and which are probably owned by spammers. This is similar to the above IP lists, but the IP addresses are carefully researched by our staff.

Most Corporate customers find SpamStopsHere so accurate that they don't review anything blocked by our service. However, for each level of filtering you can take advantage of the Quarantine feature in our Enterprise Edition to have us hold e-mail on our network, that was identified by a filter, where you can easily review it.

If you choose to review spam, it is generally only necessary to review those blocked by more aggressive policy filters.

Once new customers are familiar with our service and verify its accuracy, most prefer not to review any spam. However, the Quarantine feature is still useful for you to quickly rule out the antispam service as the culprit for any suspected missing e-mail by using the Quarantine features advanced search functions.

A message found in the web based e-mail like interface to the quarantine can be easily released to the recipient's inbox and can quickly be reported as a false positive if it was blocked by a spam filter.

After filtering, we deliver only the good e-mail to your e-mail server. Since the e-mail for most organizations is over 85% spam, this substantially lessens the load on your e-mail server, saving you bandwidth, hardware, and maintenance costs.

If your e-mail server is unvavailable we can deliver your e-mail to a backup automatically using the multiple Customer Mailserver feature available in our Enterprise Edition, which supports round-robin as well as preferencial failover.

If your e-mail server(s) is unavailable, we will queue your e-mail until you're ready to accept it again. Additionally, using our Spool & Suspend feature you can have us hold your e-mail until you're ready to accept it and even read the e-mail messages that are being held, ensuring the continuity of your business communications.