SpamStopsHere has optional "Additional Filters" that can be individually enabled and disabled. These include foreign language and country, sexually explicit language, SPF checking, same-domain checking, URL shorteners, and more. For convenience, we break these up into three groups: Recommended, Optional and Aggressive.

You can also configure what to do with messages that match enabled filters (e.g., delete, forward, modify the subject line, etc.)

To view these additional filters available for your domain:

  1. Login to the control panel
  2. On left navigation bar under Hosted Services, click SpamStopsHere .
  3. Click Configurations Options for the domain you wish to view, then Additional Filtering.
Order and/or location of additional filters within the list may differ from what is shown.

Recommended Filters

SPF failure for your own domain
Spammers often spoof the recipient's domain in an attempt to circumvent antispam services. If you have a SPF record for your domain and a spammer spoofs your users, this filter will block them.
For this filter to work a SPF record must be configured correctly in your DNS zone.
DMARC failure for your own domain
Spammers often spoof the recipient's domain in an attempt to circumvent antispam services. If you have a DMARC record for your domain and a spammer spoofs your users, this filter will block them.
For this filter to work a DMARC record in your DNS zone and the domain or subdomain policy must be set to reject or quarantine.
Likely Image Spam
Block Likely image (penny stock) spam.
Free Image Hosting
Block likely spam with an image from a free image hosting service
ADV: Prefix in Subject
Block email messages where subject starts with "ADV:" as mentioned in IETF working paper. Likely to be included in CAN-SPAM legislation.
SEXUALLY-EXPLICIT: in Subject
This is required by the CAN-SPAM law for sexually explicit email.
Blank E-mails
Filter blank emails (body is empty or only contains new lines) without any attachments unless one of the following words appears in the subject line: "Remove", "Unsubscribe" or "Test". Blank emails are usually test/dud spam or virus emails
Sender unmasking
If the display name of the sender (using the from header) matches the name of a user in your account and the email address does not, remove the name portion and show the email address instead. When the message contains a reply-to header, the reply-to email address is used instead of the original from header email address. Note: this changes the from header and does NOT take the specified filter action.
Block impersonated emails

Block messages when the display name of the sender (using the from header) matches the name of a user in your account and the email address does not, and either: SPF fails, the sending domain is very similar to yours, the domain is very young, or it's from a free email host (e.g. gmail). You must enable filter Sender unmasking for this to function.

Optional Filters

Porn trigger words
Blocks likely short porn emails based on weighted trigger words.
SPF failure for your own domain - From Header
Similar to the "SPF failure for your own domain" filter, except this filter performs the SPF verification against the address in the "From" header of the message instead of the SMTP "MAIL FROM" address.
SPF failure for your own domain - Header from IRL/Friendly name
Similar to the "SPF failure for your own domain" filter, except this filter performs the SPF verification against an email address in the "In Real Life Name/Friendly name" section of the From header of the message instead of the SMTP "MAIL FROM" address. (ie: From: "JohnSmith@example.com" <JohnSmith@<free host, such as gmail or yahoo>). Normally you would see: (From: "John Doe" <JohnSmith@<free host, such as gmail or yahoo> )
Block extremely spammy (unknown) domains
Blocks a wide variety of newly created, highly suspicious domains, especially targeting domains registered under newer Top-Level Domains (TLDs).
Common Bulk Mailers
Block email from well known bulk mailers. Not necessarily spam, but some customers don't want them.
Russian/Cyrillic Character Sets
Identifies emails using a Russian/Cyrillic character set and at least 10 8-bit chars.
Russian/Cyrillic Characters
Identifies emails containing Russian/Cyrillic characters, regardless of the character set(s) that are used.
Russian Senders
Not to be confused with the character set filter, this looks at the sender email address and hostname of the connecting mail server for the .ru country code.
Chinese Character Sets
Identifies emails using a Chinese character set and at least 10 8-bit chars or 10 escapes
Chinese Sender
Not to be confused with the character set filter, this looks at the sender email address and hostname of the connecting mail server for the .cn country code.
CJK Characters
Identifies emails containing Chinese, Japanese, and Korean characters, regardless of the character set(s) that are used.
Korean Character Sets
Identifies emails using a Korean character set and with at least 10 8-bit chars or 10 escapes
Korean Sender
Not to be confused with the character set filter, this looks at the sender email address and hostname of the connecting mail server for the .kr country code.
Hebrew Character Sets
Identifies emails using a Hebrew character set and at least 10 8-bit chars
Hebrew (Israel) Sender
Not to be confused with the character set filter, this looks at the sender email address and hostname of the connecting mail server for the .il country code.
Japanese Character Sets
Identifies emails using a Japanese character set and at least 10 8-bit chars or 10 escapes
Arabic Character Sets
Looks for the windows-1256 character set in the headers (from, to, etc) and subject.
Japanese Sender
Not to be confused with the character set filter, this looks at the sender email address and hostname of the connecting mail server for the .jp country code.
Chilean Sender
This filter looks at the sender email address and hostname of the connecting mail server for the .cl country code.
Argentinian Sender
This filter looks at the sender email address and hostname of the connecting mail server for the .ar country code.
Turkish Sender
This filter looks at the sender email address and hostname of the connecting mail server for the .tr country code.
Brazilian Senders
Not to be confused with the Country filter, this looks at the sender email address and hostname of the connecting mail server for the .br country code.
Philippine senders
Not to be confused with a character set filter, this looks at the sender email address and hostname of the connecting mail server for the .ph country code.
Indian Sender
This filter looks at the sender email address and hostname of the connecting mail server for the .in country code.
French Sender
This filter looks at the sender email address and hostname of the connecting mail server for the .fr country code.
Vietnamese Sender
This filter looks at the sender email address and hostname of the connecting mail server for the .vn country code.
Extended ASCII in Subject
i.e. "íÏÓË×Á áÎÇÌÉÊÓËÉÊ ÒÁÚÇÏ×ÏÒÎÙÊ", checks if the subject is mostly extended ASCII characters.
Block Delivery Status Notifications
If you're being flooded with Delivery Status Notifications, you can temporarily use this filter that will block them. We recommend disabling after a few days so that you can get DSNs again.
Profanity
This filter blocks email with a percentage of profanity in the body.
Emails with future dates
This optional filter blocks messages with the header date over three days in the future. May block incorrectly configured mail servers or mailers.
Mexican Sender
Not to be confused with the character set filter, this looks at the sender email address and hostname of the connecting mail server for the .mx country code.
Block all messages with a .ru domain
Blocks messages that contain a .ru sender or links to .ru TLD domains.
Block all messages with a .me domain
Blocks messages that contain a .me sender or links to .me TLD domains.
Block all messages with a .co TLD
Blocks all messages coming from .co domains or contain .co URLs.
Block all messages with a .cn domain
Blocks all messages coming from .cn domains or contain .cn URLs.
Block all messages with a .co sending domain
Blocks all .co TLD from sending to your domain.
Block all messages with a .pw domain
Blocks messages that contain a .pw sender or links to .pw TLD domains.
Block all messages with a .it sending domain
Blocks the .it TLD sending to your domain.
Block all messages with a .us sending domain
Blocks messages that contain a ".us" sender.
Block all messages with a .asia domain
Blocks messages that contain a .asia sender or links to .asia TLD domains.
Block all messages with a .name domain
Blocks messages that contain a .name sender or links to .name TLD domains.
Block all messages with a .eu domain
Blocks messages that contain a .eu sender or links to .eu TLD domains.
Block all messages with a .es domain
Blocks messages that contain a .es sender, or link to a .es TLD domain
Block all messages with a .li sending domain
Blocks messages that contain a .li sender or links to .li TLD domains..
Block all images greater than 100 KB
This filter will reject any message containing an image larger than 100 kilobytes in size.
Exe link filter
Block emails that contain a link to a ".exe" file. These files can be potentially dangerous. Note, this may block links to some legitimate website scripts.
Zip archive link filter
Block emails that contain a link to a ".zip" file. These are primarily used for phishing or sending viruses.
Compressed Archive Filter
Block any message containing an attachment of the following types: zip, rar, ace, gz, tgz, tbz, bz, 7z, 7zip, cab, xz, lzma
Block Encrypted Archives
This filter will block any encrypted (passworded) archives (zips, rars, etc).
Peru Senders
This looks at the sender email address and hostname of the connecting mail server for the .pe country code.
Singapore senders
This looks at the sender email address and hostname of the connecting mail server for the .sg country code.
Poland Sender
This looks at the sender email address and hostname of the connecting mail server for the .pl country code.
VBA Macro Filter
Blocks messages with attached MS Office files containing VBA macros.
Attachment URL Shortener
This filter blocks messages with attachments that contain a known URL shortener (e.g. http://goo.gl, http://bit.ly, etc). Please note that due to the wide variety, complexity, and encodings of different file formats, some URLs may not be detected.
Refilter (Delay) Office files with VBA Macros
Rather than outright blocking Office files with VBA Macros, briefly postpone delivery so our analysts can review and determine whether to block matching macros.
Refilter (Extended Delay) Office files with VBA Macros
Postpones delivery for slightly longer than the previous filter.
Refilter Archive (Delay)
Rather than outright blocking messages containing archives, briefly postpone delivery so our analysts can review and determine whether to block matching archives.
Refilter messages with URL shorteners
Briefly postpone delivery of messages with URL shortener links, giving our threat analysts time to determine if the URLs should be blocked.

Aggressive Filters

We generally do not recommend enabling these aggressive filters, as they will block more legitimate email. However, some or all of them might be suitable for small or family domains that want to block porn from minors, and should be reviewed.

Aggressive Bulk Mailer
Block messages that represent bulk mail and subscribed lists. Not necessarily spam however some organizations want to restrict this type of email from being delivered. This filter will block known bulk mailers that you may want.
Block all messages with .co.uk sending domain
Blocks all messages coming from .co.uk, very aggressive
Image source is an IP Address
Filter emails where the link to an image is an IP address (instead of a domain). These are usually porn.
IP Address Link
A link in the email points to an IP address (instead of the more typical domain name). Likely spam/porn, but occasionally used in a legit newsletter.
MIME encoded Subject
Blocks messages that include MIME encoded text in the subject, e.g. "=?iso-8859-1?Q?Adi=F3s?=" or "=?iso-8859-1?B?QWRp83M=?=", each of which translates to "Adiós". This filter will block many legitimate emails that are not written in English.
Extended ASCII in Body
i.e. "íÏÓË×Á áÎÇÌÉÊÓËÉÊ ÒÁÚÇÏ×ÏÒÎÙÊ", checks if a sample of the body is mostly extended ASCII characters.
English language countries only
A majority of our clients are located in the USA, Canada or the United Kingdom, so we have created this filter to look at the country code of the sender IP address. This filter will match messages that do not have a country code pertaining to those countries.
"From" header is in your domain
Block e-mail where the From header claims to be in your domain, but the Envelope-Sender is an outside organization.
Fax senders
This filter will look for apparent fax messages. ONLY enable this filter if your organization does not use an electronic faxing service!
User ID of the recipient's address appears in the subject
For example, Subject: "hello <userID>" matches <userID>@example.com.
SPF Softfail
Blocks messages if the SPF result for the envelope sender is "fail" or "softfail".
Block all messages where the Reply-To domain is not the sending domain
This optional aggressive filter blocks any message which has a Reply-To address from a different domain than the sending domain. Example: Mail From: <Example@example.com> Reply-To: <spammer@<free host>.com> This filter _will_ cause false positives for mailing lists and re-mailers.


Other Resources