You might continue to see unwanted email after you begin using SpamStopsHere, especially during the first day or so as your MX record changes propagate throughout the Internet. To help optimize your configuration, this page explains how to prevent unwanted email from getting through or bypassing our spam filters.
Don't hesitate to contact us. As a customer, you can call, chat or email us anytime. We're here 24/7/365 to help you eliminate your spam problems.
If you're familiar with "MX records", "A records" and "Time to Live", you can probably skip to the next section.
Your DNS Mail Exchanger (MX) records tell sending servers where to deliver mail for users in your domain. It's like a street address for a family's snail mail. If you don't use a hosted spam filter, your MX records probably specify the address of your mail server or service.
You can specify multiple MX records, each pointing to a different server in case one is down. Each record must include a priority; with lower numbers meaning higher priority. Simple Mail Transfer Protocol (SMTP) clients are supposed to look up your MX records and try to deliver to the highest priority server (lowest number) first. Only if that fails should they try the next priority server in the list.
The syntax for each record is:
<your domain> MX <priority> <your inbound mail server's domain>
Example (two MX records for one domain):
example.com MX 10 relay1.example.com example.com MX 20 relay2.example.com
For us to filter your incoming mail, our server clusters become your "address". That's how hosted antispam services work. You simply modify your MX records so they point to us. It's like doing a change of address. SpamStopsHere then receives your incoming mail, filters it and delivers it to you. The entire process only takes a few seconds, so you're unlikely to notice any delay.
When you first signed up for SpamStopsHere, you received an email with instructions on how to change your records in order to activate our service. Generally, you change your MX records in the control panel for your mail hosting service. It's the one step we cannot do for you, but it's usually easy. Our support team might even be able to help walk you through it.
Your "A" record resolves your mail domain (e.g., mail.example.com) to an IP address. Do not change your "A" record for SpamStopsHere if you are using your mail domain to connect to your email server to send or receive mail, or if you have us sending your email there. Leave it as is.
After changing your MX records, there is a time period during which email may be sent either to your old records or through our service, as the change propagates through the Internet. This is caused by the Time To Live (TTL) of your MX records, once the TTL expires all mail should go through our service. This usually takes 24-72 hours after switching your MX records.
Although SpamStopsHere is very easy to set up, sometimes you'll need to take a few extra steps to make sure incoming email does not continue to bypass our servers after the TTL expires. Some domains get more bypasses than others, as everyone's spam problem is a little different. You can determine if an email message bypassed our service by reviewing the full email headers. If you still see a lot of spam bypassing our service, you can take a few additional steps, like optimizing your MX records, implementing a firewall and minimizing whitelisting (always a good idea).
If your MX records are not changed correctly, some or all of your email could bypass our spam filtering or not get to you at all. Here's an example:
Not Correct (the customer left their server in the list)
example.com MX 10 example-com.relay1a.spamh.com example.com MX 20 example-com.relay1b.spamh.com example.com MX 25 mail.example.com example.com MX 30 example-com.relay1c.spamh.com
Correct (customer's server is not in the list)
example.com MX 10 example-com.relay1a.spamh.com. example.com MX 20 example-com.relay1b.spamh.com. example.com MX 30 example-com.relay1c.spamh.com.
In the example above, the presence of the customer's server in the list might cause spam to bypass our filters. Professional spammers look up all of the MX records for your domain, and instead of starting with the highest priority one, they'll either select one at random, or select one that isn't a known anti-spam service. This can result in spam being sent directly to your email server instead of through us. Some spammers target the lowest priority MX record because these are often just "store and forward" email servers that queue email for the primary mail server and normally don't have any anti-spam system in place.
To be safe, we recommend that you completely remove your email server or service from your DNS MX records.
Also note that we do not look at your DNS MX records to determine where to deliver your email. We use the Customer Mail Servers setting in the SpamStopsHere Control Panel for your domain name to determine the mail server that handles your email.
When using SpamStopsHere, our redundant mail exchangers act as your backups, so you should remove any backup mail exchangers from your MX records. This step is very important and is mentioned in the Domain Activation email that you receive when you first sign up. We recommend that you do this a few days after making the first DNS MX record changes.
Whitelisting is how you tell an antispam service to let email from specific addresses, servers or entire domains bypass spam filtering and go directly to the recipients' inboxes. SpamStopsHere has a very low false positive rate, so whitelisting is generally not needed as a preventative measure. Nonetheless, we make whitelisting available and recommend using it only for specific needs
For example, some customers who use optional or custom filters to enforce policies need to identify specific senders whose email needs to be delivered even if they send what would otherwise be considered spam. They can identify such senders in their whitelist.
If you need to add whitelist entries, we recommend that you define each one as narrowly as possible. These guidelines can help you do that:
Using a firewall forces all senders to honor your MX records. Otherwise, spammers can get around them and send you dangerous email. Here are some examples:
To avoid that, configure a firewall so your email server accept connections only from our servers. Emails that don't honor your MX records (if they point only to our servers) will almost never be able to bypass our service. It will prevent anyone other than us from connecting directly to your mail server, so all mail coming to your server or service will be relayed from us.
SpamStopsHere is designed to stop virtually all spam, viruses, trojan horses and other malware without much user interaction, especially after optimizing your setup. Sometimes, users still see a small amount of what they consider to be spam. Here are some of the most likely reasons and what you can do.
Unwanted email could actually be a virus problem, not a spam problem. All editions of SpamStopsHere include our proprietary zero-hour protection against email-based viruses, trojans, and other malware (like Cryptolocker and Locky). We identify and block such threats by examining the entire delivery system. As a hosted service, we also have a global view of email traffic, which helps us detect spammy patterns.
In addition to our zero-hour protection, the Business, Professional and Enterprise editions also include a more traditional third-party virus scanner. If you're using the Standard edition and you continue to see some viruses getting through, you might consider upgrading.
If an email you send can't be delivered, a non-delivery report is mailed ("bounced back") to your inbox with information about the failed attempt. You might find yourself receiving these bouncebacks for email that you never sent. That's because spammers can forge ("spoof") the address of the sender, adding legitimacy to the email. For every such message that can't be delivered, the bounceback might be sent to the spoofed address.
If you're getting these, it probably means someone is sending spam with your addressed forged. It doesn't necessarily mean the spammer hacked into your account or email server, but they at least know your email address.
This is often just an annoyance, but we can't block all bounce messages to an address because we can't determine which ones are in reply to emails you actually sent. It's usually not a good idea to block these important diagnostic messages anyway. However, you can create your own content filters to block the spammy ones. Contact us anytime if you need help doing so.
An important (but not the only) weapon in our arsenal are spam traps, also know as "honeypots". These are very old email addresses that, because of their age and other factors, receive a lot of spam. This helps us accurately profile many campaigns so we can block them going to any of our customers.
Recently, we've seen a rise in more targeted campaigns like ["CEO spam" like money-transfer requests] that are sent to a few specific people, like employees in various businesses with access to corporate funds. Such addresses are not in our spam traps, so we can't block the campaign until we see it, which can be delayed a little if the recipients are not reporting to our Threat Analysis.
If you can, please report such spam immediately to firstname.lastname@example.org We can investigate and take proactive measures to make sure that you no longer receive spam from these spammers.
You may be getting multiple copies of the same spam that is not yet in our database. That usually occurs when a customer has a "catch all" email alias that forwards email sent to multiple addresses to one inbox. Disabling your catchall email alias can help eliminate it.
Users sometimes get email they don't want (like a newsletter) from companies known to have good subscription policies or otherwise known to be legitimate. This can happen when a user has forgotten they subscribed, think it's unsafe to unsubscribe, or was subscribed maliciously. The easiest way to get rid of such mail may simply be to unsubscribe. Contact us if you feel uncomfortable doing so.
You may be receiving spam that SpamStopsHere correctly identified as such if you've set the filter catching it to FORWARD or MODIFY SUBJECT. If you don't want to see such spam anymore, change the filter setting to REJECT or DELETE. If available, you can send it to your quarantine.