March 9, 2007
1, 2, 3, 4 I declare a Spam War!
I get 125+ spam messages a/day. Most of them get filtered by SpamSieve on the client side.
In theory, my hosting provider uses Spam Assassin, but dialed down so high its been mostly pointless.
Meanwhile at work, we had no spam filtering at all, other then this TDMA challenge response system that I immediately disabled.
So when I looked into spam solutions for work I was intrigued by spamstopshere for my own use. It has the reputation for being the most accurate, and additionally, you can actually tell how much it will cost you by browsing their website, something that isn’t true for BrightMail or Postini.
Server-side spam filtering is far superior to the client-side spam filtering I was using previously, SpamSieve. The server do a lot of things to make sure that its really talking to a real mail server and not a spam blaster. That can help you filter out 75-80% of the spam immediately, with _zero false positives. Additionally, with client-side filtering when you have spam that are really obviously spam you still have to review them. With so much volume, you eventually stop bothering, which means any false positive is a bigger deal. If the server can dump all the obvious crap up front, then you only have to review 1-2 “possibles”/day, which I can easily deal with. 125/day was too much though, so I wouldn’t do it and soon I would have 2000 spam messages to review. I’d try to review them, but I’d get frustrated and give up…
Note that I don’t really consider Spam Assassin “server-side” filtering, because it filters the Spam AFTER the mail server has accepted the spam, which means its missing the filtering you can get practically for free.
So a spam filtering service was the way to go. And SpamStopsHere looked the the best of them.
The road wasn’t perfectly smooth however.
So my first problem was that my hosting provider only allows one MX record per domain because they use the CPanel hosting interface.
Ok I thought, I’ll just change it to point at spamstopshere.
Oops, the hosting provider stopped accepting email for twinforces.com period when I did that.
So my email was broken for a bit. Spamstopshere filtered the spam (Good!), but legitimate emails would get rejected by the hosting provider (Bad!).
Contacting their support did no good. They were willing to install the long form MX records SpamStopsHere suggests, but that still led to bounces.
Hunt for a better hosting provider
7 years ago when I started using Nettigritty after a friend of mine sold his ISP business they were a good deal because they only wanted like $20/year for hosting. Not a lot of bandwidth, but enough for my blog. The catch is that they’re in India, I had to pay in Rupees. (I’m not kidding.)
7 years later cheap linux hosting is abundant, and along the way I’d had to upgrade my hosting with them anyways because I was using too much bandwidth after releasing a software program for the Mac that does GTD, Frictionless. So I was now paying $120/year anyways.
So my requirements for a hosting provider were:
$10/month for lots of space/bandwidth/domains. Supports SpamStopsHere
The first one was easy. Cheap linux hosting is all the rage now.
The second was harder, because most of the cheap guys use CPanel or its equivalent.
Two alternatives
I won’t bore you with the details, but they boiled down to two choices:
1. Network Solutions
They have a terrible reputation, but their hosting account included BrightMail!
2. [DreamHost](http://www.dreamhost.com/r.cgi?287103)
They have their own control panel that's much better then anything else I've seen, and they supported shell accounts!
The clincher was that I found a $97-off promo code for dreamhost (SPAM97) that let me have 1 year of hosting with no setup fee for $22.41.
I tried them and found to my joy that DreamHost explicitly supports spam filtering services in their configuration!
Spam filtering results
DreamHost lets you edit your MX records directly. So I did that and installed the recommended set of MX records SpamStopsHere suggested.
Did my spam drop down by 99.5% as SSH claims?
Nope. 90% of it went away, but it turns out that the suggested MX records from SpamStopsHere have a flaw:
They still list your real mail server, and there are two sorts of spammers:
a. Lazy Spammers who don't bother to look for MX records at all and just try to send to domain.com, mail.domain.com or smtp.domain.com. Turns out you can defeat them simply by putting your mail reception server at xxx.domain.com or in my case, mx1.dreamhost.com. So I wasn't getting spam from them because it was quite a leap from opinionatedbastard.com to mx1.dreamhost.com.
b. Smarter spammers who do pull the MX records, but ignore the spamh.com mailservers in favor of the mx1.dreamhost.com mail servers. So they were bypassing the spam filter entirely, the fuckers.
Because DreamHost explicitly supports spam filtering, I removed them from my MX records ENTIRELY. spamh.com is secretly sending my email to mx1.dreamhost.com, but the spammers have no way of knowing that.
Ta Da! No more spam! Well, except all this crap that shows up on my work account. But we’ll be getting SpamStopsHere there within the next month.
Summary
SpamStopsHere is working awesome for me. I have it set to forward any questionable emails to the appropriate spam@foo.com account, but I have yet to see any make it that far. It mildly annoys me that I’ll end up spending more for this then I do for hosting but basically I’m paying for someone to sit in a room somewhere and read spam all-day. Note that they have a 30-day free trial so you really have nothing to lose if you’re geeky enough to understand what an MX record is.
The only emails I lost were because of configuration problems OUTSIDE of SpamStopsHere, i.e. my ISP. So if you’re not using DreamHost, you may want to consider moving.
DreamHost Rocks!
Promo Code: SPAM97 will save you $97 off hosting with Dreamhost, so your first year of hosting with lots of space/bandwidth/features will be $22.41. That’s a great deal, from a great hosting provider.
Bottom line
I now am perfectly willing to publish my email address on my blog because I don’t really care if spam harvesting robots pull it in. It’s not like they don’t know the email already, and
Posted by the at March 9, 2007 12:36 PM
Trackback Pings
TrackBack URL for this entry:
http://www.opinionatedbastard.com/mt-tb.cgi/681
