Cloud Email Spam Filtering Thoughts?

Chuck Topinka

New Member
Hey everyone,

TL;DR version: Anyone have any experience/recommendations on cloud spam email filtering providers such as SpamHero or MX Guardian (or others)?

We've been battling different issues related to spam depending on the user. Some say we filter too much and some say we don't filter enough. I've been looking into server level and cloud spam filtering providers to see if I could provide my clients with a better solution. Currently we are running the default VPS install which is spamcop and spamhaus RBL blocking only.

I've read on the forums that SpamAssassin can be a CPU hog. Since our main focus are the websites (just about all of which are Joomla based) and not the email, I don't want to impact CPU or memory on the server. I prefer to leave that available to MySQL/PHP as much as possible.

Somewhat ironically, our smaller clients (less than 5 mailboxes) have moved to Google Apps but the larger clients want me to "fix it" since they don't want to spend the $5/mailbox with Google for their 50-100 email addresses. With the cloud providers, I can probably provide the "enhanced spam filtering service" add on for about $19/domain. I just don't want to go into that business if it means a lot of extra headache for little additional gain.

Thank you very much for any thoughts, experience, recommendations or hysterical observations!
 
Heya Chuck!

I'm not going to be much help on either of the two you're asking about however SpamHero does look pretty interesting to me and I will definitely keep that one on the short list for the future.

One thing I will say is that out of EVERYthing else I do serverwise spam is THE #1 PITA. I have my VPS here with KH and an Exchange server at work that I also run and both run local spam filters. I've looked at appliances and the like and they're either too cost prohibitive or just not flexible enough or user friendly enough.

The idea of filtering before it hits the network is BRILLIANT. However this does cripple any whitelisting functionality as addresses would ideally be added when the user sends an email.

The system has to be SIMPLE and EASY for a user to manage. If it's too complex people won't do diddly and you'll end up with complaints and/or having to manage everything yourself. I use ASSP Deluxe on my VPS and it does a pretty decent job however I do have to take at least a cursory glance through to make sure what makes it to the inbox IS actually valid email and not spam and that takes my time every...single...day.

In my opinion there should be a quarantine for each user. No one wants to plow through thousands of emails for the whole domain to look for their ONE email that got blocked.

Reports are GREAT! If a user gets any spam in their quarantine over the previous day they get a report and they can quickly peruse the list to insure it actually is all spam. People like this especially if it's EASY.

I like systems that have two thresholds. A high threshold for POSITIVE spam which can simply be deleted and a lower threshold for spam that is iffy. Spam in this lower threshold should be what makes it to a user's quarantine for them to peruse.

And finally TIME. Time is always of the essence and I have seen some companies whose email systems can take over 30 minutes for an email to get through! For a spam service that's simply unacceptable, it's GOT to be FAST. And of course downtime...if the spam service goes down, what happens to the email?

/ranton
I think whomever came up with the idea of spam should be shot and buried under a pile of junkmail for all eternity. I can't even begin to tell you how much time and energy I have spent trying to deal with spam!
/rantoff
 
Hey Dan,

Thanks for the reply. I didn't get the usual email notification (maybe I should check my spam) so I didn't come back to check for a response.

I agree with you 100% on spam being a major PITA. I checked out ASSP Deluxe, but it still requires some server load and it didn't look like the WHM/cPanel scripts were still being updated. Unfortunately, since my big users are the ones who insist on me hosting their email, I think even a small overhead multiplied by a bunch of users would lead to too much resource contention. We can already see the effects of some of these clients coming onboard when checking site speeds. There's nothing that a human could detect, but our monitors are showing that the sites are slower now with email users than they were when we were just testing the sites by themselves. I suppose that could be other factors besides email, but I do see a lot of dovecot and exim processes now.

My concerns with the cloud spam filters are pretty much the same as yours:
1. One more thing in the chain to break.
2. Ease of user administration rather than sysadmin.
3. Centralized location of a large amount of email addresses with the express purpose of blocking spam being a "honeypot" target.

I'm not quite as concerned about time to delivery unless every email is slowed down. Email wasn't really designed to be an instantaneous form of messaging, though most clients certainly expect it to be these days. If every email took 30 minutes then that would be unacceptable. If some email took that long because it was flagged for spam and needed additional checks or something I think that should be tolerated.

I'm going to keep researching and see what else is out there. I'll update this thread for the benefit of the community if I find anything or decide to go with anything. If anyone else has any experience, please let us know.
 
Guys, I know this is an old post, but wanted to let you know we have been using spamhero for more than a year and love it. I have a dozen clients on it and no one has ever cancelled. Easy setup, easy to maintain, whitelabel for clients ... even makes me a few bucks every month as an add-on. Support has also been very KH-like ... quick and helpful.
 
Thanks for the report, roodude. SpamHero will probably be my go to when the spam issue comes up again.

I was finally able to get my most affected customer to move to Google Apps, but it was due to storage constraints rather than spam purposes. That, and some additional account level filters, moved the spam issue to a lower priority (at least for now).
 
Top