It's typical for a lot of spam to bypass our email servers for the first 72 hours after the MX record changes to activate our service have been completed, and then a small percentage after that. You can determine if an email message bypassed our service by reviewing the full Internet headers. Click on the link below for more information:

Email Header Information

After using our service for about a week, we recommend optimizing your MX records, which helps prevent bypasses. This is mentioned in the Domain Activation email that you receive when you sign up under the section "IMPORTANT: STOPPING EVEN MORE SPAM - Optimal MX records". Although many people forget to make these changes, they are crucial for good results.

Some domains unfortunately get more bypasses than others, as everyone's spam problem is a little different. You might find that you will want to go ahead and optimize your MX records before a week is over or even set up a firewall to prevent some of these bypasses if you notice that the majority of the spam you are still receiving is bypassing our service. You can click on the link below for more information:

Technical Details

Although bypasses are the biggest problem, there are other situations that are typically identified when new users sign up and don't get what they expect.

1. The user's "spam" problem was actually a virus problem, but they have not signed up for our anti-virus service. Unfortunately we can't block viruses in the same way that we block spam, as they are blocked with completely different methods.
2. The user's "spam" problem was actually a problem with receiving bounce messages where a spammer/virus was forging the user's email address and sending email. We can't block bounce messages globally, as we can't determine which ones are in reply to emails you actually sent. It's not typically a good idea to block these important diagnostic messages anyway. However, you can create your own custom content filters to block these. Please see our FAQ article on this.
3. The user is on some spammers' lists that are unique and are not sending spam to our spam traps. As a result, these spammers aren't in our database. Additionally, the user is not reporting this spam to us for analysis. If you can report the spam you are getting to the email address provided for this in your Domain Activation email, we can investigate these spammers and take proactive measures to make sure that you no longer receive spam from these spammers. Additionally, you may be getting multiple copies of the same spam that is not yet in our database. Most multiple copies of the same spam occur when a user has a "catch all" email alias that forwards email sent to multiple addresses to one inbox. Disabling your catchall email alias can help eliminate this.
4. The user is on mailing lists from companies known to have good subscription policies and known to not be spammers, but have forgotten that they signed up, think that it is unsafe to do so, or was subscribed maliciously.
5. SpamStopsHere's filters are correctly identifying the spam, but the user either has the spam being forwarded indirectly to their inbox using the FORWARD action, or is using the MODIFY SUBJECT action for the spam instead of a filter that would REJECT or DELETE the spam.
6. The user has whitelisted the spam. We don't recommend whitelisting your domain name. Not only is the majority of your intradomain email not going to leave the server in order to go through our filters, but many spammers now adays are forging an email address at your domain to get past your filters based on whitelist entries like this.

Because we have such a low false positive rate, you're more likely to let through spam with a whitelist entry than you are to prevent us from accidentally blocking your sender's email. That's why we recommend that you only do this for the most important senders, where even if you receive spam from their address or IP address, that you need to get it. Unless your senders send you spam, you shouldn't need to whitelist them. That's why the whitelists are generally used to correct problems, not as a preventive measure.

Whitelists are typically used if you take advantage of optional or custom filters to enforce policies but need to make exceptions, then we recommend that you do whitelist the sender, but whitelists should be done in the following order to open the smallest hole possible:

1. By IP address of the sender's mail server if possible.
2. Otherwise by email address.
3. Otherwise by domain.

We believe that if you can provide us with more information as to the nature of your spam problem, provide us samples of spam if they are not bypassing our service, or take some measures on your end to prevent bypasses, that we can bring you to the 95% or even 98% or better level of spam being blocked.