Cloud-Based Spam Filters

Businesses looking to improve their defenses against phishing, malware, ransomware, and spam can choose a physical appliance, a software solution housed on their own hardware, or cloud-based spam filters that perform all filtering in the cloud.

Each option has its own merits, but if you are looking for the quickest, easiest, and most cost-effective anti spam solution, cloud-based spam filters are hard to beat. There is no need to purchase any hardware and no software needs to be installed. All that is required is a simple change to your organization’s MX record to route messages through your service provider’s mail servers. Consequently, organizations can be filtering their email and blocking threats in a matter of minutes from purchasing licenses.

Advantages of Cloud-Based Spam Filters

Speed of installation is an advantage, but there are many benefits to cloud-based spam filters, which is why spam filtering in the cloud is fast becoming the most popular choice for businesses and managed service providers (MSPs).

Software and appliance-based spam filters are often high maintenance. The IT department will need to commit resources to maintaining the solutions, updating the software or firmware, and applying patches. With cloud-based spam filters, the service provider is responsible for applying updates. Users can therefore be sure that they are always running the latest and most secure software version.

Most emails are sent during office hours. During these busy times there will be a high demand placed on CPUs, and that can affect network performance. With cloud-based spam filters, all processing takes place on the service provider’s servers, so network performance issues are avoided.

Businesses can experience compatibility issues with their existing hardware and software, but these are avoided with cloud-based email spam filters. Cloud-based spam filters are system-agnostic and are compatible with all IT setups and operating systems.

Physical appliances have a limited capacity so additional devices need to be purchased when the company grows. The use of multiple appliances adds to the complexity of the solution and can cause major headaches for IT departments. Conversely, if the number of mailboxes needs to be reduced, businesses will have paid well over the odds for capacity they no longer need. Cloud-based email spam filtering is much more flexible and infinitely scalable.

With filtering taking place in the cloud, administrators can configure and tweak their spam filter settings via a web-based administration control panel, which can be accessed from any computer via the Internet. This makes maintenance far easier.

With all of these benefits – cost, scalability, flexibility, low management overhead, ease of installation and maintenance – it is easy to see why cloud-based spam filters are now such a popular choice.

How Do Cloud-Based Spam Filters Work?

When a user sends an email from their email program, the message passes to an outbound email server. To find the correct recipient, the outbound email server needs to check with a DNS server to determine where the email should be directed. The DNS server will determine the IP address from the email address and will reply with an MX record. The message will then be sent to the recipient’s inbound email server, and that message will be sent to the recipient’s email client and will be picked up when they login or during the next send/receive.

This process is the same when cloud-based spam filters are implemented, except that instead of the organization’s MX record being returned, the MX record of their service provider will be provided. The message will go to the service provider, spam filtering controls will be applied, and if those checks are passed, the message will be delivered to the end user via their inbound email server.

This process means that spam emails and malicious messages are not passed to the inbound email server and stay with the service provider. Consequently, the load on an organization’s inbound email server is reduced.

How Do Cloud Spam Filters Identify Spam and Malicious Emails?

Cloud spam filters uses a range of different techniques to assess incoming emails to determine whether they are genuine messages that should be delivered, or unwanted or malicious messages that should be quarantined for manual inspection or rejected.

At the heart of most solutions are Real-Time Blackhole Lists (RBLs) or Domain Name Server Blackhole Lists (DNSBLs). These are lists of IP addresses that have previously been identified as having been used to send spam or malicious emails. If an IP address has a poor reputation, messages from that address will be quarantined.

Emails are also subjected to authentication checks using Sender Policy Framework (SPF) or the more powerful Domain-based Message Authentication, Reporting and Conformance (DMARC). These authentication techniques are used to determine whether the person sending a message is authorized to send messages from that domain. These checks help to prevent email impersonation, as is common in phishing attacks. Recipient verification checks are also performed to prevent emails addressed to unknown individuals in an organization from being delivered.

Content analysis tools are also used to check the message body and headers for common spam signatures such as excessive hyperlinks, grammatical and spelling errors, and other indicators of spam and malicious emails. Each message is then assigned a score based on the likelihood that the message is spam. The solution can then be configured to reject messages above a certain score. URIBL and SURBL filters are also used to assess embedded hyperlinks to determine whether they are malicious, suspect, or genuine. These checks are essential for preventing phishing emails from reaching inboxes.

Greylisting may also be used. This is the process of rejecting a message and sending a request to the originating outbound email server for the message to be resent. Outbound servers running spam campaigns will not process these requests or there will be a significant delay resending messages. The time taken for the response is an indicator of whether the message is genuine. This additional anti-spam mechanism is useful as it allows spam email to be identified that has been sent from an IP address with a relatively good reputation.

Finally, cloud-based spam filters incorporate anti-virus engines which scan attachments for malware and malicious code. Advanced spam filters also incorporate a sandbox, where suspicious attachments can be examined safely for malicious actions.

Some spam filters will also scan outbound messages. This is important as it prevents a company’s email accounts from being used for spamming by rogue employees or hackers that have succeeded in compromising an email account.

How to Choose a Cloud-Based Spam Filter

The best cloud spam filters will incorporate all of the above mechanisms for identifying spam and malicious messages and should detect more than 99.9% of spam email and 100% of known malware. Any spam solution can block 100% of spam and email threats, but not without having a very high false positive rate. That means IT staff must physically check thousands of emails that accidentally get caught by the spam filters.

The best cloud-based spam filters have a false positive rate of less than 0.05%. You can find out the catch rates/false positive rate from independent websites such as VirusBulletin. Be sure to check other review sites to get feedback from existing users of the solutions. They can provide important insights into how easy the solutions are to use.

If you are happy with the features and the price per user, be sure to take advantage of any free trials. They will allow you to assess the solution in your own environment before you commit to a purchase.