Spam Filtering for Business

Consumers are offered anti-spam controls from email service providers, although spam filtering for business requires a dedicated anti-spam solution. The spam filters used by the likes of Microsoft and Google are effective at blocking mass emails, but businesses are subject to much more sophisticated email-based attacks. To protect against malware, ransomware and phishing, a dedicated, third party anti-spam solution should be deployed.

Why is Spam Filtering for Businesses Essential?

Spam is a productivity-draining nuisance. Employees can waste a considerable amount of time dealing with unsolicited and unwanted emails. Even five minutes a day spent dealing with spam emails means major productivity losses for employers. Five minutes lost each day by 100 employees adds up to a full eight hours. Multiply that by 250 working days a year and over the course of 12 months more than 52 weeks of work will be lost. One recent study calculated the cost of managing spam emails to be $285 per employee per year, once associated IT costs are taken into account.

The productivity losses are minor compared to the losses that can be caused through phishing attacks, malware infections, and ransomware attacks. If these threats are not blocked, businesses can suffer catastrophic losses. Data breaches and ransomware attacks can result in losses of millions of dollars.

Without effective spam filtering, high numbers of malicious messages will be delivered to end users. All it takes is for one employee to respond to a single malicious email and divulge their credentials or install malware or ransomware for a costly data breach to result. The average cost of mitigating a data breach is now $3.6 million, according to a study conducted by the Ponemon Institute.

Business Spam Filter Options

There are three categories of solution that provide spam filtering for business email accounts: Hardware spam filters, software-based spam filters, and cloud-based spam filters.

A hardware spam filter involves the purchase of a dedicated appliance that is housed on-site. All email traffic passes through the appliance. The hardware spam filter will have limited capacity and must be chosen based on the number of domains and active email users. It therefore lacks the flexibility of other filtering options.

Software-based spam filtering for business use is deployed as a virtual appliance. This option should not require the purchase of any additional hardware – It can be installed on an existing machine.

Cloud-based solutions offer the same features as physical and virtual appliances, without the need to purchase any hardware or install any software. All filtering of spam occurs in the cloud. This is the best type of anti spam software as it is maintained by the spam filtering company, requires no complex set up, and will not add to your patching burden.

The first two options sit between the organization’s firewall and mail server on premises and all email traffic passes through these gateways. With a cloud-based solution, the mail exchange (MX) record is pointed to the service provider’s public or private cloud. Public cloud deployments are best suited for SMBs, while large enterprises and Managed Service Providers (MSPs) are usually better suited to a private cloud deployment – one that is not shared with any other business. A hybrid solution may also be possible, which will reduce the volume of messages arriving at the company’s mail server.

How Does Spam Filtering for Business Work?

Business anti spam filters use a variety of methods for separating spam and malicious messages from genuine email communications. Advanced spam filtering for business and MSP use typically blocks more than 99% of spam emails and 100% of messages containing known malware. So how is that achieved?

Each solution will use a combination of controls to distinguish between genuine messages and spam and malicious emails. These controls include:

Real-Time Blacklists

Real-time black lists contain IP addresses and domains that have previously been used to send spam or malicious messages. The sender of an email is checked against these blacklists to determine whether the message has been sent from an IP address with a poor reputation. If the reputation of the IP address is bad, the message will not be delivered.

Sender Policy Framework

A method used to determine whether a message has been sent from a host authorized by the administrator of a domain. This method of spam filtering for business email accounts is important for preventing the delivery of spoofed messages.

Recipient Verification

Verification that the intended recipient of an email is genuine. This control prevents speculative emails sent to invalid mailboxes from being delivered.

Message Content Analysis

Analysis of message headers and email content for common signatures of spam. Advanced solutions use Bayesian analysis techniques to assess the likelihood of an email being genuine or spam. Each message is assigned a score which is used to determine the actions that are taken – delivery, quarantine, deletion, or greylisting.

Greylisting

Greylisting is the term used for the rejection of suspicious emails with a request for the message to be resent. The delay in the request being processed is a good measure of whether the message was sent from a spammer’s mail server. Spammers mail servers are usually too busy to process these requests.

Malware Scanning

Use of single or multiple antivirus engines to scan email attachments for signatures of known malware.

SURBL/URIBL filtering

Analysis of hyperlinks contained in the message body to determine whether they are malicious or have been used in past spamming campaigns.

Things to Consider When Choosing Spam Filtering for Business Use

There are many different anti-spam solutions available and they are not all created equal. Filtering spam is not only about stopping productivity draining emails from being delivered. A solution should offer excellent protection from all email-based threats, scan inbound and outbound messages, be easy to use, scalable, and flexible.

When choosing a suitable anti-spam solution, consider the following:

  • Deployment options – There are multiple deployment options available – Cloud-based spam filtering for business use is the easiest to deploy, although software-based solutions may be a better match for your organization. Research all options available and their relative merits.
  • Ease of Use – Consider the amount of time your IT department will have to spend managing the solution, performing upgrades, and tweaking controls and factor this in to the overall cost.
  • Spam detection rate – Spam filtering for business should ensure that more than 99.5% of spam emails are blocked. Choose a solution with a high – and verifiable – detection rate.
  • False positive rate – Detection rates may be high, but false positives can cause many headaches. Look for a solution with a verifiable false positive rate well under 0.05%.
  • Granularity of controls – The more granular the controls, the easier it will be to tailor the solution to meet the needs of the business. Does the solution allow you to set different controls for departments, groups, and individuals?
  • Antivirus protection – Spam filtering for business email accounts requires a powerful AV engine. Dual antivirus engines provide greater protection from email-based threats.
  • Malicious URL blocking – Does the solution examine embedded hyperlinks to determine whether they are malicious or have been used in past spamming campaigns?
  • Outbound email scanning – Does the solution only scan inbound messages? Outbound filtering can prevent your domains from being blacklisted and stop compromised accounts from sending malicious messages to your customers and suppliers.
  • Mail continuity service – Is there an email continuity service that will ensure your messages are filtered and delivered in the event of server downtime?
  • Flexibility and scalability – Will you be tied into an inflexible contract? What happens if you expand or downsize? Will you be able to scale up the solution easily or reduce the cost if you are forced to lay off staff?
  • Cost and affordability –Different payment options are available. Discounts can be obtained for longer contracts and pay-as-you go plans are possible with some providers. The highest cost solution is not necessarily the best spam filter.
  • Take advantage of free trials – A free trial of spam filtering for business may be available. Try before you buy to discover firsthand how easy the solution is to use and how effective it is at blocking spam and malicious messages.

Spam Filtering for Business FAQs

Surely the higher the spam detection rate is, the more false positives you will get?

Although setting spam confidence levels too high will result in a high number of false positives, it should be possible to find a point at which spam detection rates are greater than 99.5% with false positive rates lower than 0.05%. Furthermore, it is worth considering that detection rates will vary across the business when different spam confidence levels are applied to different departments.

Why would you apply different spam confidence levels to different departments?

Some departments (i.e. Finance, HR, C-Suite, etc.) require a greater level of protection than departments such as sales, marketing, and procurement. If you were to apply the same spam confidence levels universally, you could expose more sensitive departments to risk or deny opportunities to sales, marketing, and procurement teams.

How does a spam filter for business know which emails to reject and ask for them to be resent?

In the default greylisting process, every inbound email is rejected and returned to its originating mail server with a request to be resent. Naturally, businesses do not want to delay the delivery of business critical emails, so approved senders are added to a whitelist which enables their emails to bypass the greylisting process. Every email not from an approved sender is considered suspicious.

How does SURBL/URIBL filtering differ from RBL blacklist filtering?

RBL blacklist filtering compares the email´s originating IP address against a list of IP addresses with a poor IP reputation. SURBL/URIBL filtering checks the URLs of hyperlinks embedded in the content of emails against a list of URLs known to have been used in previous spam and phishing emails. SURBL and URIBL filters can also be configured to flag URLs that hide their true identity behind a proxy server.

If I already use antivirus software, why do I need more in a business spam filter?

On-device or network-wide antivirus software works retrospectively inasmuch as it detects malware and other threats only once they have infected the device or infiltrated network. Antivirus software in a business spam filter blocks malware and other threats before they reach their intended destination to eliminate the risk of their payloads being activated before they are detected by other antivirus software.