Having an email filter for any business is a crucial function of basic cybersecurity best practices. We may take them for granted, but spam filters keep us organized, protected, save our time, and maybe even a little saner than we would be without them.
Read more about what spam and spam filtering means for businesses
At the very least, spam email is a nuisance that will clog up staff mailboxes and overload your servers. Some forms of spam can be dangerous — the entry point for serious attacks that could wreak havoc on your PCs, your corporate network, your bottom line, and even your business reputation. Therefore, an email filtering solution is no doubt an essential first line of defense against spam.
Given the high number and intensity of data breaches in recent years, there is a wealth of information available to phishers to use when designing their attacks. Particularly when it comes to phishing emails, these are carefully researched and designed to target specific recipients in an organization. The increasing sophistication of phishing attacks makes it difficult for technology to identify email-borne threats and block them.
1. What Do Spam Email Filters Check For?
With each spam message that lands in your inbox, the more susceptible you are to cyber threats. Sanity aside, every business owner wants to protect their staff and their business data as best as possible. An email filter can help. While an email spam filter can and should be configured to fit your business environment, they generally look at:
- Header Data
- Email Content
1.1 What is Email Header Data?
Every email contains header data the average end-user will never see. This data includes information such as:
- Server IP addresses to show where the email has been, where it came from, and where it is going.
- Other information about the formatting of the message, and the addresses of the email senders and recipients.
Spam filters check this data for indications that the message could be spam, such as:
- The timestamp not making sense for when the email was sent,
- If any of the IP addresses associated with it are blacklisted or,
If the sender or recipient addresses are invalid.
1.2 What is a Blacklist?
Blacklists are lists of known spammers or spamming sources. These known spammers can be automatically blocked from being delivered to your mailbox by spam filters. Who makes these lists? Typically, Internet Service Providers (ISPs), server administrators, and email service providers compile these lists from data all over the world.
As spam filters detect spam based on content analysis, security alerts, or maybe a flood of emails from a particular source, the source of these spam emails is tracked and placed on an email blacklist. Once a source is on a blacklist, the spam filters that reference this blacklist will typically start to block any emails coming from that blacklisted source.
Read more on what is email blacklisting?
1.3 Email Content Analysis
Another main area spam filters check is the content within the email. Filtering by the content is where this otherwise simple filtering system gets tricky. Whereas some things are black and white – blacklisted and not blacklisted, valid address or invalid address – content is a grey area. Of course, there are a few stand-out elements that are known spam indicators. Things such as blacklisted websites, executable file attachments or known spam keywords in the email are all red flags of spam. Executable file attachments are file types that can perform multiple functions and operations. These content guidelines, much like the entire IT industry, are constantly changing. This fluid motion of what is and isn’t considered spam makes it so hard for spam filters to filter the good and bad properly.
For example, shortcodes used to be flagged as spam. However, with the rise of social media, Twitter especially, shortcodes have become relatively often used in the body of an email. In turn, this makes it hard to justify that all shortcodes indicate that the email is spam.
2. No Hard and Fast Rules
So why is it that despite everything spam filters check, they are still not 100% accurate? First off, we’re talking about technology. The only certainty about most technology is its uncertainty! Additionally, spam filters are working against both computers and the human brain.
Therefore, unfortunately, spammers know what is flagged when filtering emails and learn how to adapt to better trick the system and get past your spam filters.
As we now know, a good email filtering system must check several components within an email before marking it as spam. Most spam filters score email messages and add up points for each thing that could indicate spam. If the email scores high enough, then the spam filter will quarantine or block that email to keep it out of your inbox. If only one part, such as the To field, is scored as potential spam, but everything else checks out, that email will most likely still make it to your inbox.
3. How spammers create their attacks
To understand this better, It is important to first understand the “game” between spammers and spam filters a bit more. This makes it understandable why some spam always will find its way to your inbox.
Spam filters try to catch all mail that is spam, while
Spammers try to create emails that are trusted not to be spam – both by spam filters and by humans. For spammers, this comes down to creating emails that: –
- Can pass spam filters;
- When they arrive in your inbox, look like legit emails so the user opens it;
- Are interesting enough so that you are enticed to follow the instructions in the email.
Great spammers are successful because they too buy spam filters and use this to test their new spam tactics to see if their mail passes the email spam filter. If the email passes, they are one step ahead.
The spammers then go out in the wild, send out millions of emails, effectively showing off their new tactics. The email spam-filter providers take notice, and they update their filters. This is an ongoing game. It’s similar in the virus industry.
Spam with no links or attachments is probably spamming to poison/confuse filters to make it easier to fool them later on.
For instance, if you send an email but forget to enter a subject, your email will typically still be delivered. However, if an email has no subject, a sender name that doesn’t match its email address, and has a suspicious attachment, the chances are that email will be marked as spam and never make it to your inbox.
And this is the main reason why even the best email filters cannot be 100% accurate.
4. Why even the best spam email filters cannot be 100% accurate
Spammers are constantly trying to outwit anti-spam filters. For example, one spam detection method is to block email that exactly matches known spam messages. Once email service providers began comparing incoming email to known spam and blocking any email messages with content that matched known spam, spammers simply started inserting random words in the body of their spam email, often in text invisible to users by having the color of the text match the color of the background for the message, e.g., white text on a white background. In so doing, the spam filters could no longer rely on exact matches against known spam messages.
Now that you understand how clever some spammers out there are, if you were to set a hard and fast rule that ALL emails without a subject line are blocked, you’d probably miss out on some genuine emails you want to receive. Although these grey areas allow you to get genuine emails, it can also lead to spam emails getting in (boo!). This is where configuring your spam filters to best suit your specific needs can work wonders for your business.
Such a filter would be unacceptable, though. Therefore, the challenge for email service providers and businesses is to find a balance between blocking spam and allowing legitimate emails in. If the filter is too strict, there will likely be many false positives, resulting in many genuine emails being blocked.
Some users may prefer to have less strict settings so that no legitimate email is blocked, but that means more spam gets through. In contrast, other users may have very low tolerance for spam emails that they are willing to trade off the possibility of legitimate email being blocked or quarantined in return for getting less spam in their inbox. A company dealing with a large number of email users needs to pick a moderate level of email filtering that applies to all users so that some spam gets through, but, hopefully, result only in a few false positives.
5. In short…
Spam is an arms race where spammers invent new ways to get around the email filters which even the best email security companies develop. When filters get updated to block the latest ploys, cyberattackers go back to design another way to get in.
While email security providers are smart, so are the spammers. Therefore, no matter how good an email filter is, some spam is going to get through at some point. 300 Billion spam emails are sent every day using hundreds of different ways to deceive filters.
Yes, we completely understand your frustration when one spam email ends up in your inbox, and this is why we’re so passionate about email security. Even as staff who work for an email security company, we too are targets of spammers – and although almost all get picked up by our anti-spam filters, the occasional one sneaks by and lands in our inboxes.
This is because if email filter rules were “tightened too much” to attempt to capture 100% of phishing emails, they will likely have adverse effects, such as stopping the legitimate emails that you need to conduct your business. Some emails will not be received in users’ mailboxes and be assumed to be missing or, worse yet, result in lost business opportunities. Therefore, it is important to create just adequate rules that will provide the security you need for your network but not cause you to have your genuine emails completely blocked or quarantined.
6. So Do I Still Need an Email Filtering Solution?
Absolutely YES! Email spam filtering, even though it’s not 100% accurate all of the time, is a vital investment to protect your business from email threats, and it can only get better from here.
If your anti-spam solution keeps a log of the emails that have been blocked and/or a quarantine database, you can also access this to view the unseen good work it has done and realize that your inbox would have been much worse without it.
An important criterion to consider is choosing an email filtering solution that applies innovations and evolves as technology grows. In this way, it improves its effectiveness and keeps up with changes in the cybersecurity world. Read more: What to look for when looking for an email filtering solution
Advances in technology such as algorithms for machine learning continue to improve the results of email filtering services. Another advanced technology available is DKIM (DomainKeys Identified Mail). DKIM affixes a digital signature to emails coming from senders to validate the email is really from who it says it is from. SPF (Sender Policy Framework) leverages DNS technology to validate email is coming from a valid source. Most recently, DMARC (Domain-based Message Authentication, Reporting and Conformance) is being adopted by many organizations to extend the effectiveness of DKIM and SPF, further preventing cyberattackers from spoofing email addresses and impersonating your CEO!
MailSafi Email Security is a leading hosted email filtering solution that offers protection against spam, viruses, malware, phishing attacks, spoofing, ransomware and other advanced email threats. Below is an illustration of how MailSafi Email Filtering works.
Sign up for MailSafi Email Security
Sign up today or request a call back to learn more about how our cloud-based email security service. MailSafi Email Security is compatible with on-premise servers like Zimbra, Exchange, etc.; shared hosting environments such as cPanel, etc., as well as Microsoft Office 365.
https://www.mailsafi.com/Not what you’re looking for? Check out our other services including cloud-based email and collaboration, email archiving, domain registration, cybersecurity training, domain and website hosting.