Improve the Office 365 Spam Filter the Easy Way

If your business only uses the Office 365 spam filter that is provided with your Office 365 subscription, you will no doubt have encountered issues with spam, phishing emails, and even malware evading detection. This is not surprising as, in 2018, tests run by SE Labs concluded that the Office 365 spam filter had a below average threat detection rate when compared against a basket of commercial email filters. The addition of Advanced Threat Protection (ATP) to the Office 365 spam filter failed to raise the threat detection rate above the average.

Office 365 Only Includes a Basic Spam Filter

There are several reasons for this. First and foremost, the basic Office 365 spam filter (Exchange Online Protection/EOP) is only intended to provide a baseline level of protection. Its purpose is to block spam, basic phishing threats, and known malware; and it performs those functions reasonably well. EOP will block around 99% of spam email, according to Osterman Research, and 100% of known malware threats. However, EOP and ATP struggle with blocking new phishing threats and zero-day malware – programs and code that have not previously been identified as malicious.

The reason the basic Office 365 spam filter falls short when it comes to protecting against more advanced and new threats is because the Office 365 spam filter is updated retrospectively. When sources of spam emails are identified, they are added to static blocklists. Subsequent emails from those IP addresses are then blocked. When new malware is identified, their signatures are added to the virus definition lists of the anti-virus engine. If the signature is not in the list, malware is not identified as malicious.

There are no mechanisms in EOP that can detect spam email from previously unknown sources of spam and EOP does not have machine learning capabilities to predict new attack methods. If you want advanced phishing and malware protection for Office 365 that includes those capabilities, you will need to purchase Advanced Threat protection to layer on top of EOP. However, even with ATP, the threat detection rate is still less than you might expect compared to other email filtering solutions.

Upgrading the Office 365 Spam Filter

There are two options available for improving the Office 365 spam filter. You can subscribe to the Office 365 E5 license tier which includes ATP, but for many businesses this is not only expensive but includes multiple tools that will never be used. Furthermore, even with EOP and APT you will only be getting a low- to middle-market level of protection.

With only EOP serving as the Office 365 spam filter, other steps must be taken to block phishing emails. This usually means administrators either have to block “From: addresses” – which comes with the risk of blocking genuine emails sent from legacy servers – or manually block IP addresses retrospectively using the connection filter.

The problem with retrospectively blocking spam emails and IP addresses associated with phishing emails is that spammers and cybercriminals don´t stay in the same space for very long. As soon as it is evident that existing IP addresses are being blocked, they move into a new space with a new IP address – evading detection by the Office 365 spam filter and once again threatening businesses. For Office 365 administrators this is a time-consuming and thankless task.

While you may be happy with the level of protection provided by EOP and APT together, there is an important point to consider. The key to good email security (and security in general) is layered defenses. For an attack to succeed, more than one layer of security must be penetrated by an attacker. If one layer fails, another is present to continue providing protection.

In an attacker learns how a security solution from a provider can be bypassed, threats will not be blocked. This is far easier when the solutions come from the same provider. Homogenous security systems are easier to attack that heterogenous security. A third-party solution should therefore be considered. With layers of security provided by different companies, it becomes much harder for an attack to succeed.

How SpamTitan and the Office 365 Spam Filter Differ

TitanHQ’s email security solution for Office 365, SpamTitan, provides additional layers of security that differ considerably from EOP and APT and will block the threats that those solutions struggle to identify. SpamTitan uses a defense in depth approach to email security, which works in harmony with the protections offered by Microsoft.

More Accurate Detection of Spam Email

In order to improve the Office 365 spam filter and block more spam, additional methods are required that are not included with EOP. These methods increase the spam detection rate from around 99% to more than 99.9%. One of those methods is greylisting.

The greylisting process increases detection rates by returning all non-whitelisted emails to the servers from which they originated. Most mail servers have mail retry capabilities for when emails are not delivered at the first attempt; and, when the greylisted email is returned from the destination server, it is added to a mail retry queue and resubmitted in minutes.

Servers used for sending spam often have the mail retry capability disabled. This is because a large volume of email is often returned by sender authentication tests and blocklist comparisons; and, if every returned email was added to a mail retry queue, the mail server would constantly be resending returned emails rather than sending fresh spam.

In tests, email greylisting has been proven to increase spam detection rates from 99% to 99.9% – not only reducing the amount of spam email that avoids detection, but also email-borne malware.

Advanced Protection Against Phishing, Spear Phishing, Malware, and Ransomware

Defense in depth requires a host of different detection mechanisms and redundancy. With SpamTitan this starts with dual anti-virus engines. Both are excellent in their own right but dual protection maximizes the chance malware will be detected.

In order to block zero-day threats, heuristics, Bayesian analysis, and machine learning are combined with threat intelligence feeds. This allows SpamTitan to anticipate and predict new attack methods and block zero-day malware and phishing threats.

Not all malware is delivered directly. Malicious URLs are often used for this purpose. To protect against malware downloads from the web and the web-based component of phishing attacks, SpamTitan performs a link analysis using multiple malicious URL detection tools.

SpamTitan also includes outbound scanning – which can detect compromised business email accounts and data leak protection technology alerts administrators to sensitive information in emails, such as Social Security numbers.

Administrators can configure SpamTitan to meet their objectives and can easily set spam tolerance thresholds at the domain, user-group, and user level. They have highly granular control over the spam filter, but maintenance is straightforward and simple through an intuitive web-based interface. SpamTitan is a powerful solution but has been developed with the end user in mind and it is easy to use and maintain.

Further advantages of SpamTitan over the Office 365 spam filter include a range of deployment options. SpamTitan is available as a gateway solution or a cloud-based filter, with multiple hosting options available for the latter. SpamTitan can be easily integrated with the management interfaces used by MSPs via APIs and also integrates with LDAP and Active Directory for quick synchronization.

Book a Demo of SpamTitan in Action and See the Difference

If your business is currently relying on the Office 365 spam filter to detect spam emails and protect your networks from malware, ransomware, and phishing attacks, do not hesitate to give us a call to find out more about SpamTitan.

Our team of sales technicians will be happy to discuss any issues you are currently experiencing and will tell you how they can be resolved with SpamTitan. You can also schedule a personalized product demonstration which can include an explanation of how SpamTitan can be place in front of Office 365 to maximize email protection. See for yourself the difference that SpamTitan makes by contacting us today.