A spam filtering service is a software-as-a-service (SaaS) solution that is used by businesses to filter out spam and phishing emails and malware threats. Instead of having all emails delivered to a mail server, the MX record of the business is directed to the service provider’s cloud servers. All emails are subjected to a range of tests in the cloud to find unwanted emails, and only cleaned emails are delivered.
Why is a Spam Filtering Service Necessary?
Spam email is more than just a nuisance. While it may only take an employee a few minutes to remove spam emails from their inbox each day, when every employee has to manually remove unwanted emails from their inboxes it adds up to a significant loss of productivity over the space of a year. A company with 600 employees wastes around 130 days each year dealing with spam emails if every employee has to deal with just 5 spam emails a day. The bad news is spam email volume continues to increase.
A much bigger threat to businesses comes from phishing. Phishing attacks on businesses have been increasing year over year and phishing attacks are becoming much more sophisticated. According to the CISCO 2121 Cybersecurity Threat Report, 86% of organizations suffered a phishing attack in the past year where at least one employee clicked a link in a phishing email, and around 90% of all data breaches involve phishing. 96% of all phishing attacks occur via email, which is why a spam filtering service or other email security solution is essential.
Malware is most commonly delivered via email, either attached to emails directly, downloaded through malicious links distributed via email, or by malicious scripts in email attachments. Ransomware attacks on businesses have soared in recent years, and SMBs are increasingly being targeted. These attacks see ransom demands of tens or hundreds of thousands of dollars issued, with the cost of remediating the attacks several times the cost of the ransom demand. The initial access to SMB networks is often gained through phishing emails and email-delivered malware droppers. A spam filtering service will strip all these threats out of inbound emails, and only filtered emails will be delivered to inboxes, preventing costly data breaches.
Businesses that use Gmail or Microsoft Office 365 will have a degree of protection from spam and malicious emails, but these spam filters are only effective at blocking obvious spam emails and emails that contain known malware variants. Cybercriminals are constantly developing new tactics for fooling these basic spam filtering mechanisms, and a significant number of these malicious messages bypass the basic protections incorporated into Gmail and Office 365. A dedicated spam filtering service is needed to block sophisticated email threats.
Features to Look for in a Spam Filtering Service
An advanced spam filtering service is needed to block sophisticated phishing threats and novel malware variants. While these are typically SaaS solutions delivered via the cloud, there is the option of using the software in-house and hosting the solution on-premises with some service providers (such as TitanHQ). This may be a better option for businesses with on-premises rather than cloud-based email services such as Office 365 or Gmail.
There are several important features of a spam filtering service that you should look for to make sure that you are well protected. You should also check how easy a solution is to set up, use, and maintain. A spam filtering service that requires your IT team to spend a considerable amount of time setting up and maintaining the service can significantly add to the overall cost. Overly complex solutions could result in misconfigurations that mean the solution will not function as well as it should. Listed below are some important spam filtering service features that are often lacking in products.
Behavioral Analysis of Attachments
One of the most important features of a spam filtering service is the capability to conduct behavioral analysis of email attachments. Spam filters incorporate antivirus engines that offer signature-based detection of malware. When a new malware variant is detected, its signature is added to the virus definition list, and if that threat is encountered it will be blocked. Malware developers now release new variants of malware frequently to evade AV engines. These malware variants are sufficiently different from the original to avoid detection. To detect these threats, suspicious email attachments that pass the AV tests need to have their behavior analyzed in a sandbox to identify any suspicious actions, such as command-and-control center callbacks.
Bayesian Analyses and Heuristics
Bayesian analyses and heuristics are used to search emails for phrases that are commonly used in spam and phishing emails, allowing threats to be blocked based on the content of messages. These machine learning techniques are used to compare new messages against genuine emails and past spam and phishing emails that have been encountered, allowing an accurate determination to be made about the legitimacy of an email. These techniques allow the red flags of phishing to be identified and each time these analyses are performed they get better and better.
Anti-Spoofing Capabilities
Phishing emails commonly spoof brands and trusted individuals. A spam filtering service should be able to detect email spoofing and verify that the senders of emails are who they claim to be and are authorized to send emails from a particular domain. This is usually achieved using Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC). Spoofed emails that are delivered can easily fool end users.
Reputation-based Filtering
A spam filter service will use a real-time blacklist of known malicious IP addresses and URLs. When an email is received from a blacklisted IP address, or if it contains a known malicious URL, that email will be automatically blocked. The solution should also be capable of assessing emails and assigning a spam score, based on the likelihood of the email being spam or malicious. Users can then set spam-tolerance thresholds on an organization, department, user group, or individual user level.
Greylisting
Greylisting is a feature that can improve detection rates of unwanted bulk emails from a standard 99% to over 99.9%. This technique involves initially rejecting a message and requesting it be resent. The delay in resending, if the email is resent at all, is a good indicator of whether the message is spam and has been sent as part of a huge spam run. Mail servers used for spamming tend to have a long delay responding or do not respond at all. While this will delay certain emails, trusted contacts can be added to whitelists and will avoid this greylisting process.
Outbound Email Filtering
A spam filtering service will check all inbound emails, but it is important to also perform checks of outbound emails. Corporate email accounts may be used by rogue employees for sending sensitive data externally to personal email accounts, and mailboxes could be used for spamming, phishing, or malware distribution. This is often the case when devices are infected with malware such as Emotet, or when an attacker has compromised a corporate mailbox. Outbound scanning is a data loss prevention feature and can rapidly alert security teams to a compromised mailbox of insider threat.
SpamTitan Cloud from TitanHQ
SpamTitan Cloud is an advanced email security solution from TitanHQ that includes all of the above-mentioned advanced detection mechanisms. The solution has a high detection rate of 99.97%, with a very low false positive rate. All emails are scanned using dual antivirus engines which will block 100% of known malware variants, and suspicious attachments are passed to the sandbox for in-depth analysis to detect novel malware threats.
SpamTitan Cloud is a 100% cloud-based spam filtering service that is hosted in TitanHQ’s cloud, but it can also be hosted in a private cloud. For SMBs that want to host a spam filtering service on premises, SpamTitan Gateway is the ideal choice. SpamTitan Gateway is delivered as a virtual appliance for installation on existing hardware.
SpamTitan Cloud is incredibly quick and easy to set up, requiring a change to point your MX record to TitanHQ. The solution is managed via a central administrative portal that can be accessed through any web browser, although the solution can be integrated into existing solutions using TitanHQ’s suite of APIs.
SpamTitan is consistently rated highly on independent review sites such as G2, Capterra, Expert Insights for effectiveness, ease of use, ease of maintenance, and cost-effectiveness, and is much loved by SMBs and MSPs serving the SMB market.
For more information, to arrange a product demonstration, and for details of pricing, give the TitanHQ team a call. Also, feel free to take advantage of the free trial to put the solution to the test.
