Anti-Spam Gateway

An anti spam gateway filter solution is a software-based virtual appliance that is downloaded to a website as opposed to a cloud. It is placed behind a firewall and, normally, an anti spam gateway filter stops over 99% of spam emails reaching their destinations – improving productivity and mitigating threats from phishing, malware and ransomware.

However, it is crucial to remember that not all gateway spam filter solutions are equally as successful. Some have mechanisms that stop most unsolicited bulk emails even reaching the spam gateway – cutting the demand on network resources, and the number of email threats that evade detection. This variety of anti-spam gateway filter can achieve spam detection rates of 99.97%.

Greylisting Explained

The main feature of a gateway spam filter that helps achieve such a high spam detection rate is “Greylisting”. To see why Greylisting is so effective, it is crucial to understand that spam filters without this feature identify spam by comparing the IP address of the sending mail server against a RBL blacklist of IP addresses from which spam is known to have come from.

During greylisting, every incoming email is sent back to the mail server from which it originated with a request to resend it . Usually the request is fulfilled within minutes, but hackers’ mail servers – being too busy sending new spam emails – ignore the request. In this manner, Greylisting prevents most unsolicited bulk emails entering the spam gateway. Greylisting is provided as an optional control. While effective at recognizing spam email, it can delay messages by a few minutes. To stop this, it can be combined with whitelisting for trusted senders to ensure their messages are not delayed. Having greylisting in place for all other emails is highly advised.

The Other Mechanisms within the Spam Gateway

When a mail server replies to the Greylisting request and resends an email, the email then goes through the secondary mechanisms within the spam gateway. These include checking the IP address against an RBL blacklist as above, and scoring a Spam Confidence Score based on the email´s content. The gateway spam filter also reviews the Sender Policy Framework and Recipient Verification protocols.

A feature that some anti-spam gateway filters do ont have is SUBRL filtering. This secondary mechanism inspects emails and their attachments for URLs that have been reported previously in unsolicited bulk emails. The aim of this check is to identify links to websites that have been set up with the sole purpose of executing a phishing attack. When any matches are found, the email is quarantined for further review.

An Anti Spam Gateway Filter Should also Review Outgoing Mail

In order to increase network security, an anti-spam gateway filter should also filter outgoing mail. The aim of this is to spot spamming from within the business that could be inadvertent (i.e. by a careless employee) or that could suggest a business email account has been compromised by a spammer and is being used to share spam from a trusted source.

Both scenarios could harm a business’s “IP reputation” – a factor that, for some anti spam gateway filters, adds to the email’s Spam Confidence Score. In extreme cases, unidentified outgoing spam can result in a business´s IP address being added to a RBL blacklist, which would not only impact its email communications, but also access to its website(s).