Anti Spam Server vs Mail Server

The difference between an anti-spam server and a mail server can be hard to explain. Traditionally, an anti-spam server has been regarded as a mail server with email filtering software working as a gateway between the mail server and the firewall.

More recently, an anti-spam server can also be placed on a cloud, with the email filtering software connecting to the mail server using the MX record.

Some definitions of the term anti-spam server simply are linked to the way in which the filtering process is conducted at server-level, rather than at each different device (“client”) linked to the network. Server-level filtering is much less labor-intensive than client-level filtering, and it allows administrators clearer oversight of network activity. In this regard, an anti-spam server is a far more effective security solution for securing networks against phishing, malware and ransomware.

The majority of mail servers already have some form of email filtering software; or at least supply tools with which administrators can set rules about how incoming email should be handled. Some of these tools are very effective, and can learn to spot emails with a high probability of spam content (Bayesian Analysis), or move emails to a spam folder based on users´ previous behavior (Adaptive Junk Filtering).

However, as a result of the evolving sophistication of spam email – and the fact that filtering mechanisms capable of learning new tricks do so retrospectively – many “default” filtering mechanisms would not be thought of as an effective anti spam server because they are not very good at detecting spam email. For instance, in a recent test conducted by independent testing service AV Comparatives, the Outlook default filtering mechanism discovered just 89.87% of spam email.

Due to the danger of malware and ransomware being deployed by spam email, most businesses choose to implement third-party email filtering software in order to support the email spotting capabilities of the default filtering mechanisms and change their mail server into an anti spam server. Third party email filtering software can also be good, bad or indifferent when it comes to discovering spam emails.

In a test like the one that identified Outlook’s low spam detection rate, researchers sent 127,800 spam emails through a number of different spam filters within a week. The experts found the average spam detection rate between the top ten performing spam filters was 96.86% – meaning that, on average, more than 4,000 spam emails bypassed detection.

It is not unusual for a large group to be sent 127,800 spam emails within a week. In 2015, the Radicati Group calculated the average office-based employee was receiving 12 spam emails a day; so, at a rate of 60 spam emails a week and an average spam detection rate of 96.86%, a business would only need to have sixty-seven office-based staff members in order to have 127,800 spam emails sent to it each week. ({127,800 * (1 – 0.9686)} / 67).

AV Comparatives Spam Detection Rates – Test Conducted March 2016
1 ESET 99.96%
2 SuperSpamKiller 99.72%
3 G DATA 99.41%
4 Bitdefender 98.84%
5 Kaspersky Lab 97.97%
6 AVG 97.81%
7 Avast 96.71%
8 Lavasoft 94.71%
9 Symantec 93.63%
10 Microsoft Outlook 89.87%

Regardless of which “Top 10 Cybersecurity Threats” article you see, email is the number 1 threat vector for businesses. The majority of malware attacks and approximately 90% of ransomware attacks start at email level, which is also where most phishing attacks begin (the majority of the remainder being delivered via social media). Additionally, hackers are becoming more sophisticated in the techniques they use to avoid detection and trick users into opening their emails.

One of the most popular methods currently being employed is “spoofing”. Email spoofing is when a hacker constructs an email to look as if it originates from a trusted source (a bank, a solicitor or even the business itself). If the spoofed email is sent from a not yet recognized source of spam and is returned after greylisting (see below), it could bypass detection by “standard” email filtering software.

The best security from spoofing is a trio of front line mechanisms – HELO tests, DKIM tests and DMARC tests – which authenticate the sender of the email against a Sender Policy Framework. This process can eliminate all spoofing emails except those that come from a compromised account within the business itself and counter the increasing sophistication of spam emails to prevent users being tricked by phishing emails.

Along with posed by phishing, malware and ransomware, spam emails cost businesses money by reducing productivity. Experts have estimated it takes a security-conscious employee an average of four seconds to identify and remove a spam email. Therefore, an employee receiving 12 spam emails per day would spend four minutes a week removing spam emails – or 192 minutes per year based on a 48-week cycle.

Multiple 192 minutes by sixty-seven staff members, and we are looking at 214.4 hours a year; or – at an average office worker´s hourly rate of $12.50 per hour – $2,680. The cost may not seem a lot unless you pay your office workers a lot more than $12.50 per hour or employ more than sixty-seven employees that have access to email – and once they are all security-conscious.

Should one malware-laden email be clicked on in error, the cost can be far more. A 2015 study by the Ponemon Institute (“The Cost of Phishing and Value of Employee Training”) found the average cost of recovering from a successful phishing attack was $338,098. The cost of an uncontained malware attack or credential compromise incident was much more.