Incoming Email Spam Filters

Although the majority of email services come with some level of proprietary spam detection, third-party spam filters for incoming mail help to tackle the level of spam email detection considerably. Groups that fail to implement a third party incoming mail spam filter continue to witness spam delivered to their employees´ inboxes. Research has shown that an organization with five hundred staff members – each receiving just six spam emails a day – will lose more than 130 days annually in productivity.

A possible bigger cost of spam emails is malware. A 2015 report produced by the Ponemon Institute – “The Cost of Phishing & Value of Employee Training” – calculated that the average cost to a group of removing malware and recovering data was $1.8 million. By 2018, the average cost of a data breach had grown to $3.62 million, according to the Ponemon Institute’s 2018 Cost of a Data Breach Study. Luckily it only takes one click on a link to a malicious website for a network to become infected by malware or for ransomware to be downloaded. It is not uncommon for ransom demands to be issued in the region of $50,000 to provide the keys to decrypt files. By comparison, the cost of third-party spam filters for incoming mail is typically less than $10.00 per employee annually.

Third-party spam filters for incoming mail have a greater number of mechanisms to check for spam than proprietary filters. Usually these will include front-end tests that compare incoming emails against blacklists of known spammers, Sender Policy Frameworks, and SMTP Controls.

Every incoming email is given a Spam Confidence Score based on its content and then either delivered, quarantined or erased based on the Acceptable Spam Threshold applied for the recipient. Spam Confidence Scores are primarily calculated using a process referred to as Bayesian analysis.

Bayesian Analysis looks at how the words within an email are composed to identify any idiosyncrasies that are attempting to circumnavigate the filter´s spam parameters. Common examples include “Viagra” spelled with the Greek letter alpha (“Viαgrα”), and “Prize” spelled using Icelandic symbol for “th” (“Þrize”)

Bayesian Analysis assists in recognizing and stopping the delivery of new strains of spam from spammers that do not yet appear on global blacklists. But there is one more mechanism that significantly reduces the amount of spam tackling detection – Greylisting

Greylisting involves returning each received email to the sender´s server and requesting that it is resent. As spammers´ servers are busy sharing out more spam emails, they are too busy to resend previous emails, the request is unanswered and the spam email never sent again.

Having passed thorough spam detection tests, emails are then inspected for the presence of malware. Most groups will already have antivirus mechanisms in place to protect their networks from trojans hosting adware, spyware and botnets; but some antivirus software fails to address the risks from email-borne threats such as phishing attacks and dangerous URLs.

Phishing attacks and malicious URLs within emails are two of the biggest dangers threats to online security in the present environment. The success of the attacks is dependent on the weakest link in your security chain – your staff. When employees inadvertently divulge usernames and passwords to databases in which confidential data is held, or visit websites that harbor malware, it is not only your online security that is in danger, but also your professional reputation.

The antivirus mechanisms within spam filters for inbound mail provide phishing protection and malicious URL blocking – not only within the content of an email, but also within any attachments. These features are not included in proprietary email filters, but they are essential tools to mitigate the risk that your network will be infected with malware from email-borne dangers.

One more benefit of having antivirus mechanisms built into spam filters for incoming mail is that they scan outgoing mail for malware alsol. It is unlikely that anybody within your group would deliberately send out a malware-infected email. However, a staff member emailing an infected file prepared on a home computer could cause your group’s IP address to appear on a global blacklist – an event that would lead to your group’s email being blocked by your clients´ spam filters for inbound mail.