Most Office 365 and Microsoft 365 business plans include email protection as standard; and, although the level of protection may be adequate for a security-aware workforce, the shortcomings of Office 365 and Microsoft 365 email protection can leave less aware workforces exposed to a range of online threats.
Microsoft 365 email protection is included as standard in any business plan that includes Exchange Online Protection, Microsoft Defender for Office 365, or Microsoft Defender 365. The three security packages can also be subscribed to as standalone solutions if a business uses services other than Office 365 or Microsoft 365 (i.e., Google Workspace, Zoho Office, iWork, etc.).
Microsoft offers SLAs of >99% spam effectiveness and 100% detection and blocking of known viruses for its email protection service. However, these SLAs imply up to 1% of spam avoids detection and viruses that are not yet known to Microsoft (such as “zero-day” attacks) evade detection completely. These can be important shortcomings for a business with a large volume of inbound email.
Greylisting is a function of some email filtering solutions that returns emails from unrecognized IP addresses to their originating mail servers – for example, emails from a new source or contact. The returned emails are added to the originating servers´ mail retry queues and resubmitted as soon as resources become available – usually within minutes.
When the email is resubmitted, the email filtering solution recognizes the email is a returned greylisted email and allows it through to be processed by other front-end tests (recipient validation tests, RBL checks, sender policy framework tests, etc.). Subsequent emails from the same IP address do not have to go through the greylisting process.
Office 365 and Microsoft 365 email protection do not have a greylisting option. The reason this is significant is because, due to the volume of emails that are returned to spammers´ servers (due to being rejected by the front-end tests), the mail retry function is often disabled. This means the spam email is never returned and cannot be delivered to a user´s inbox.
With spammers and cybercriminals becoming increasingly sophisticated and working out how to bypass recipient validation test, RBL checks, and sender policy framework tests, greylisting is one of the most effective ways to reduce spam, mitigate threats from not-yet-known viruses, and overcome the shortcomings of Office 365 and Microsoft 365 email protection.
Overcoming the shortcomings of Office 365 and Microsoft 365 email protection with an alternative email filtering solution does not have to be an “either or” decision. One of the simplest ways to add greylisting to a multi-layered defense against email-borne threats is to deploy a secondary email filtering solution in front of the existing mail server to perform its greylisting role and then forward returned emails onto the Microsoft mail server.
However, there can be advantages to deploying the secondary email filtering solution as the primary email protection and then using the Microsoft mail server to distribute filtered emails to their recipients. For example, configuring and managing Microsoft´s email protection features can be complicated and time-consuming, whereas email filtering solutions such as SpamTitan are designed for ease of use – limiting the likelihood of misconfigurations attributable to human error.
However, if your business has already invested a considerable amount of time and energy into configuring the Microsoft mail server to best suit the business´s requirements, it may be best to use some capabilities from the existing Microsoft mail server and other capabilities from the secondary mail server to fill the gaps in Office 365 and Microsoft 365 email protection, as some malicious emails mat still evade detection even when the greylisting function is activated.
The way in which Microsoft´s “100% detection and blocking of known viruses” works is that Microsoft maintains a database of known viruses against which all inbound emails are checked. If an email contains a virus that does not yet appear in the database, it is not detected and blocked. It is only when an undetected virus deploys its payload that the business that has been disrupted by the attack reports the virus to Microsoft and the virus is added to the database.
This process has its issues inasmuch as the payload might not be deployed immediately, the business may be slow in reporting the virus to Microsoft, and Microsoft may need a little time to identify the nature of the virus before adding it to the database. Consequently, there could be a significant time lapse between the virus avoiding detection by Office 365 and Microsoft 365 email protection and it being added to the database to prevent other customers suffering the consequences.
The way to achieve zero day Office 365 and Microsoft 365 email protection without a significant time lapse is to deploy a secondary email filtering solution with greylisting capabilities and zero day threat intelligence. This means that not only is the number of incoming threats reduced, but those that pass the greylisting function are more likely to be detected by the secondary email filtering solution – preventing users from opening malicious emails or clicking on phishing links.
Few email filtering solutions have all the capabilities required to overcome the shortcomings of Office 365 and Microsoft 365 email protection, but SpamTitan has it all. SpamTitan is a mature email filtering solution trusted by thousands of businesses to fill the gaps in Office 365 and Microsoft 365 threat protection by offering a greylisting options, ease of use, and – via the SpamTitan Plus service – zero day threat intelligence.
SpamTitan not only makes it easy for businesses to overcome the shortcomings of Office 365 and Microsoft 365 email protection, but also helps increase workforce security awareness by converting embedded URLs into rewritten links so each user can clearly see what site they are visiting before clicking a link. Additionally, each link is verified before the destination page is made available to prevent human error attributable to phishing triggers.
To find out more about SpamTitan´s email filtering solution and the SpamTitan Plus service, visit spamtitan.com today where you will be able to request a free demo of SpamTitan in action and request a free trial to evaluate the email filtering solution in your own environment.
Copyright © 2022 ComplianceHome