In the business world, technologies such as social media, text messaging and instant messaging are all becoming acceptable forms of communication. Despite end users having so many different communication tools at their disposal, email remains the most widely used form of business communication.
Cyber criminals are well aware of this: 59.2 percent of all email in Q1 2015 was considered malicious. This number is so high is because unscrupulous senders know that the odds are in their favor and someone will fall for their scams if they send out enough emails and avoid their recipient’s spam filtering service.
In some companies, the end-user doesn’t worry about spam or phishing attacks. They know that there is a spam filtering service in place and they assume that it takes care of all malicious emails for them so anything they receive in their inbox must be legitimate. This type of attitude is dangerous, and it is exactly the careless nature that leads to companies finding themselves compromised.
So if these types of companies are at risk, how do you find a spam filtering service that works for the employees? Do you simply tighten up the threshold for detecting spam and phishing? This may not be the best approach, because over tightening often leads to an increase in false positives. How about employing a blacklist to block known spam and phishing domains? Well, spammers can easily register a new domain if the ones they are using are on any of the known blacklists and sneak right past the email filtering service that relies on that technology.
Technologies for the Best Spam Filtering Service
A spam filtering service that works is one that uses a combination of technologies that work to provide a layered defense. Some of the technologies that should be a part of any effective protection include:
- A combination of SPF, DKIM and DMARCto protect against spoofing
- Real-time message scanning
- Anti-virus protection
- The involvement of the end-user
Other than involving your end-users, each of these technologies works behind the scenes to provide different types of protection.
Silverlisting, a form of greylisting, which protects the end-user by taking steps to make sure that the sending server is legitimate and not a spam-bot. When a message arrives from an IP address that the spam filtering service has never seen before, it holds off on delivering that message. As per SMTP, a legitimate email server will realize that the message was not delivered and attempt to resend it. Since spam servers are optimized to send hundreds of thousands of emails, this check would slow the process down. If the message is resent, then it passes this layer of security.
Protecting against email spoofing gives the end-user the confidence that the emails they receive are sent by the person they claim to be from. Since spoofing an email address is quite simple, email filtering services employ SPF, DKIM and DMARC to validate that the domain used by the sender comes from a permitted IP address and if it does not, what to do with that message.
Since email is meant to be a method of communication that is quick, it is important for the end-user to have almost immediate access to messages they receive so emails need to be scanned for threats in real time. Holding them in a queue for later analysis by the spam filtering service holds up then end-user’s workflow and may cause them to miss out on important emails.
Finally, it is important to make sure that emails are scanned for malware using zero-hour protection to guard against known threats, but also advanced threats where unknown attack patterns are used. To do this, email spam filtering services need to employ recurrent pattern detection technology so that users are less likely to be presented with emails that contain active threats with no known signature file.
Involving the end user
Although most spam and phishing attacks are stopped early on by an effective email filtering service, your security program needs to keep the end user engaged in the process so that they remain vigilant. To do this, email filtering services often allow the end user to identify emails as malicious or legitimate through whitelists and blacklists that pertain to them alone. Another way to engage the end user is to rely on them to teach the email filtering service how to better spot spam by identifying junk and malicious emails.
While these are both great additions to have, something that makes email spam filters even more user friendly is the concept of a trusted community. Here, all known email contacts from different enterprise systems are added along with contacts from the individual users. These email addresses are then known to the spam filter as trusted senders so messages from them are not flagged as false positives.
If a sender is not part of the community, they have the ability to join if they reply to a Sender Address Verification message that the email spam filter sends to them.
Engaging your end-users in the process of stopping malicious emails helps keep them vigilant and helps solve the problem missing an important email that was mistakenly identified as illegitimate. To see how Sendio can help you better engage your end-users into the fight against malicious emails schedule a demo to see just what this multi-layered email filtering service has to offer you.