The product page for the Microsoft Office 365 email solution highlights anti-spam and anti-malware protection. While some businesses may still be under the impression that this is enough protection, most of us know that most email solutions require the help of additional email security software. Office 365’s email solution is no different. While the application is a leader in email client software, it is does not come with comprehensive security out-of-the-box. In order to reduce the amount of illicit email messages your end users receive, while making sure that legitimate emails are delivered, you are going to need to put another layer of email security software into your email solution. You just need to know what to look for.
Going beyond the basics
The email solution in Microsoft Office 365 checks the content of all incoming message for common spam indicators. Based on these scans, each message is assigned a Spam Confidence Level (SCL). If the SCL is beyond the pre-set threshold, the message is sent to the junk folder because it is assumed to be spam. This presents two problems:
- This type of technology is not as effective as it once was because spammers and phishers have learned what this type of email security software looks for and crafts email messages that easily bypass this type of filtering.
- Relying on a “score” increases the likelihood that a legitimate message may be flagged as spam and not delivered to the intended recipient. According to the Washington Post, law firm in Colorado found this out the hard way when their email security software failed to deliver emails from the court system.
To effectively protect your organization against the myriad of threats that often begin with a well-crafted but dangerous email, you need to look to an email security software solution that uses more than a content filter. Even the addition of an anti-malware scan is not enough to truly protect the inboxes of your end-users.
Technologies your email security software needs to incorporate
Enterprise class email security software applications rely on certain technical controls that help keep ahead of the more sophisticated attackers. Among these are:
- STMP challenge/response to verify a sending server’s legitimacy
- DKIM for both inbound and outbound emails
- Inbound and outbound SPF checks
- DMARC management
- Zero-hour anti-virus protection to help guard against unknown threats
Finally, effective email security software also incorporates the means for the end-users themselves to get involved in helping protect your organization. By allowing the users to identify potential spammers and phishers, you are able to help build an additional layer of protection. Users should also have the ability to identify known legitimate senders so that the likelihood of a false positive is also reduced.
The email security landscape has become the front-line in the fight against data breaches and network security. You cannot afford to trust the confidentiality and privacy of information to email security software that is just good enough. You need to know that the solutions guarding your users and your assets will take the extra steps necessary to prevent the bad guys from getting into your network and data.