Mail filters play a huge role in protecting organizations from cyberattacks. Even though their task is quite small, they are very important for an organization’s ability to deter many malicious phishing and spam emails before delivery to a person’s inbox. According to the IBM X-Force Threat Intelligence Index, 40% of attacks in the manufacturing industry are phishing attacks, and 1 in 3 employees are most likely to fall for a phishing scam.
How do mail filters work?
Email SPAM filters use a variety of techniques to protect mail delivery. A mail filter will take action, such as rejecting, redirecting, or quarantining emails. Spam Filters search for attempts to deceive the recipient such as spoofed URLs by comparing addresses to filter out emails of known spammers. Blocklists, or disallow lists contain details of the known spammers, but still spammers can disguise the header information to make their messages look genuine. Content Filters go beyond the header information, and analyze the contents of messages. For example, emails containing executable files or links to malicious websites are flagged as spam.
Factors that are used to identify spam emails include:
- Source IP address and domain reputation – The reputation of the IP address and its associated domain of the email addresses, its history of complaints, and any warning flags are considered.
- Spam Traps – When an email account is locked due to non-usage the Email Service Provider (ESP) will recycle the email address and turn it into a spam trap. Email providers plant fake email addresses to see where bots may use them.
- Sending Rate – Emails can be halted from reaching the inbox if too much volume or the same email is flooded to the same server or domain
- Authentication – Authentication protocols are used by ISPs to verify email senders to prevent attackers and spammers. If the emails do not pass authentication, they are more likely to be classified as risky or spam.
- User engagement – ESPs like Gmail assesses user engagement with emails such as emails that are marked as spam, emails that are marked as not spam, emails that are deleted without being read, starred messages, and so on.
There are several types of spam filters
- Content, or word filters – This filter examines the body of the email for word choices, syntax errors, or copied content. It also checks for signs whether the email is written by a bot. If the filter notices any of these signs it will direct the mail to a spam folder.
- Header filters – This filter examines the mail header, which includes information about the sender’s and recipient`s addresses and the routes of servers that has made along the way. The filter is able to identify whether the mail is from a known spammer or a suspicious IP.
- Rule-based filters – Rules and standards that are defined to evaluate wording on the header and the body of the email.
- Permission filters – The sender should be approved by the recipient before any communication takes place.
- Challenge–response filters – This filter automatically replies with a challenge to the sender of an incoming mail to verify their identity before sending the mail. Once verified, a particular sender does not need to complete this action again.
What to look for when choosing a spam filter
When selecting a spam filter or an email filtering service provider, make sure that they have high Anti-Spam accuracy where spam emails are identified correctly, while legitimate, and critical emails are sent to the correct inboxes. Also, filters with easily adjustable sensitivity controls will give more flexibility about what type of emails are to be filtered. Make sure that the email filter is compatible with the company`s policies and that the service is cost-efficient according to the company`s requirements. Threat actors are able to spoof emails disguised as the company domain, make sure your email filters have the ability to identify falsified email senders as well. Most importantly check for product reviews and ratings submitted by users, and, if possible, arrange to speak with current customers of the service to get a more candid assessment than what is curated on the vendor’s site.
Conclusion
Mail filters are very important in protecting organizations against cyberattacks. Many phishing attacks are attempted via malicious attachments or links, and many employees tend to fall for them by accidentally clicking them. Mail filters identify these malicious, spam emails before they reach the inbox. Even though it seems like a small task, there are so many functionalities behind a mail filter for it to operate. Therefore, it is very important to select the right mail filter for your company to defend against phishing attacks.
About the Author:
Dilki Rathnayake is a Cybersecurity student studying for her BSc (Hons) in Cybersecurity and Digital Forensics at Kingston University. She is also skilled in Computer Network Security and Linux System Administration. She has conducted awareness programs and volunteered for communities that advocate best practices for online safety. In the meantime, she enjoys writing blog articles for Bora and exploring more about IT Security.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
