How an Anti-Spam Server Differs from a Mail Server

The distinction between an anti-spam server and a mail server can be difficult to explain. Traditionally, an anti-spam server has been regarded as a mail server with email filtering software acting as a gateway between the mail server and the firewall. More recently, an anti-spam server can also be cloud-based, with the email filtering software connecting to the mail server via the MX record.

Some definitions of the term anti-spam server simply relate to the way in which the filtering process is conducted at server-level, rather than at each individual device (“client”) connected to the network. Server-level filtering is much less labor-intensive than client-level filtering, and it gives administrators clearer oversight of network activity. In this respect, an anti-spam server is a far more effective security solution for protecting networks against phishing, malware and ransomware.

Don’t All Mail Servers Have Email Filtering Software?

Most mail servers already have some form of email filtering software; or at least provide tools with which administrators can set rules about how incoming email should be managed. Some of these tools are very good, and can learn to identify emails with a high probability of spam content (Bayesian Analysis), or move emails to a spam folder based on users´ previous actions (Adaptive Junk Filtering).

However, due to the evolving sophistication of spam email – and the fact that filtering mechanisms capable of learning new tricks do so retrospectively – many “default” filtering mechanisms would not be regarded as an effective anti spam server because they are not very good at detecting spam email. For example, in a recent test conducted by independent testing service AV Comparatives, the Outlook default filtering mechanism detected just 89.87% of spam email.

Percentages Matter With Email Filtering Software

Due to the risk of malware and ransomware being deployed by spam email, most businesses choose to implement third-party email filtering software in order to support the email detecting capabilities of the default filtering mechanisms and change their mail server into an anti spam server. Third party email filtering software can also be good, bad or indifferent when it comes to detecting spam emails.

In a test similar to that which identified Outlook´s low spam detection rate, researchers sent 127,800 spam emails through a number of different spam filters within a week. The researchers found the average spam detection rate between the top ten performing spam filters was 96.86% – meaning that, on average, more than 4,000 spam emails avoided detection.

It is not unusual for a large organization to be sent 127,800 spam emails within a week. In 2015, the Radicati Group estimated the average office-based employee was receiving 12 spam emails a day; so, at a rate of 60 spam emails a week and an average spam detection rate of 96.86%, a business would only need to have sixty-seven office-based employees in order to have 127,800 spam emails sent to it each week. ({127,800 * (1 – 0.9686)} / 67).

Regardless of which “Top 10 Cybersecurity Threats” article you read, email is the number 1 threat vector for businesses. Most malware attacks and approximately 90% of ransomware attacks start at email level, which is also where most phishing attacks originate (the majority of the remainder being delivered via social media). Furthermore, cybercriminals are becoming more sophisticated in the techniques they use to avoid detection and fool users into opening their emails.

 

Threats from Phishing, Malware and Ransomware

Read over 200+ Independent Reviews on Capterra

2020 was a successful year for cybercriminals in the business of ransomware. Tactics were adjusted to fit the climate of home working and utilize the proliferation of stolen data and credentials. Businesses across all sectors should expect ransomware attacks to continue if cybercriminals get their payday. RaaS only exacerbates the issue by making the tools behind the crime easy to use.

One thing is certain, cybercriminals will adapt their tactics and processes to fit the environment. The ransomware of old, which relied on encrypting data to extort a ransom, is now using expanded techniques including data exfiltration and the threat of exposure of stolen data. For the cybercriminal, ransomware is the gift that keeps on giving.

Organizations too must adapt to counterbalance these cyber-threats, no matter what form they take. Ransomware must be stopped before the point of entry and not left to be dealt with after an attack has taken hold. The use of social engineering to manipulate users, along with stolen data and credentials to propagate attacks, and adaptive tools that evade detection, makes ransomware a formidable security threat. ‘Nipping ransomware in the bud’ is a strategic move by an organization to contain this threat. Endpoint protection is clearly not enough. The use of a smart monitoring system designed for complex threats like ransomware can detect threats in real-time before they become an infection. Unlike traditional endpoint anti-malware, smart monitoring platforms perform real-time updates and protect against active and emerging phishing URLs and threats. Cybercriminals are masters of invention and have many tricks up their sleeve, however, businesses can fight back, but to do so, they must take real-time action.

One of the most popular techniques currently being employed is “spoofing”. Email spoofing is when a cybercriminal constructs an email to look as if it originates from a trusted source (a bank, a solicitor or event the business itself). If the spoofed email is sent from a not yet identified source of spam and is returned after greylisting (see below), it could avoid detection by “standard” email filtering software.

The best defense against spoofing is a trio of front line mechanisms – HELO tests, DKIM tests and DMARC tests – which validate the sender of the email against a Sender Policy Framework. This process can eliminate all spoofing emails except those that originate from a compromised account within the business itself and counter the increasing sophistication of spam emails to prevent users falling for phishing emails.

Spam Emails Cost Money by Reducing Productivity

In addition to the threats from phishing, malware and ransomware, spam emails cost businesses money by reducing productivity. Experts have estimated it takes a security-conscious employee an average of four seconds to identify and delete a spam email. Therefore, an employee receiving 12 spam emails per day would spend four minutes a week deleting spam emails – or 192 minutes per year based on a 48-week cycle.

Multiple 192 minutes by sixty-seven employees, and we are looking at 214.4 hours a year; or – at an average office worker´s hourly rate of $12.50 per hour – $2,680. The cost may not seem a lot unless you pay your office workers a lot more than $12.50 per hour or employ more than sixty-seven employees that have access to email – and provided they are all security-conscious.

Should one malware-laden email be opened in error, the cost can be far greater. A 2015 study by the Ponemon Institute (“The Cost of Phishing and Value of Employee Training”) found the average cost of recovering from a successful phishing attack was $338,098. The cost of an uncontained malware attack or credential compromise incident was much higher.

Reduce Exposure to Spam with a SpamTitan Email Filter

The best way in which businesses can reduce their exposure to spam, increase employee productivity and minimize the threats from phishing, malware and ransomware is with an email filter from SpamTitan. SpamTitan filters have advanced filtering mechanisms, which – subject to the acceptable spam thresholds applied by system administrators – detect 99.97% of spam emails.

One of the reasons why SpamTitan´s email filters achieve a much high spam detection rate than the top ten tested spam filters is a process known as greylisting (you can read more about greylisting in our technical support article). Administrators also have the choice of enabling Sender Policy Frameworks, HELO/DKIM/DMARC tests and recipient verification protocols in order to minimize the business´s exposure to spam.

Compared with the average spam detection rate of the top ten tested spam filters, an employee previously receiving twelve spam emails a day would only receive four spam emails a day. The cost per year of lost productivity for a business employing sixty-seven office-based workers would fall from $2,680 to $894, and the business would be 66% less likely to be the victim of a successful phishing attack, uncontained malware attack or credential compromise.

Read over 200+ Independent Reviews on Capterra

Is SpamTitan a Gateway or Cloud-Based Anti Spam Server?

We offer our anti spam server with a choice of deployment options. SpamTitan is available as a Gateway anti spam server (with the additional option of clustering) or as a cloud-based anti spam server that can be hosted in our cloud or in a private cloud if required. Both solutions are easy to manage via a centralized administration portal, through which administrators can apply and adjust acceptable spam thresholds by user, user-group or business-wide with the click of a mouse.

Both solutions are compatible with all operating systems and networks, have fully automated updating, and are scalable to an unlimited number of mailboxes. SpamTitan also supports multiple domains – making it an ideal anti spam server for Managed Service Providers looking for a multi-tenanted solution to resell to clients. We can provide SpamTitan as a white label product if required.

If you would like to know more about how a spam email filter from SpamTitan turns your mail server into an anti spam server, do not hesitate to contact us. Our team of experienced Sales Technicians will be happy to answer any questions you have and will offer you a free trial of the SpamTitan solution most suitable for your requirements. It takes less than twenty minutes to turn your mail server into an anti spam server with SpamTitan, so contact us today, and start reducing your business´s exposure to spam, increase employee productivity and minimize the threats from phishing, malware and ransomware.

  • Quick deployment.
  • Easy synchronization with Active Directory and LDAP.
  • Administered via a web-based portal. No agents required.
  • Spam Confidence Levels can be applied by user, user-group and domain.
  • Greylist, whitelist or blacklist senders/IP addresses.
  • Sandboxing
  • Infinitely scalable and universally compatible.
  • Available in white label format for MSPs.

 

Better Anti-Spam Server FAQs

How does the greylisting process work?

The Greylisting process works by returning non-whitelisted emails to their originating server. Due to the volume of emails returned to spammers’ servers (via all filtering processes), spammers’ servers often have the resubmission feature disconnected and the spam email is never returned to the anti-spam server. This not only reduces the volume of spam entering the server, but reduces the workload on the server – enabling it to work more efficiently.

Is it possible to bypass the greylisting process?

It is possible to bypass the Greylisting process by whitelisting trusted sources so emails from the trusted sources are not greylisted. It is recommended whitelisting is used with care. While whitelisting a trusted sender will accelerate the delivery of their emails, the risk exists that a trusted sender´s email account could be compromised and used to send spam, malware, or phishing emails.

With high spam detection rates, what are the chances of blocking genuine emails in error?

With high spam detection rates, the chances of blocking genuine emails in error are no different than with low spam detection rates, especially if (for example) they have typically spammy subject titles (i.e., “Hello”). However, in the latest testing of SpamTitan Gateway and SpamTitan Cloud, the “false positive” rate was recorded at just 0.003%. This means only 1-in-33,333 genuine emails were mistakenly categorized as spam on optimal settings.

Most spam mail is harmless, so why implement an anti-spam server?

Although most spam is harmless, implementing an anti-spam server will prevent those which are malicious evading detection. Some sources claim malicious emails only account for 2.5% of all spam emails. However, there are more than 15 billion spam emails sent each day. Consequently, if the claim is correct, that is more than one malicious email for each man, woman, and child in the USA per day.

How much does a better anti-spam server cost?

Better anti-spam server costs are priced according to the number of email inboxes you wish to protect and the length of time you wish to subscribe to the service. The payment frequency can also be a factor. To help businesses better understand the cost of an anti-spam server, we provide an anti-spam cost calculator, or you are invited to contact us and request a quote.

What are the benefits of using an anti-spam server?

The benefits of using an anti-spam server are that it helps reduce the amount of unwanted spam received by users, improves the performance of the email system, and enhances email security by blocking potential threats such as malware, phishing, and ransomware.

Can an anti-spam server be deployed on-premises or in the cloud?

An anti-spam server can be deployed on-premises or in the cloud, and also in hybrid environments. In most cases, when an anti-spam server is deployed on-premises, it is most often maintained by the organization or a Managed Service Provider. Anti-spam servers deployed in the cloud are maintained by the software vendor inasmuch as the software and spam databases are kept up to date.

What features should I look for in an anti-spam server?

The features you should look for in an anti-spam server include robust filtering capabilities, adjustable spam detection settings, quarantine management, reporting and monitoring tools, and integration with existing email systems. It may also be important for you to consider the server’s anti-virus capabilities and customizable policy application.

Can anti-spam servers adapt to new spam techniques?

Anti-spam servers can adapt to new spam techniques and are regularly updated with new spam signatures and detection algorithms to adapt to evolving spam techniques and maintain a high level of accuracy in spam identification. However, it is important users are told to report spam emails that evade detection (rather than delete them), so evolving spam techniques can be identified quicker.

Should an anti-spam server be used in conjunction with other anti-spam measures?

An anti-spam server should be used in conjunction with other anti-spam measures to minimize the risk of mail-borne threats. Other anti-spam measures to include in a multilayered approach to combatting spam include gateway filtering, client-side spam filters, and DNS-based blacklists. Depending on the nature of your organization’s activities and the susceptibility of employees to phishing, you may also want to include in that list point of click URL protection.

Related Articles

Anti-Spam Software

Anti-Spam Software

Anti-Spam Gateway

Anti-Spam Tips 

Anti-Spam Solutions for MSPs

Hosted Anti-Spam