A Guide to Anti-Spam Software

Anti-spam software dates back to the mid-1990s, when two software engineers started compiling a list of IP addresses from which they had received unsolicited and unwanted emails. The list was distributed as a Border Gateway Protocol to subscribers of the “Mail Abuse Prevention System” (“MAPS” or “SPAM” spelled backwards), which later developed into the Domain Name Server Blackhole List.

More than twenty years later, the Domain Name Server Blackhole List (often called the Real-time Blackhole List or “RBL”) is still the primary mechanism used by anti-spam software to detect unsolicited and unwanted emails. Unfortunately, due to the increasing sophistication of spammers, RBL filters alone are not adequate defenses against email-borne threats such as malware, ransomware and phishing.

What Do Modern Anti-Spam Solutions Consist Of?

Modern anti-spam solutions use a multi-layered approach to detect spam. The mechanisms included in the multi-layered approach vary according to each email service and software provider, but generally consist of a Real-time Blackhole List, Recipient Verification Protocol, Sender Policy Framework and a content analysis tool. The functions of each mechanism are described below:

Real-time Blackhole Lists As mentioned above, a Real-time Blackhole List is a list of IP addresses from which spam is known to have originated. If a match is found between an inbound email and an IP address on the list, the email may be rejected depending on its “IP Reputation” (please see note below with regard to IP Reputation).
Recipient Verification Protocol The Recipient Verification Protocol checks recipient addresses to ensure they are valid. If the business does not have a (for example) info@xyz.com recipient address, the email is rejected, placed into a quarantine folder or flagged, depending on how the business´s spam filter has been configured.
Sender Policy Framework The Sender Policy Framework mechanism checks that inbound mail from a domain (i.e. info@xyz.com) comes from a host authorized by that domain’s administrators. It is an effective means of eliminating “spoofed emails”, in which the sender´s email address is disguised to look as if it is legitimate.
Content Analysis Tool Most anti-spam solutions have a content analysis tool that inspects the heading and content of each email and rates it accordingly. These mechanisms “learn” the probability of an email being legitimate or spam from user actions – usually through a technique known as “Bayesian Analysis”.

One significant development from the mid-1990s is that Real-time Blackhole Lists are now more refined than they were. This is due to RBL agencies assigning an “IP Reputation Score” to IP addresses based on factors such as email open rates, click-through rates, spam complaints and hard bounces (emails returned to their senders because the domain name does not exist or the recipient is unknown).

Modern anti-spam solutions consider IP reputation scores along with the ratings calculated by Content Analysis Tools in order to assign a “spam score”. System administrators can set a “Spam Acceptance Threshold” and, if the spam score exceeds the threshold, the email is rejected, quarantined or flagged, depending on how the business´s spam filter has been configured.

Are These Mechanisms Effective Defenses against Email-Borne Threats?

Unfortunately, no. Although email services and software providers regularly update their Real-time Blackhole Lists, RBLs only capture spam emails from known sources of spam or with poor IP reputations – around 97%-98% of spam. Spammers move around, so standard anti-spam solutions are unable to detect unsolicited and unwanted emails from unknown or “not-yet-known” sources.

Furthermore, a lot of spam emails are sent by botnets from IP addresses with good IP reputations. This occurs when a spammer has gained access to a device and its Internet connection, and can send spam emails from the compromised “zombie” device using command and control malware. The latest Internet Security Threat Report from Symantec calculates there are more than 98.6 million bots in existence.

Although Sender Policy Framework mechanisms can detect some emails sent from compromised accounts, it cannot detect them all – often exposing businesses to BEC and phishing attacks. Therefore, in order to effectively defend networks against email-borne threats, businesses need to implement advanced anti-spam software from a specialist software provider.

What Makes Advanced Anti-Spam Software More Effective?

Advanced anti-spam software contains mechanisms not usually incorporated into standard email filters that are effective at increasing the spam detection rate (often to beyond 99.9%) and mitigating email-borne threats. Typically these mechanisms include Greylisting, SURBL/URIBL filtering and SMTP controls. The function of each is again described below:

Greylisting Greylisting is a process in which emails are returned to the server from which they were sent with a request for the email to be resent. Spammers´´ servers are often too busy to respond to the requests and the spam email is never returned. This process prevents spam from “not-yet-known” sources being delivered.
SURBL/URIBL Filtering SURBL and URIBL filtering provides protection against phishing attacks by rejecting, quarantining or flagging emails that include malicious URLs or links to websites that have been identified as suspicious in previous spam emails. Like RBL lists, these filters are updated frequently by anti-spam software providers.
SMTP Controls SMTP controls perform tests to authenticate the sources of emails and their configurations. The controls can be set to reject emails from non-fully qualified domains, from non-fully qualified MAIL FROM commands, and from those with no DNS A or MX record. Exclusions can be created if necessary.

One potential issue with Greylisting is the time it takes for business-critical emails to be returned to spam filter to be processed by the secondary mechanisms of the anti-spam software. Usually the process may delay email delivery by up to a minute but, in extreme cases, it could take as long as twenty minutes for the originating server to respond to the request for the Greylisted email to be resent.

In order to overcome this potential issue, businesses can whitelist email addresses and domain names so emails originating from the whitelisted source bypass the Greylisting process. Excessive use of the whitelisting process should be avoided, as a spammer could take control of a contact´s trusted email account at any time and use the account to send spam emails from a source with a good IP reputation.

Why Scanning Outbound Emails is Important

Outbound scanning is a factor often overlooked by businesses evaluating anti-spam software, but it is a factor that can be of significant importance to a business´s email communications. As mentioned above, IP addresses are assigned a reputation score based on their histories and, if spam email – or an email containing malware – is sent from a business´s mail server, it could negatively impact their IP reputation.

An email considered spammy by a content analysis tool – or an email found to be harboring malware – does not necessarily mean the business´s network has been compromised by botnets. It could be the case an employee has sent a series of emails containing spam-related keywords or characters (for example “!” or “$”), or has inadvertently imported malware from a personal device.

Nonetheless, if sufficient recipient mail filters rate the email as spam, it will affect the business´s IP reputation to the point at which all emails originating from the IP address fail to get delivered. Outbound scanning identifies outgoing emails with a high spam score or containing malware and either deletes the email, quarantines it, or flags it up to an administrator in a report.

A Quick Anti-Spam Software Comparison

A detailed anti-spam software comparison would quickly be out-of-date due to the speed at which new forms of spam are discovered and measures taken to combat them. However, it is quite clear from the topics discussed so far that, in order to effectively defend networks against spam and email-borne threats, advanced anti-spam software is the ideal solution.

Anti-Spam Software Comparison
Standard Solutions Advanced Solutions
RBL filtering eliminates spam from known sources. Greylisting eliminates spam from “not yet known” sources.
Recipient Verification checks to ensure addresses are valid. SURBL/URIBL filtering removes emails with malicious URLs.
Sender Policy Frameworks helps eliminate spoofed emails. SMTP controls authenticate the source of an email.
Content analysis tools give each inbound email a spam rating. Outbound scanning helps protect a business´s IP reputation.
  • A standard solution will return a spam detection rate of 97%-98%, but an advanced solution with Greylisting will achieve a spam detection rate of 99.9% or higher.
  • Recipient Verification rejects emails without a valid recipient address, but SURBL/URIBL filtering also removes any that contain links to phishing websites or those harboring malware.
  • Standard anti-spam solutions will eliminate spoofed emails, but an advanced solution will determine the source of the email as well to assist with future spam detection.
  • Content analysis tools give each inbound email a spam rating, but anti-spam software with outbound scanning also rates emails sent from businesses to protect IP reputations.

Naturally there are many other factors to consider when conducting an anti-spam software comparison. For example, some businesses are opposed to deploying their security mechanisms in the cloud and prefer on-premises solutions. Other businesses may have concerns about scalability or maintenance overheads, or anti-spam software pricing – which we shall discuss in the next section.

A Look at Anti-Spam Software Pricing

With anti-spam software pricing, it is not necessarily a case of “you get what you pay for”. Some less expensive software is equally as good – if not better – than software sold by “leading” software developers, and reviewing software price comparison websites is often not much help, as the owners of the websites want to sell their “top-rated” anti-spam software in order to get the best commission.
In some cases, anti-spam software pricing excludes the cost of software updates or it may be necessary to pay for a guaranteed level of service. Some vendors offer features such as anti-virus scanning or outbound scanning as an optional (premium) extra, while others bundle their anti-spam software into multi-component packages – most of which may never get used.

It is recommended to select a vendor that is flexible in their licensing so, if the number of mailboxes to protect increases or decreases, so does the price. Vendors offering this service often charge according to the number of mailboxes, the preferred deployment option, and the most convenient payment cycle. An example of how this works can be found in our “Instant Quote Calculator”.

The Cost of Spam Email to Businesses

Although it is natural businesses want to pay the best price for the best anti-spam software, the price paid is likely to be negligible compared with the cost of spam email. The average office employee spends 2.8 minutes per day managing spam email. Multiply 2.8 minutes by 1,000 employees and 250 working days per year, and businesses could be losing more than 11,000 hours per year in productivity costs.

Business can decrease the amount of spam being delivered to email inboxes by 95% by replacing a spam filter achieving a capture rate of 98% with a spam filter achieving a capture rate of 99.9%. There is no guarantee the business would recover the full 10,450 hours saved by implementing an advanced anti-spam solution, but the cost of its implementation would be justified by productivity gains alone.

Discussing the cost of spam email in relation to a successful malware, ransomware or phishing attack can lead to substantial figures being mentioned. IT security specialists talk of the costs of recovering from a successful malware attack running into millions of dollars, while the FBI estimates that globally businesses have lost more than $12.5 Billion since 2013 due to successful Business Email Compromise (BEC) attacks, up from $5.3 billion in December 2016.

Tips to Prevent the Delivery of Spam Emails

Most IT security specialists agree that the best way to prevent the delivery of spam emails to inboxes is to implement advanced anti-spam software and ensure it is kept up-to-date in order to protect networks against new malware variants. Where disagreement exists, it usually concerns policies related to password management and how often – if ever – they should be changed.

Other disagreements relate to how spam emails should be handled. Some IT specialists argue they should be deleted straightaway. Others say quarantining them first is the best practice. There is also a school of thought that spam email should be reported to RBL agencies, although the IP reputation calculation of Real-time Blackhole Lists tends to attend to this matter quite well.

Although each business will likely develop its own policy relating to how spam email should be handled, it is important employees are trained on how to manage spam emails that avoid detection and that are delivered to their inboxes. Due to the nature of the threats that can be hidden within spam emails, employees should be trained to:

  • Never open an email from a suspicious source or with an unfamiliar greeting- especially if it has an attachment.
  • Be wary of any Microsoft Office attachment that requests users to enable macros in order to view its content.
  • Reply to internal emails by first deleting the “to” address and then obtaining the address from the corporate address book.
  • Always query any email that demands an action without following the usual procedure. This is the most frequent reason for successful BEC attacks.
  • Never give out sensitive information via email. Not only might the information fall into the wrong hands, but emails can be intercepted during transit.
  • Unless absolutely sure a link in an email is genuine, it should never be clicked, and instead typed (not copied and pasted) into the browser bar.

Are We Giving System Administrators Too Much To Do?

So far in this article, we have mentioned that anti-spam software treats spam email depending on how the spam filter is configured, that system administrators have a responsibility to apply appropriate acceptable spam thresholds, that exclusions can be created for SMTP controls, and trusted domains can be whitelisted in order to bypass the Greylisting process.

Once other administrative tasks are included – developing per user or per user-group spam policies, reviewing spam filter reports, and training employees on how to manage spam emails – it could be argued advanced anti-spam solutions give system administrators too much to do. Certainly, implementing anti-spam software with a high maintenance overhead can be labor-intensive.

Furthermore, an anti-spam solution that is complicated to use can result in the solution being ineffective. As was seen when the first anti-spam software was developed in the mid-1990s, if the software is not easy to use, the filtering parameters can be set too high with the result that business-critical email is rejected or placed into a quarantine folder.

The SpamTitan Solution to High Maintenance Overheads

SpamTitan is part of a group of companies that has developed online security solutions since 1999. Businesses throughout the world use our anti-spam software to detect unwanted and unsolicited emails and to better defend their networks against email-borne threats. By listening to feedback from our customers, we have developed advanced anti-spam software that is both effective and easy to use.

Consequently, whichever deployment option is chosen (cloud-based or on-premises), SpamTitan is easy to set up, simple to configure and operational within minutes. Our anti-spam software integrates with LDAP and other directory tools so that user policies can be applied with the click of a mouse, and is managed from a web-based portal with an intuitive graphic user interface (GUI).

Each of the filtering mechanisms is updated automatically, quarantine reports can be scheduled in advance, and administrator alerts created to advise of high level threats found in inbound or outbound emails. SpamTitan is unable to train employees on how to manage spam emails, but due to a verified spam detection rate of 99.97%, very little spam should be delivered to employees´ inboxes.

A Summary of SpamTitan Features and Benefits

SpamTitan is a versatile, scalable and user-friendly solution to the problem of spam email. Our advanced anti-spam software provides a much higher level of spam detection than standard solutions and includes multiple features that are easy to apply and manage. The following is a brief summary of SpamTitan´s features and benefits:

  • A verifiable spam detection rate of 99.97% – with a low false positive rate of just 0.03% – enhances productivity and minimizes the risk from web-borne threats.
  • Dual anti-virus software provided by Bitdefender and Clam AV blocks malware and ransomware trying to infiltrate networks via email.
  • SURBL and URIBL filtering rejects, quarantines or flags emails in which malicious URLs have been detected to reduce a business´s exposure to phishing.
  • Outbound scanning identifies issues that could negatively affect a business´s IP reputation and may be an early warning signal for an internal security problem.
  • Spam policies and can be applied by individual user, user-group or universally, and easily adjusted via the web-based portal for administrator-friendly management.
  • Administrators can choose from a suite of reporting options, schedule reports in advance and create alerts to advise them quickly of email-related issues.
  • SpamTitan is available as a cloud-based solution (SpamTitan Cloud) or as an on-premises solution (SpamTitan Gateway) giving businesses a choice of deployment options.
  • Whichever deployment option is chosen, SpamTitan´s anti-spam software is compatible with all operating systems and networks.
  • A range of competitive subscription options is provided to suit all budgets – including a monthly payment option for smaller organizations and SMBs.
  • For Managed Service Providers (MSPs), SpamTitan is available in white label format to rebrand and supply as a standalone or add-on product to clients.

How Does SpamTitan Block Spam Emails

More About SpamTitan´s Anti-Spam Software for MSPs

SpamTitan is not only an effective anti-spam solution for businesses, it also provides Managed Service Providers, System Integrators and service resellers with the opportunity to offer our anti-spam software to existing clients as a new service, or attract new business under their own branding – regardless of the number of users connecting to service.

We particularly believe SpamTitan Cloud offers unique opportunities to MSPs, as no end-user software installations are required, there are no limits on bandwidth, and every customer´s service can be managed from a single web-based portal. Furthermore, MSPs have the choice of supplying our anti-spam software from our cloud, a private cloud, or within their own cloud or hybrid infrastructure.

MSPs interested in learning more about our competitive pricing strategies and aligned monthly billing cycles are invited to download our MSP Alliance Program brochure. Alternatively, if you have any questions about SpamTitan´s anti-spam software for MSPs or would like to discuss becoming a SpamTitan Certified Partner, speak with our MSP Alliance Director Conor Madden on +1 813 304 2544.

Office 365 Anti-Spam Controls and SpamTitan Features Compared

Microsoft Office 365 is now used by many businesses. While the package is loved by many, the email security features included in Office 365 are often criticized as they are not as effective at blocking spam, phishing, and other malicious messages as third party spam filters.

To significantly strengthen Office 365 security it is necessary to adopt a defense in depth strategy. By layering another email security solution on top of Office 365, organizations can greatly improve resilience to phishing attacks and malware threats.

SpamTitan uses a range of predictive techniques to identify and block new threats such as zero-day attacks and new malware variants. The email filter of SpamTitan uses SURBL filtering and malicious URL detection mechanisms to minimize the likelihood a malicious email avoiding detection, while twin anti-virus software engines ensure that 100% of known malware is blocked.

Comparison of Office365 and SpamTitan

Try SpamTitan´s Anti-Spam Software for Free

IT security specialists agree the volume of spam emails will continue to increase into the next decade. The percentage of malicious URLs contained in unsolicited emails is also expected to increase. These trends will continue as it only takes a handful of responses, successful malware deployments or fruitful phishing attacks or to justify the continuation of a spamming operation.

The best way to defend networks against the increasing and significant volume of email-borne threats is with an advanced anti-spam solution. But which one is most suitable for your business? With so many software providers in the marketplace, determining which is the most suitable can be a time-consuming process, during which your network may be exposed to a higher threat level than necessary.

Therefore we invite businesses to take advantage of a free trial of SpamTitan. Our trial provides the opportunity to evaluate SpamTitan´s high spam detection rate and ease of use in tour own environment without any obligation to continue using our anti-spam software once the free trial has ended. Contact us today to find out more about our free trial offer, or click on the “Start Free Trial” button above.

Logos