A Guide to Anti-Spam Software

Anti-spam software dates back to the mid-1990s, when two software engineers started compiling a list of IP addresses from which they had received unsolicited and unwanted emails. The list was distributed as a Border Gateway Protocol to subscribers of the “Mail Abuse Prevention System” (“MAPS” or “SPAM” spelled backwards), which later developed into the Domain Name Server Blackhole List.

More than twenty years later, the Domain Name Server Blackhole List (often called the Real-time Blackhole List or “RBL”) is still the primary mechanism used by anti-spam software to detect unsolicited and unwanted emails. Unfortunately, due to the increasing sophistication of spammers, RBL filters alone are not adequate defenses against email threats such as malware, ransomware and phishing.

What Do Modern Anti-Spam Solutions Consist Of?

Modern anti-spam solutions use a multi-layered approach to detect spam. The mechanisms included in the multi-layered approach vary according to each email service or software provider, but generally consist of a Real-time Blackhole List, Recipient Verification Protocol, Sender Policy Framework and a content analysis tool. The functions of each mechanism are described below:

Real-time Blackhole Lists As mentioned above, a Real-time Blackhole List is a list of IP addresses from which spam is known to have originated. If a match is found between an inbound email and an IP address on the list, the email may be rejected depending on its “IP Reputation” (please see note below with regard to IP Reputation).
Recipient Verification Protocol The Recipient Verification Protocol checks recipient addresses to ensure they are valid. If the business does not have a (for example) info@xyz.com recipient address, the email is rejected, placed into a quarantine folder or flagged, depending on how the business´s spam filter has been configured.
Sender Policy Framework The Sender Policy Framework mechanism checks that inbound mail from a domain (i.e. info@xyz.com) comes from a host authorized by that domain’s administrators. It is an effective means of eliminating “spoofed emails”, in which the sender´s email address is disguised to look as if it is legitimate. DMARC is also used to verify a sender is authorized to send messages from a particular domain.
Content Analysis Tool Most anti-spam solutions have a content analysis tool that inspects the headers and content of each email and rates it accordingly. These mechanisms “learn” the probability of an email being legitimate or spam from user actions – usually through a technique known as “Bayesian Analysis”.

One significant development from the mid-1990s is that Real-time Blackhole Lists are now more refined than they were. This is due to RBL agencies assigning an “IP Reputation Score” to IP addresses based on factors such as email open rates, click-through rates, spam complaints and hard bounces (emails returned to their senders because the domain name does not exist or the recipient is unknown).

Modern anti-spam solutions consider IP reputation scores along with the ratings calculated by Content Analysis Tools in order to assign a “spam score”. System administrators can set a “Spam Acceptance Threshold” and, if the spam score exceeds the threshold, the email is rejected, quarantined or flagged, depending on how the business’s spam filter has been configured.

Are These Mechanisms Effective Defenses Against all Email Threats?

Unfortunately, no. Although email services and software providers regularly update their Real-time Blackhole Lists, RBLs only capture spam emails from known sources of spam or IP addresses with poor reputations. Typically RBLs detect around 97%-98% of spam. Spammers frequently change their IP addresses and domains, and often compromise legitimate email accounts with good reputations and use them for spamming. RBLs are not effective at blocking these new spam sources, and anti-spam solutions that lack more advanced features will allow between 1% and 3% of spam emails through.

A lot of spam email is now sent by botnets from IP addresses with good IP reputations. This occurs when a spammer has gained access to a device and its Internet connection, and can send spam emails from the compromised “zombie” device using command and control malware. The latest Internet Security Threat Report from Symantec calculates there are more than 98.6 million bot-infested zombie devices in existence.

Although Sender Policy Framework mechanisms can detect some emails sent from compromised accounts, it cannot detect them all – often exposing businesses to BEC and phishing attacks. Therefore, in order to effectively defend networks against email-based threats, businesses need to use advanced anti-spam software from a specialist software provider and not rely on the basic anti spam software implemented by their email service provider.

What Makes Advanced Anti-Spam Software More Effective?

Advanced software for filtering spam email incorporates mechanisms not usually found in standard email filters. These additional measures take spam detection rates up to 99.9% or more. Typically, these mechanisms include Greylisting, SURBL/URIBL filtering and SMTP controls. The function of each is described below:

Greylisting Greylisting is a process in which emails are returned to the server from which they were sent with a request for the email to be resent. Spammers’ servers are often too busy to respond to the requests and the spam email is never returned. This process prevents spam from “not-yet-known” sources from being delivered.
SURBL/URIBL Filtering SURBL and URIBL filtering provides protection against phishing attacks by rejecting, quarantining or flagging emails that include malicious URLs or links to websites that have been identified as suspicious in previous spam emails. Like RBL lists, these filters are updated frequently by anti-spam software providers.
SMTP Controls SMTP controls perform tests to authenticate the sources of emails and their configurations. The controls can be set to reject emails from non qualified domains, from non-fully qualified MAIL FROM commands, and from domains with no DNS A or MX record. Exclusions can be created if necessary.

One potential issue with Greylisting is the time it takes for business-critical emails to be returned to the spam filter to be processed by the secondary mechanisms of the anti-spam software. Usually the process may delay email delivery by up to a minute but, in extreme cases, it could take as long as twenty minutes for the originating server to respond to the request for the Greylisted email to be resent.

In order to overcome this potential issue, businesses can whitelist email addresses and domain names so emails originating from the whitelisted source bypass the Greylisting process. Excessive use of the whitelisting process should be avoided, as a spammer could take control of a contact´s trusted email account at any time and use the account to send spam emails from the account. Being whitelisted, those emails would then be delivered.

Why Scanning Outbound Emails is Important

Outbound scanning is a factor often overlooked by businesses evaluating anti-spam software, but it is a very important feature. As mentioned above, IP addresses are assigned a reputation score based on their histories and, if spam email – or an email containing malware – is sent from a business’s mail server, it could negatively impact their IP reputation.

An email considered spammy by a content analysis tool – or an email found to be harboring malware – does not necessarily mean the business’s network has been compromised by a botnet. It could be due to an employee sending a series of emails containing spam-related keywords. Nonetheless, if sufficient numbers of recipient mail filters rate the email as spam, it will affect the business´s IP reputation to the point where all emails originating from the IP address fail to get delivered. Outbound scanning identifies outgoing emails with a high spam score or containing malware and either deletes the email, quarantines it, or flags it to an administrator in a report.

Even the best spam software will not block all phishing threats, and should an employee fall for a phishing scam and disclose their credentials – or if credentials are obtained by a threat actor by other means – the email account can be accessed and used to send phishing emails internally or to business contacts and customers. Outbound scanning of emails helps to identify these breaches quickly to allow steps to be taken to mitigate the attack and limit the harm caused.

Outbound scanning also serves as a data loss prevention mechanism to identify attempts by malicious insiders to send sensitive data externally to personal email accounts. Spam filters such as SpamTitan allow tags to be applied to certain data types such as Social Security numbers to prevent messages containing those data types from being sent.

A Quick Anti-Spam Software Comparison

A detailed anti-spam software comparison would quickly become out-of-date due to the speed at which new forms of spam are discovered and new measures introduced to combat them. However, it is quite clear from the topics discussed so far that, in order to effectively defend networks against spam and email threats, advanced anti spamming software is now necessary.

Anti-Spam Software Comparison
Standard Solutions Advanced Solutions
RBL filtering eliminates spam from known sources. Greylisting eliminates spam from “not yet known” sources.
Recipient Verification checks to ensure addresses are valid. SURBL/URIBL filtering removes emails with malicious URLs.
Sender Policy Frameworks helps eliminate spoofed emails. SMTP controls authenticate the source of an email.
Content analysis tools give each inbound email a spam rating. Outbound scanning helps protect a business´s IP reputation.
  • Standard anti spam solutions will return a spam detection rate of 97%-98%, but an advanced solution with Greylisting will achieve a spam detection rate of 99.9% or higher.
  • Recipient Verification rejects emails without a valid recipient address, but SURBL/URIBL filtering also removes messages that contain links to phishing websites or those harboring malware.
  • Standard anti spamming solutions will eliminate spoofed emails, but an advanced solution will determine the source of the email as well to assist with future spam detection.
  • Content analysis tools give each inbound email a spam rating, but anti-spam software with outbound scanning also rates emails sent from businesses to protect IP reputations.

Naturally there are many other factors to consider when conducting an anti-spam software comparison. For example, some businesses are opposed to deploying their security mechanisms in the cloud and prefer on-premises solutions. Other businesses may have concerns about scalability or maintenance overheads of spam email software, or anti-spam software pricing – which we shall discuss in the next section.

A Look at Anti-Spam Software Pricing

With anti-spam software pricing, it is not necessarily a case of “you get what you pay for”. Some less expensive software is equally as good – if not better – than software sold by “leading” software developers, and reviewing software price comparison websites is often not much help, as the owners of the websites want to sell their “top-rated” anti-spam software in order to get the best commission.
In some cases, anti-spam software pricing excludes the cost of software updates or it may be necessary to pay for a guaranteed level of service. Some anti spam email software vendors offer features such as anti-virus scanning or outbound scanning as an optional (premium) extra, while others bundle their anti-spam software into multi-component packages – most of which may never get used.

It is recommended to select a vendor that is flexible in their licensing so, if the number of mailboxes to protect increases or decreases, so does the price. Vendors offering this service often charge according to the number of mailboxes, the preferred deployment option, and the most convenient payment cycle. An example of how this works can be found in our “Instant Quote Calculator”.

The Cost of Spam Email to Businesses

Although it is natural businesses want to pay the best price for the best anti-spam software, the price paid is likely to be negligible compared with the cost of spam email. The average office employee spends 2.8 minutes per day managing spam email. Multiply 2.8 minutes by 1,000 employees and 250 working days per year, and businesses could be sacrificing more than 11,000 hours per year in productivity losses.

Business can decrease the amount of spam being delivered to email inboxes by 95% by replacing a spam filter achieving a capture rate of 98% with a spam filter achieving a capture rate of 99.9%. There is no guarantee the business would recover the full 10,450 hours saved by implementing an advanced anti-spam solution, but the cost of its implementation would be justified by productivity gains alone.

Discussing the cost of spam email in relation to a successful malware, ransomware or phishing attack can lead to substantial figures being mentioned. IT security specialists talk of the costs of recovering from a successful malware attack running into millions of dollars, while the FBI estimates that globally businesses have lost more than $12.5 Billion since 2013 due to successful Business Email Compromise (BEC) attacks, up from $5.3 billion in December 2016.

Tips to Prevent the Delivery of Spam Emails

Most IT security specialists agree that the best way to prevent the delivery of spam emails to inboxes is to implement advanced anti-spam software and ensure it is kept up-to-date to protect networks against new malware variants. Where disagreement exists, it usually concerns policies related to password management and how often – if ever – they should be changed.

Other disagreements relate to how spam emails should be handled. Some IT specialists argue they should be deleted straightaway. Others say quarantining them first is the best practice. There is also a school of thought that spam email should be reported to RBL agencies, although the IP reputation calculation of Real-time Blackhole Lists tends to attend to this matter quite well.

Although each business will likely develop its own policy relating to how spam email should be handled, it is important employees are trained on how to manage spam emails that evade detection and are delivered to their inboxes. Due to the nature of the threats that can be hidden within spam emails, employees should be trained to:

  • Never open an email from a suspicious source or with an unfamiliar greeting- especially if it has an attachment or hyperlink.
  • Be wary of any Microsoft Office attachment that requests users to enable macros in order to view its content.
  • Reply to internal emails by first deleting the “to” address and then obtaining the address from the corporate address book.
  • Always query any email that demands an out-of-band request.
  • Never give out sensitive information via email. Not only might the information fall into the wrong hands, but emails can be intercepted in transit.
  • Unless absolutely sure that a link in an email is genuine, it should never be clicked.
  • Always report suspect spam to the IT team to allow them to tweak the settings of the email filter and in the case of a phishing email, remove all other instances of the message from the email system
  • Training should also be provided to employees to help them identify potentially malicious emails.

Are We Giving System Administrators Too Much To Do?

So far in this article, we have mentioned that anti-spam software treats spam email depending on how the spam filter is configured, that system administrators have a responsibility to apply appropriate spam thresholds, that exclusions can be created for SMTP controls, and trusted domains can be whitelisted in order to bypass the greylisting process.

Once other administrative tasks are included – developing per user or per user-group spam policies, reviewing spam filter reports, and training employees on how to manage spam emails – it could be argued advanced anti-spam solutions give system administrators too much to do. Certainly, implementing anti-spam software with a high maintenance overhead can be labor-intensive.

Furthermore, an anti-spam solution that is complicated to use can result in the solution being ineffective. As was seen when the first anti-spam software was developed in the mid-1990s, if the software for filtering spam email is not easy to use, the filtering parameters can be set too high with the result that business-critical email is rejected or placed into a quarantine folder.

SpamTitan: A Powerful Spam Filtering Solution That’s a Pleasure to Use

TitanHQ has been developing security solutions since 1999. Businesses throughout the world use our anti-spam software to detect unwanted and unsolicited emails and defend their networks against email-based threats. By listening to feedback from our customers, we have developed advanced anti-spam software that is both effective and a pleasure to use.

Consequently, whichever deployment option is chosen (cloud-based or on-premises), SpamTitan is easy to set up, simple to configure and can be operational within minutes. Our anti-spam software integrates with LDAP/AD and other directory tools so that user policies can be applied with the click of a mouse, and the solution is managed from a web-based portal with an intuitive graphic user interface (GUI).

Each of the filtering mechanisms is updated automatically, quarantine reports can be scheduled in advance, and administrator alerts created to advise of high level threats found in inbound or outbound emails. TitanHQ is unable to train employees on how to manage spam email, but due to a verified spam detection rate of 99.97%, very little spam should be delivered to employees´ inboxes.

A Summary of SpamTitan Features and Benefits

SpamTitan is a versatile, scalable and user-friendly solution that solves the problem of spam email. Our advanced anti-spam software provides a much higher level of spam detection than standard solutions and includes multiple features that are easy to apply and manage. The following is a brief summary of SpamTitan´s features and benefits:

  • A verifiable spam detection rate of 99.97% – with a low false positive rate of just 0.03% – It enhances productivity and minimizes the risk from email-based threats.
  • Dual anti-virus software provided by Bitdefender and ClamAV blocks malware and ransomware trying to infiltrate networks via email.
  • Sandboxing is used to identify zero-day malware and ransomware threats that have not yet had signatures incorporated into the AV engines
  • SURBL and URIBL filtering rejects, quarantines or flags emails containing malicious URLs to protect against phishing attacks.
  • Outbound scanning identifies issues that could negatively affect a business´s IP reputation and may be an early warning signal about an insider threat.
  • Spam policies and can be applied by individual user, user-group or universally, and easily adjusted via the web-based portal.
  • Administrators can choose from a suite of reporting options, schedule reports in advance, and create alerts to advise them quickly of email-related issues.
  • SpamTitan is available as a cloud-based solution (SpamTitan Cloud) or as an on-premises solution (SpamTitan Gateway) giving businesses a choice of deployment options.
  • Whichever deployment option is chosen, SpamTitan’s anti-spam software is compatible with all operating systems and business email providers.
  • A range of competitive subscription options is provided to suit all budgets – including a monthly payment option for smaller organizations and MSPs.
  • For Managed Service Providers, SpamTitan is available in white label format to rebrand and supply as a standalone or add-on product to clients. SpamTitan Cloud can be hosted in the SpamTitan Cloud (AWS), in a private cloud, or within the MSPs private cloud.

How Does SpamTitan Block Spam Emails

More About SpamTitan´s Anti-Spam Software for MSPs

SpamTitan is not only an effective anti-spam solution for businesses, it also provides Managed Service Providers, System Integrators and service resellers with the opportunity to offer our anti-spam software to existing clients as a new service, or attract new business under their own branding – regardless of the number of users connecting to service.

We believe SpamTitan Cloud offers unique opportunities to MSPs, as no end-user software installations are required, there are no limits on bandwidth, and every customer’s service can be managed from a single web-based portal. SpamTitan can also be integrated into MSp’s back-office management systems with ease via APIs. Furthermore, MSPs have the choice of supplying our anti-spam software from our cloud, a private cloud, or within their own cloud or hybrid infrastructure.

MSPs interested in learning more about our competitive pricing strategies and aligned monthly billing cycles are invited to download our MSP Program brochure. Alternatively, if you have any questions about SpamTitan´s anti-spam software for MSPs or would like to discuss becoming a SpamTitan Certified Partner, speak with our MSP Program Director Conor Madden on +1 813 304 2544.

Office 365 Anti-Spam Controls and SpamTitan Features Compared

Microsoft Office 365 is now used by many millions of businesses. While the package is loved by many, the email security features included in Office 365 are often criticized as they are not as effective at blocking spam, phishing, and other malicious messages as third party spam filters.

To significantly strengthen Office 365 security it is necessary to adopt a defense in depth strategy. By layering another email security solution on top of Office 365, organizations can greatly improve resilience to phishing attacks and malware threats.

SpamTitan uses a range of predictive techniques to identify and block new threats such as zero-day attacks and new malware variants. The email filter of SpamTitan uses SURBL filtering and malicious URL detection mechanisms to minimize the likelihood of a malicious email evading detection, while twin anti-virus software engines ensure that 100% of known malware is blocked and sandboxing detects and blocks zero-day threats.

Comparison of Office365 and SpamTitan

Evaluate SpamTitan Anti-Spam Software Today

IT security specialists agree the volume of spam emails will continue to increase into the next decade. The percentage of malicious URLs contained in unsolicited emails is also expected to increase. These trends will continue as it only takes a handful of responses, successful malware deployments or fruitful phishing attacks or to justify the continuation of a spamming operation.

The best way to defend networks against the increasing and significant volume of email threats is with an advanced anti-spam solution. But which one is most suitable for your business? With so many software providers in the marketplace, determining which is the most suitable can be a time-consuming process, during which your network may be exposed to a higher threat level than necessary.

Therefore we invite businesses to take advantage of a free trial of SpamTitan. Our trial provides the opportunity to evaluate SpamTitan’s high spam detection rate and ease of use in your own environment without any obligation to continue using our anti-spam software once the free trial has ended.

A Guide to Anti-Spam Software FAQ

What is the secret of successful spam filtering on Office 365?

Office 365 includes a basic level of protection against malware and spam through Exchange Online Protection (EOP); however, tests have shown EOP is not very effective at blocking zero-day and advanced phishing threats. By layering a third-party solution such as SpamTitan on top of Office 365, you will increase the spam, malware and phishing detection rate to well above 99.9%.

How does SpamTitan provide protection against phishing?

SpamTitan checks each email for phishing-related keywords and embedded URLs are checked against 6 specialist blacklists of known spam and phishing sources and greylisting to identify new sources of phishing emails. DKIM, SPF, and DMARC tests identify email impersonation attacks and outbound scanning is used to detect compromised email accounts.

Why is outbound scanning important?

Outbound scanning detects and prevents spam and phishing emails from being sent from your email accounts by malicious insiders and threat actors who have gained access to an email account. This allows email account compromises to be detected quickly, protects against data loss, and prevents your IP from being blacklisted.

How can I improve phishing and malware detection on Office 365?

To protect against sophisticated malware and phishing threats you will need to augment the Office 365 spam filter, as it only provides a basic level of protection. SpamTitan works seamlessly with Office 365 and adds advanced threat protection features such as sandboxing, greylisting, data leak prevention, recipient verification, and includes inbuilt Bayesian auto learning and heuristics.

How much does an advanced spam filter cost?

An advanced spam filter should pay for itself by blocking more productivity-draining spam emails and threats that could easily result in a costly data breach. The cost will depend on the contract term, payment options, and number of users. To find out how little advanced spam filtering costs, use our cost calculator or call us for a no-obligation quote.