A cloud based anti spam service is an email filtering solution hosted in the cloud rather than a more traditional physical appliance or on-premises software installation. As with most software-as-a-service (SaaS) solutions, a hosted spam filtering service is available on demand, has minimal maintenance overheads and requires no capital investment.
Despite being hosted in the cloud, businesses utilizing a cloud based anti spam service retain full control of their email filtering policies and can apply those policies by individual user, user-group or business-wide, through integration with directory services such as AD. In contrast to appliances and software installations, set up is a quick and quick and easy, just requiring a simple change to your MX record.
Within this article, we explain the benefits of a cloud antispam service, describe in more detail how a hosted spam filtering service works, and identify the features an antispam cloud filter should include in order to achieve the best spam detection rates. Readers can fast-track to any of these sections by using the links below, but first we will explain why spam filtering is so important and why it is unwise to rely on the default spam filtering protections provided by your email provider.
- Why Effective Spam Filtering is so Important
- How Antispam Solutions Achieve Effective Filtering
- The Benefits of a Cloud Based Anti Spam Service
- How a Hosted Spam Filtering Service Works
- Features an Antispam Cloud Filter Should Include
- SpamTitan’s Cloud Based Spam Filtering Service
- Our Hosted Spam Service for MSPs and Resellers
- Your Invitation to Try Our Cloud Spam Filter for Free
Why Effective Spam Filtering is so Important
There is a significant difference between spam filtering and effective spam filtering. According to the latest industry statistics, 269 billion emails are sent every day and nearly half of these are spam – unwanted and unsafe emails that can harbor malware and ransomware, or attempt to obtain sensitive information such as usernames and passwords (phishing emails).
Standard email filters detect approximately 97% – 99% of spam emails depending on the “acceptable spam thresholds” applied by system administrators. Massages identified as spam are either rejected, quarantined, or flagged to the end user as spam, depending on the policies set in the spam filter. The remaining 1% to 3% of spam emails are delivered to end users´ mailboxes, with the following potential consequences:
|The Potential Consequences of Undetected Spam Email|
|Productivity Loss||The cost of managing spam emails that evade detection has been calculated at $285 per employee, per year, once associated IT costs are taken into account (bandwidth, storage costs, etc.).|
|Malware Infection||According to the latest intelligence reports, one in every 359 emails harbors malware – malicious software that can range in severity from adware and spyware, to Trojans, worms, and rootkits.|
|Ransomware||Coveware reports the average ransom payment was $84,116 in Q4, 2019, although ransom payments in excess of $1 million are common. But that is just a fraction of the total cost of remediation. With average downtime of 16.2 days, reputation damage, and data loss (even when the ransom is paid) the total cost runs to hundreds of thousands of dollars at best, and in some cases several million.|
|Phishing Emails||The FBI estimates phishing and BEC attacks resulted in more than $1.7 billion in losses in 2019 in the United States, and those are just the the scams that were reported to the authorities!|
|Loss of Reputation||Some malware variants have the ability to steal end users´ email credentials, and accounts are used to send spam from the business´s mail server – potentially harming its IP reputation (see “Outbound Scanning“) and phishing attacks usually see email accounts hijacked and used to send phishing emails and malware. The reputation of the company can take a serious hit and brand damage can take a long time to recover.|
By comparison, effective spam filtering achieves spam detection rates of up to 99.97% depending on the “acceptable spam thresholds” applied. By reducing the number of spam emails evading detection, end users spend less time managing unwanted and unsafe emails – thus increasing productivity – and businesses can greatly improve their security posture and prevent costly cyberattacks and data breaches.
How Antispam Solutions Achieve Effective Filtering
The reason why such a high percentage of spam emails evade detection is because spammers are continuously devising new ways to penetrate email security mechanisms. Due to the increasing sophistication of spam, modern antispam solutions take a dynamic approach to email filtering that incorporates highly effective filtering techniques. These include:
- Domain Name Server Blackhole Lists (DNSBLs) compare the IP addresses of inbound emails against those of known and suspected sources of spam, and reject, quarantine, or flag any that originate from an IP address with a poor reputation.
- Sender Policy Frameworks prevent the delivery of “spoofed emails” by checking the domain names to ensure they are legitimate and that the supposed sender of the email is authorized to send emails from that domain. This is an excellent filtering technique to reduce phishing emails and block email impersonation attacks.
- Content Analysis Tools analyze email headers and email content of inbound messages and allocate a “spam score”. If the preset spam tolerence level is exceeded, the messages are quarantined or rejected. These tools also incorporate machine learning, and learn from previous false positives and false negatives and get better over time.
- Recipient Verification Protocols compare the recipient addresses of inbound emails to ensure they match a valid mailbox (i.e. email@example.com, firstname.lastname@example.org, etc.). Those that do not match a valid mailbox are rejected or quarantined.
- URIBL and SURBL Filters identify malicious URLs that link to websites known to be harboring malware or phishing kits.
- SMTP Controls perform a number of tests to authenticate the source of emails. These tests can include checking the originating email´s MX record, confirming qualified MAIL FROM commands, and looking for digital signatures (a good way of reducing “false positives”).
Some – but not all – antispam solutions also have the option of activating the Greylisting process. This is a filtering technique which returns emails to the originating server with a request for the emails to be resent. Spammers´ mail servers often ignore the requests, as they are too busy sending spam to reply, and the spam email is never returned. This technique is the most effective way to prevent spam from IP addresses and domain names that are “not yet known” to DNSBL, URIBL and SURBL filters.
The Benefits of Cloud Based Spam Filtering
Although hardware and software-based email filters still exist, cloud based spam filtering is the natural progression to these high maintenance filtering solutions. It is much simpler and more cost-effective for organizations to connect their mail servers to a cloud based anti spam service than it is to install hardware or software-based solutions, maintain and update them.
Furthermore, as the filtering process is performed in the cloud, the demand for CPU resources occurs in the service provider´s data center rather than on the business´s infrastructure. That means more filtering techniques can be incorporated into the cloud spam filter, resulting in more effective filtering without negatively affecting network performance.
Cloud based spam filtering is compatible with all operating systems and infinitely scalable. It allows businesses to adjust their contracts with service providers as the number of users changes.
How a Hosted Spam Filtering Service Works
Connecting to a hosted spam filtering service takes just a few minutes and involves redirecting the mail exchange (MX) record to the service provider’s filtering service. Thereafter, the filtering process is conducted in the cloud, software updates are undertaken by the service provider, and the only configuration required is to meet the business´s monitoring and reporting requirements.
Typically, a hosted spam filtering service integrates with LDAP and Active Directory so email filtering policies can be applied with the click of a mouse do different user groups and departments. Thereafter, new policies can be applied – or existing policies adjusted – via a web-based portal through which spam filtering controls are managed for the entire organization without the need for any per-device agents.
From the web-based portal, administrators can whitelist approved senders, apply “acceptable spam thresholds”, monitor real-time activity on the mail server, and schedule activity and quarantine reports. Administrators can also connect with their service providers via the web-based portal so a secure channel can be created for troubleshooting any issues with the hosted spam filtering service.
Features an Antispam Cloud Filter Should Include
Many of the mechanisms an cloud antispam filter should include to achieve effective filtering have already been mentioned above (Domain Name Server Blackhole Lists, Sender Policy Frameworks, etc.). However, there are other important considerations when choosing an antispam cloud filter or other email filtering solution.
Versatility and Ease of Use
Adequately managing the volume of email arriving in a large business can be problematic without a versatile and easy to use solution. A cloud spam filter should therefore have granular controls and be easy to use. For example, a business may wish to apply a higher acceptable spam threshold for its finance team than its sales team, so as not to block sales inquiries while ensuring maximum protection for the finance department which is often extensively targeted by cybercriminals.
Most businesses will already be protecting their networks with antivirus software; but the benefit of including antivirus software in an antispam cloud filter is that viruses can be caught and blocked at source, rather than with a retrospective virus scan – by which time damage may already have been caused. As with the filtering process, the virus scanning process is conducted in the cloud to avoid draining the resources of on-premises CPUs. Solutions that include dual anti-virus engines offer greater protection as they maximize the chance of detecting known malware. Sandboxing is also important for detecting new (0day) malware threats that have yet to have their signatures added to the virus definition lists used by AV engines.
Outbound scanning is an important feature as it identifies spam, malware, and phishing attacks send by malicious insiders and through compromised mailboxes. Outbound scanning is one of the ways that successful phishing attacks are detected, allowing swift action to be taken to remediate the attack. If outbound mail is identified by other spam filters as having a high spam score, it can harm a business’s reputation.
SpamTitan’s Cloud Based Anti Spam Service
SpamTitan Cloud is a dynamic cloud based anti spam service that incorporates all the filtering techniques required to achieve effective filtering. Our cloud based anti spam service has a verifiable spam detection rate of 99.97% – with a low false positive rate of only 0.03% – and, using dual antivirus engines provided by Bitdefender and ClamAV, a verifiable malware detection rate of 100%, with all email filtering in the cloud.
Having developed email and web security solutions since 1999, we are aware of the importance of versatility and ease of use. Therefore our cloud based anti spam service has been deliberately designed to make the application and adjustment of email filtering policies as straightforward as possible. It is also possible to customize our suite of reporting options to get the data you want, when you want it, and to automate reports and alerts.
We are also aware of the importance of protecting a business´s IP reputation, so outbound scanning is included in our cloud based spam filtering service as a standard, rather than offered as a premium add-on service live many cloud anti spam services. We offer a competitive range of subscription and pay-as-you-go options, with no added extras or premiums to worry about. The pricing policy is totally transparent so you will not have any nasty surprises, and licenses can be adjusted up and down easily. You can find out exactly how much the full SpamTitan Cloud hosted spam filtering service will cost by visiting our “Instant Quote Calculator”.
Our Hosted Spam Service for MSPs and Resellers
Our hosted spam service is not only an effective filtering solution for businesses. SpamTitan Cloud supports an unlimited number of users and domains, and it is a fully multi-tenant solution making it an ideal option for Managed Service Providers (MSPs) and resellers. MSP-friendly features include supplying the solution as a white label to allow MSP to add their own branding and a full suite of APIs to incorporate the solution into back-office management systems.
SpamTitan Cloud can easily be incorporated into an MSP’s service stack and offered as a stand along solution or as part of a security package. With SpamTitan Cloud…
- No end-user software installations are required.
- There are no bandwidth-per-client limits.
- Multiple clients can be managed from the same portal.
- A choice of hosting options exist – our cloud, a private cloud, or within your own cloud.
To find out more about our hosted spam service for MSPs, do not hesitate to download our MSP Program brochure. Alternatively, to discuss our competitive pricing strategies and aligned billing cycles, you are invited to speak with our MSP Program Director Conor Madden on +1 813 304 2544, who will also be able to provide more information about becoming a SpamTitan Certified Partner
Your Invitation to Try Our Cloud Spam Filter for Free
Not all cloud based spam filtering is created equal. We believe the SpamTitan cloud based anti spam service provides you with highly effective filtering, it is easy to manage, and the service is provided at an extremely competitive price point.
If you would like to put our claim to the test, we invite you to take a free trial of SpamTitan Cloud in order to evaluate our cloud based anti spam service in your own environment. Starting your free trial takes minutes. Simply register for the free trial by entering your business email address, and details of how to redirect your MX record to our servers will be sent to you. Alternatively just give us a call and we will talk you through the process.
During your trial, you are welcome to call us and have your configuration of SpamTitan Cloud reviewed by a seasoned engineer, who will make suggestions and recommendations as necessary. At the end of your trial, if you are happy with our cloud spam filter, no reconfiguring is required. You simply opt for the subscription plan most suitable for your business, and you will continue getting the same great protection.
What is sandboxing?
A sandbox is a safe, isolated environment where email attachments can be subjected to deep analysis. If an email attachment is scanned by the AV engine and determined to be threat free, it is sent to the sandbox for further analysis. Sandboxing is important for identifying new malware threats that have yet to have their signatures added to the AV engines.
Why is DMARC Important?
DMARC is validation system for email that provides protection against email spoofing. When an email is sent using a company’s domain, DMARC checks to make sure the sender is authorized to send emails from that domain. If the sender is authenticated, the email will be delivered. If not, the email will be blocked. DMARC can identify and block email impersonation attacks.
Will a cloud-based anti-spam service block all spam and malicious emails?
No spam filtering solution will block 100% of spam and malicious emails without also blocking some genuine messages. A good spam filter will block in excess of 99.9% of spam emails and 100% of known malware. Sandboxing is used to identify new malware that has not been seen before and machine learning mechanisms can identify new phishing threats.
Why would I need to set different spam thresholds for different users?
You may find that one set of spam filtering rules for everyone does not work very well in practice. It is possible that certain types of emails may be blocked by the filters, so more relaxed rules are required for some users. For instance, more permissive settings for the sales department to prevent sales leads from being blocked and stricter rules for the finance department, which is more likely to be targeted by phishers.
Does outbound email scanning protect against data theft?
Outbound scanning can help to prevent data theft. SpamTitan allows you to tag certain data elements and block attempts by employees or threat actors who have compromised a mailbox from sending certain data to external email addresses. Rules can also be set to scan outbound email for malware and phishing emails. By setting these rules, you will prevent accidental and deliberate data leaks and protect against IP reputation damage.