Implementing an email filter for an Exchange Server is an organization’s most proactive step to prevent unwanted spam, increase protection against email-borne threats, and ensure email continuity during downtime.
Although Exchange Servers provide a degree of email filtering by default, the software provided needs the essential tools to enable the detection of sophisticated spam and malware. An email filter for an Exchange Server resolves this issue with real-time spam detection and powerful anti-virus software.
Importantly, Exchange Server email filters provide email continuity. This is critical to business continuity and disaster recovery during downtime during an outage, hardware failure, or natural disaster. Email continuity ensures that communication can continue, preventing loss of business and negative impacts on credibility.
How Exchange Server Email Filters Work
Exchange Server email filters integrate deeply with Microsoft Exchange servers to provide a layer of robust email security. The filter uses multi-layered security mechanisms to assign each inbound email a spam confidence level. Each email is checked against a blocklist of known IP addresses used to send spam emails. The blocked emails are analyzed for compliance against sender policy frameworks.
What happens if an email triggers the spam confidence level?
If an email exceeds a specified spam confidence rating, it is tagged and sent to the intended recipient with a spam banner, quarantined, or deleted. The filter then produces a report of all tagged/quarantined/deleted emails that are used to update the filter to ensure that legitimate email senders are added to an allowlist.
Do Exchange email filters scan outbound emails?
An email filter for an Exchange Server scans outbound emails to check for any content or attachments that could be flagged as spam by a global blocklisting agency. Checking outbound emails for spam or phishing is essential to protect an organization’s brand. These checks ensure an organization´s IP address is not associated with spam, as emails from that domain will be placed in a blocklist. Any company domain identified as spam by blocklist services will be filtered by email security solutions, resulting in delivery delays or quarantined or deleted emails.
How to Evaluate an Email Filter for an Exchange Server
Evaluation of an email filter for an Exchange Server should begin with a direct comparison against Microsoft’s premium service, “Exchange Online Protection” (EOP). EOP is included in all Microsoft 365 installs that use Exchange Online mailboxes.
Read “How SpamTitan Differs from Microsoft Exchange Online Protection and Office 365.”
EOP replaced the company´s “Forefront Protection for Exchange” when Exchange 2013 was released, but unlike its predecessor, EOP is only available as a cloud-based service. Exchange Server 2019 was released in early 2024, and EOP is integrated with this version.
Overview of how EOP works
Source: Microsoft
Understanding any known issues in EOP helps you evaluate Microsoft’s solution for your organization. If these known issues will likely impact your security posture, you may consider adding a layer of protection on top of EOP.
Known issues in EOP
Known security and related issues with EOP offer an insight into the solution’s effectiveness. Some examples of recent known issues include the following:
False positives: known issues pop up regularly with EOP. One that severely affects productivity and security is the tendency to be heavy-handed about tagging legitimate emails as malware. False positives caused by emails containing images were recorded as part of service degradation in August 2024. Watch out for ongoing issues with false positives in EOP.
Complex cyber-attacks like Business Email Compromise: Microsoft EOP struggles to identify multi-part, complex email-borne threats. This includes attacks like BEC, which may use social engineering as part of the attack chain. EOP uses static identification techniques that need to be more sophisticated to make connections between multi-part email threats. Advanced email security solutions use techniques like Natural Language Processing (NLP) and machine learning to identify multi-part, social engineering threats and anomalous behavior.
Post-delivery remediation: EOP cannot remediate security problems if a malicious email is delivered. Auto-remediation is an essential protection layer to help prevent sophisticated email-borne cyber-attacks.
Zero-day threat prevention: the static nature of EOP protection results in poor handling of zero-day threats.
Although all third-party Exchange Server email filters offer email continuity, they vary in their ability to prevent unwanted spam and increase protection against online threats.
Consequently, when evaluating an email filter for an Exchange Server, organizations have multiple considerations to explore. These include:
- What deployment options are available?
- How is the spam detection rate verified?
- What anti-virus software is used to identify email threats?
- Are there any known compatibility issues?
- Is the email filter for an Exchange Server scalable?
- Does the service provider have knowledgeable and reliable customer support?
- Can the service provider supply independent testimonials?
- Is the service designed to be delivered by an MSP to offer SMBs cost-effective email security?
You may have further considerations depending on your organization’s size and the nature of its business. For example, organizations with a limited IT budget may demand flexible payment options. Larger organizations may want APIs to integrate the email filter with other management tools. At the same time, Managed Service Providers (MSPs) may require deployment in a private cloud and a white-label option.
The bottom line is that EOP is a basic email security solution that needs more extended capabilities of advanced solutions like SpamTitan. Organizations can buy the more expensive Microsoft Defender by upgrading to enterprise-level licenses.
SpamTitan´s Exchange Server Email Filters
SpamTitan has been developing email and web security solutions since 1999. Among our portfolio of products are two powerful Exchange Server email filters – SpamTitan Gateway and SpamTitan Cloud. SpamTitan Gateway is deployed as an on-premises virtual appliance, whereas SpamTitan Cloud is a cloud-based service with multiple hosting options.
According to the leading independent testing and certification body VB Bulletin, Exchange Server email filters block 99.98% of spam and have a low false positive rating of 0%.
SpamTitan Gateway and SpamTitan Cloud use dual anti-virus software from Bitdefender and Clam AV to increase protection against email-borne malware. Both are universally compatible.
Small organizations, larger organizations, and Managed Service Providers will appreciate SpamTitan’s scalability. At the same time, details of our flexible payment options, our comprehensive range of APIs, and our white-label options are available on request from our industry-leading customer support team. Independent testimonials from our existing customer database are also available upon request.
Source: Virus Bulletin March 2024
Market comparison between Microsoft EOP and SpamTitan
A helpful way to get an instant view of two or more spam filter solutions is to look at market evolutions. Here is a snapshot of some Microsoft EOP vs. SpamTitan reviews by real-world users:
Source: Peerspot
Source: TrustRadius
Source: Software Reviews
How Does SpamTitan’s Spam Filtering Work?
Microsoft Exchange security can be significantly improved by adding a third-party spam filter such as SpamTitan. SpamTitan’s advanced features work seamlessly with EOP to augment the static security of this in-built Microsoft option. In contrast to Microsoft Exchange and Office 365, SpamTitan uses AI-enabled predictive methods to block new variants of malware, zero-day attacks, spear phishing, and complex multi-part attacks that would otherwise be delivered to end users’ inboxes.
Like most email service providers, Microsoft has developed its spam detection mechanisms to block a percentage of spam emails and malicious messages. Still, Exchange Online Protection and the antispam controls in Office 365 lack the sophistication to block new malware variants and are ineffective at blocking many malicious messages that use embedded hyperlinks. The latter are extensively used in phishing attacks. Organizations that rely on the cybersecurity protections of Microsoft Exchange or Office 365 are often frustrated by the volume of spam emails and malicious messages that sneak past the filtering mechanisms. A study found that almost 20% of phishing emails go undetected by Microsoft 365 Exchange Defender and Microsoft Exchange Online Protection (EOP). Office 365 phishing protection is better than nothing , but it does not block enough threats. That is why Microsoft offers a more advanced solution, Defender, at an additional cost, even though it only provides a mid-market level of protection.
Important Antispam Controls Lacking in Microsoft Exchange and Office365
Microsoft Exchange and Office 365 include several mechanisms for detecting spam and malicious messages. However, they need advanced techniques to block increasingly sophisticated phishing attacks. As such, Microsoft’s static capabilities cannot keep up with the volume of new malware variants currently being released. Evasive tactics are part of cybercriminals’ success rate, and a static approach to email security cannot keep up with changing tactics.
SpamTitan, on the other hand, advanced techniques, including twin anti-virus engines, provide superior protection against ransomware and malware in email attachments. Some of the advanced layers of protection used by SpamTitan are as follows:
AI-driven threat intelligence: AI algorithms use data trained using a vast threat corpus. The system learns to identify patterns and adjusts tactics to capture emerging threats.
Real-time threat analysis: AI-driven anti-phishing software follows malicious email URLs and checks the associated website. If the website is found to be legitimate, the email is released to the employee.
Natural Language Processing: spots unusual use of language and can correlate between emails to identify anomalous behavior and social engineering. Ideal for detecting Business Email Compromise (BEC), Vendor Email Compromise (VEC), and spear phishing.
Time-of-click protection: URL rewriting is performed in real-time, and if the website the link goes to is malicious, the user will be prevented from opening the site.
Inbound and outbound filters: Spam isn’t just an inbound problem. Span can negatively impact an organization if the emails sent using the company’s domain are seen as spam. Advanced spam filters work on inbound and outbound email. Also, some advanced systems provide Data Loss Prevention (DLP) that stops sensitive information from leaving the corporate network.
Overview of SpamTitan email flow
FAQ
Is SpamTitan compatible with all Microsoft Exchange servers?
SpamTitan is compatible with Microsoft Exchange 2013, 2016, and 2019, and can be configured to work alongside Microsoft Exchange 2010 servers. If you use an Exchange 2013 or 2016 server, you will find articles relevant to each here and here. If you use an Exchange 2019 server, the mailbox server roles are unchanged from those in Exchange 2016.
Why do you need advanced AI-enabled email protection for Exchange Server?
Cybercriminals are forever changing tactics to evade detection through essential email protection services like Microsoft EOP. Email protection systems can predict emerging and complex threats using AI techniques like NLP and Machine Learning. Machine Learning algorithms are trained using vast amounts of real-world threats, allowing them to identify unusual or emerging threat patterns. NLP can be used to spot the signals of a social engineering attack, used in attacks like BEC (Business Email Compromise).
What is Greylisting – the first process in the email flow chart?
Greylisting returns emails from all non-whitelisted senders to the senders´ mail servers, requesting the email to be resent. Genuine mail servers automatically return greylisted emails, while those used by spammers usually have the resend facility disabled because of the amount of returned mail. This process mitigates the volume of spam emails from previously unknown sources.
What is the benefit of customizable spam email policies?
The benefit of customizable spam email policies is that system administrators can apply different spam thresholds for different users, teams, and departments. Users with a low threshold (i.e., those in Sales & Marketing) may receive some spam emails, while users with a high threshold (i.e., in Finance) are better protected against sophisticated BEC and phishing emails.
How do “content filtering rules” work?
Content filtering rules work by assigning each inbound email a spam score. System administrators can define how emails with different spam scores are treated; so, those with a high spam score can be deleted, while those with a lower spam score can be quarantined for further investigation, delivered to the recipient´s spam folder, or delivered to the recipient´s inbox with a warning.
How likely is it that an outbound email will be flagged as spam?
It is not very likely that an outbound email will be flagged as spam if users refrain from the terms and phrases commonly used in spam emails. However, outbound scanning reports can alert system administrators to malicious insiders using a corporate email account to send spam emails or to an email account that has been compromised by an external third party to send spam. A compromised email account can indicate other account compromises within the organization.
Is it okay to delete spam if it has been delivered to an inbox without a warning?
Deleting spam if it has been delivered to an inbox without a warning subject to corporate email policies is okay. Some businesses ask to be informed about spam emails that avoid detection (so they can measure the effectiveness of the spam filter or its configuration). In contrast, others follow the established best practice of reporting undetected spam emails to the spam filter provider.
How effective is a spam filter for an Exchange server?
The effectiveness of a spam filter for an Exchange server relies on how it is configured. If the filtering controls are too aggressive, the filter may identify many spam but block genuine emails. If filtering controls are too relaxed, more spam will evade detection. It is up to each organization to find the most appropriate settings for the nature of its activities and its propensity to risk.
What is the purpose of a white-label option?
A white-label option allows Managed Service Providers (MSPs) and resellers to market SpamTitan under their own brand. This can benefit MSPs offering a range of services already under their branding, ensuring clients understand which vendor provides the service.
Try an Email Filter for an Exchange Server for Free
The best way to evaluate an email filter for an Exchange Server is to give it a test run in your own environment. TitanHQ is confident that once you’ve used SpamTitan to augment Microsoft EOP, you’ll be convinced that advanced email security provides the much-needed extra boost to stop modern cyber threats.
TitanHQ allows organizations to try a fully enabled SpamTitan Gateway email filter or SpamTitan Cloud for free for fourteen days without committing to continuing the service after the trial period ends.
Contact our customer service team to learn more about this offer or raise questions about Exchange Server email filtering. One of our friendly and experienced team will guide you through the installation and configuration process of your email filter for an Exchange Server to prevent unwanted spam, increase your protection against online threats, and ensure email continuity during downtime.
