Effective email protection for MSPs is becoming increasingly important due to the number of cyberattacks in which email is weaponized to acquire credentials, deploy malware, and launch phishing attacks. Unfortunately, many email solutions for MSPs lack a key factor for protecting mailboxes – greylisting.
In recent years, MSPs have been more frequently targeted by cybercriminals. This is due to MSPs having fewer resources than large organizations to protect themselves and their clients against cyberattacks, but as much data and ransoming potential as large organizations. Furthermore, research has identified that, while many MSPs provide security services for clients, only a minority implement the same security services themselves including email protection for MSPs.
Even when MSPs implement security services and adopt best practices, some security services are not as effective as they are made out to be. In the context of email protection for MSPs, in 2020 security experts demonstrated how easy it is to bypass email sender authentication mechanisms and concluded “even a conscientious security professional using a state-of-the-art email provider service […] cannot with confidence readily determine, when receiving an email, whether it is forged.”
The experts´ concern was attributable to email sender authentication mechanisms such as Sender Policy Frameworks (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) having been developed many years ago and – although being updated – these authentication mechanisms have not kept pace with cybercriminals´ efforts to circumnavigate them. So, how can MSPs best protect mailboxes from weaponized email?
How Greylisting Helps Thwart Cybercriminals
To appreciate how greylisting offers enhanced email protection for MSPs and helps thwart cybercriminals, it is necessary to understand what happens when an email is delivered to a mail server. In most cases, the email is subject to front-end checks such as the sender authentication checks mentioned above and recipient verification checks and compared against real-time blocklists of known spam sources. If it fails any of these checks, the email is rejected.
If the email passes these checks, the content of the email is analyzed to ensure it conforms with the organization´s filtering policies, given a Spam Confident Rating, and virus scanned. Attachments are also checked for compliance with the organization´s attachments policy and virus scanned. If the email fails any of the back-end checks, or the Spam Confidence Rating is lower than the accepted threshold, the email is quarantined. If it passes, the email is delivered to the recipient´s inbox.
Threats to MSPs and clients are more likely to exist if the email passes the front-end checks because, even if an email is quarantined, it could still be opened and interacted with. Therefore, the objective of greylisting is to reject any emails from not yet known spam sources that are equipped to pass sender authentication mechanisms. It does this by returning all emails to their originating mail server with the exception of emails from whitelisted sources.
Returned emails are accompanied by a request to the originating mail server for the email to be resent. Genuine sources of email will comply with the request within minutes. However, because so many spam emails are returned due to being rejected in front-end checks, most spam mail servers are not designed with mail retry queues as these would prevent fresh spam being sent. As a result, the request to resend the email is never complied with and the spam email is never returned.
SpamTitan Email Protection for MSPs
The greylisting process not only increases the spam detection rate, but it also prevents many email-borne threats from being delivered to email recipients. However, with SpamTitan email protection for MSPs, further mechanisms such as Zero-Day malware threat protection and sandboxing (to open quarantined emails safely) are included in our email filtering solution to further prevent email-borne threats from being delivered to email recipients.
To help MSPs take full advantage of SpamTitan´s additional capabilities, SpamTitan is infinitely scalable and supports an unlimited number of users and domains. This enables MSPs to create per domain administrators for applying unique, business-specific filtering policies and generate per domain reports. Additionally, SpamTitan is an easy to sell as an add-on to clients as both MSPs and clients can benefit from:
- Quick set up and intuitive configuration.
- Instant provisioning via most leading directories.
- Six specialist Real-time Blocklists (RBLs).
- Granular policy engine including geo-blocking.
- Predictive analysis to identify suspicious URLs.
- Rewritten URLs for real-time checks on every click.
- Dual antivirus engines to stop 100% of malware.
- Outbound scanning to prevent reputational loss.
- Easy integration with management software.
- Fully managed and updated cloud service.
SpamTitan email protection for MSPs is also available as a white label solution for self-branding and comes with a flexible pricing model because we understand the need to deal with a frequently changing number of seats. To find out more, click on the book a demo button above and leave your contact details. One of our team will be in touch to answer any questions you have about SpamTitan email protection for MSPs and to organize a free demo to see how the theory works in practice.