Email Protection

The objective of email protection is to prevent email-borne threats such malware, ransomware, and phishing evading detection. There are many different processes that purport to achieve this objective; and while none is 100% guaranteed to prevent threats evading detection, one is more reliable than others – greylisting.

What is the best way to prevent email-borne threats being delivered to users´ inboxes? You could block all emails except those from trusted sources, you could prevent the delivery of any email with an attachment or embedded link, or you could filter out emails containing keywords such as (for example) “click”, “visit”, and “download”. These are all viable options for email protection.

While certain to minimize the likelihood of email-borne threats being delivered to users´ inboxes, these options for email protection are impractical for most businesses. Sales departments would not receive any fresh leads, finance departments would be unable to share spreadsheets by email, and business operations could suffer if a contact used a blacklisted keyword in email correspondence.

Different Types of Email Protection

To reduce the volume of email-borne threats, most mail servers are equipped with an email filter by default. Some are more sophisticated than others; and, in addition to filtering out spam, they can be configured to verify recipients, authenticate senders, apply filtering policies, check for malicious links, and compare inbound emails against blacklists of known threat sources.

However, all of these processes can be circumnavigated by spammers and cybercriminals. Receipt verification and sender authentication processes can be bypassed, keywords can be disguised to evade filtering policies, malicious links can be cloaked, and if an email originates from a source not previously identified as a spammer or cybercriminal, it will pass the blacklist check.

A further type of email protection can be more effective– greylisting. This process involves returning inbound emails to their originating mail server with a request for the email to be resent. In most cases, genuine emails are returned within minutes. Emails from trusted sources can also be whitelisted to avoid them being returned. However, spam emails and those harboring email-borne threats are less likely to be returned and delivered to users´ inboxes.

Why is Greylisting so Effective?

Most mail servers are equipped with mail retry queues. If an email isn´t delivered when first sent due to a temporary fault or greylisting request, it is added to the mail retry queue and resubmitted. Spammers´ servers are inundated with delivery failures; and, if they were all added to a mail retry queue, the volume of resubmissions would prevent fresh spam from being dispatched.

Consequently, spammers´ servers are not equipped with mail retry queues – or, if they are, the retry queues are disabled. This means that if an email is returned to the spammer´s mail server because it has been greylisted, it is unlikely to be returned to the intended recipient and delivered to their inbox. In tests, greylisting has increased spam detection rates from 99% to 99.97%.

While not guaranteed to completely prevent email-borne threats, this form of email protection can substantially reduce the likelihood of malware, ransomware, and phishing attacks reaching their intended victims. Yet not all email filters have this capability – citing the potential for delays as being more inconvenient than a business-wide ransomware attack!

SpamTitan Email Filters have Greylisting Capabilities

SpamTitan email filters – SpamTitan Cloud for remote filtering and SpamTitan Gateway for on-premises filtering – have all the email protection processes you would expect to find in a sophisticated email filter, but also include the option of greylisting to enhance the spam detection rate and reduce the likelihood of email-borne threats reaching their intended victims.

Additionally, SpamTitan email filters include six specialist real-time blocklists, double antivirus protection, and advanced threat protection via inbuilt Bayesian auto learning and heuristics. Together with impersonation protection, sandboxed scanning, and protection from zero day attacks, SpamTitan provides maximum email protection should malicious greylisted emails be returned.

If you are currently using a sophisticated email filter that lacks greylisting capabilities (i.e., Office 365), you are invited to get in touch to request a demonstration of how you can place SpamTitan in front of your existing email filter to add greylisting quickly and easily to its capabilities. Simply click on the “Book a Demo” button above, and one of our team will get back to as quickly as possible.