As you would expect from Microsoft, the Exchange 2016 anti spam feature-set is fairly good. It includes real-time block lists, Recipient Verification Protocols, Sender Policy Frameworks and a proprietary version of Bayesian analysis (the “Content Filter” agent) that allocates a Spam Confidence Level to each inbound email. However, spam emails still manage to get delivered into email users´ inboxes. Why?
This is generally attributed to spam becoming more sophisticated. Spammers are resourceful and are constantly trying to find new ways to bypass email filters. Sometimes they are lucky due to system administrators setting the acceptable Spam Confidence Levels too low. Other times they may be ahead of the game and have conceived a method of delivery by which their spam emails can avoid detection.
Exchange 2016 Spam Filter Fights Sophistication with Sophistication
In order to address the growing level of sophistication, the Microsoft Exchange 2016 spam filter has three front line defenses at which emails can be rejected, quarantined or allowed through for further testing. Although the purpose of the Connection Filtering agent, Recipient Filter agent, and Sender Filter agent is to save processing, bandwidth and disk resources further down the transport pipeline, it does make the Exchange 2016 spam filter complicated to administer.
Due to the additional administrative process, there is a higher likelihood of configuring the Exchange 2016 spam filter too aggressively or too generously – resulting in the scenarios where either genuine mail is rejected or quarantined as spam, or spam emails potentially harboring ransomware and malware are allowed to travel further along the transport pipeline. Indeed, in the Exchange 2016 spam filter guide, it is recommended system administrators monitor false positives and spam avoiding detection on order to adjust the Exchange 2016 antispam settings as necessary.
How Greylisting Reduces Spam Email
Despite the number of Exchange 2016 anti spam features, there is one key anti spam feature missing – Greylisting. Greylisting is a process that returns every incoming email to its originating server with a request for the email to be resent. Usually genuine emails are returned by the originating servers within a couple of minutes, after which they are processed by the remaining anti spam features and allocated a Spam Confidence Level.
Spam emails rarely get returned. This is because spammers´ servers are so busy sending fresh spam emails, the request to send the returned email is ignored and times out. Therefore, regardless of the email´s sophistication, the acceptable Spam Confidence Levels applied, or whatever method of delivery has been attempted, the spam email never gets delivered – or clogs up a quarantine folder. This is a much easier approach than three front line tests that are complicated to administer.
How Greylisting Enhances Spam Detection Rates
Microsoft claims the Exchange 2016 antispam features capture more than 99% of spam emails when used as part of its premium Exchange Online Protection package. This claim is likely subject to what Spam Confidence Levels have been applied. With Greylisting, verified spam detection levels can be as high as 99.97% even if Spam Confidence Levels have been relaxed to prevent false positives.
What this means to a business being sent 10,000 spam emails per week is that the Microsoft 2016 antispam features will fail to detect about one hundred emails or 100 per week. An email filter with a Greylisting feature will fail to detect just three out of the 10,000. The huge reduction in spam email will reduce annoyance levels and the time it takes to identify and delete spam emails; and, more importantly, substantially reduce the risk of a successful phishing attack, malware deployment or ransomware infection.
Greylisting is available as an optional spam control, but it is strongly recommended to enable greylisting due to the added protection it offers. To avoid messages from key organizations from being delayed, trusted email addresses can be added to a white list to ensure they are always delivered immediately.
Anti Spam Email Filters from SpamTitan
SpamTitan´s anti spam email filters are the perfect complement to the Exchange 2016 anti spam feature-set. Not only do they include a Greylisting feature to maximize spam detection rates, they check each returned email against a database of IP addresses from which phishing emails are known to have originated, and perform a malicious URL check to further protect businesses from web-borne threats.
SpamTitan also supports outbound email filtering – a Microsoft feature only available to businesses running Office 365 via the premium Exchange Online Protection package. This feature can help identify compromised email accounts within a business´s internal network and prevent malware-infected emails being sent from the business´s mail server – potentially saving the business IP address from blacklisting.
Other features of our anti spam mail filters include:
- Easy administration via a centralized, web-based management portal.
- A choice of deployment options – including a cloud-based option and anti spam software.
- Directory synchronization as standard, rather than at a premium.
- Whitelist or blacklist senders with the click of a mouse.
- Flexible user policy application.
- Multiple web authentication settings.
- Compatible with all operating systems.
- Unlimited scalability.
- Advanced phishing protection.
How the SpamTitan Spam Filtering Service Works
It is easiest to explain how the SpamTitan spam filtering service works with a diagram. The image below details the many different processes that SpamTitan uses to differentiate genuine messages from spam and malicious emails. By applying SpamTitan on top of Microsoft Exchange – or Office 365 – it is possible to greatly improve your security posture and prevent sophisticated email-based threats from reaching your end users’ inboxes. 
How Does SpamTitan Compare with Microsoft Exchange and Office 365
Microsoft Exchange and Office 365 have many in-built security controls, although organizations that have become accustomed to dedicated security solutions with enhanced capabilities are likely to find Microsoft’s default security offering does not offer a sufficient level of protection. Phishing attacks are becoming much more sophisticated and new malware and ransomware variants are being released faster than ever before. Organizations that do not implement additional email security controls and rely on Microsoft Exchange or Office 365 are unlikely to be able to stop a significant percentage of these threats from being delivered to end users’ inboxes.
Listed below are some of the advanced anti-spam and anti-malware controls that are included in SpamTitan, which are lacking in Exchange Online Protection for Office 365.
Enhance Your Exchange 2016 Anti Spam Feature-Set with SpamTitan
If you would like to know more about SpamTitan´s anti spam mail filters and how they complement the Exchange 2016 anti spam feature-set, do not hesitate to contact us. Our team of Sales Technicians will be happy to answer your questions and will invite you to take advantage of a free trial of the SpamTitan solution most appropriate for your requirements.
Our free trial gives you the opportunity to evaluate our anti spam mail filters in your environment, tackling the spam emails your business receives every day. During the free trial you will have access to the full SpamTitan product and support services. A software engineer will be available to help you get the correct exchange 2016 antispam configuration and ensure a smooth and seamless transition from your current Microsoft exchange anti-spam solution to SpamTitan antispam for Exchange 2016.
At the end of the free trial, there is no obligation on you to continue using our spam filtering services; but, should you choose to do so, we offer a competitive range of subscription options based on the number of mail boxes SpamTitan will protect, your preferred deployment option and the frequency of payment.
Anti Spam Frequently Asked Questions (FAQs)
If SpamTitan has more filtering processes than Office365, doesn´t that slow email delivery?
Although SpamTitan has more filtering processes than Office 365, it does not slow the delivery of email because of the way in which the filtering processes are ordered. With SpamTitan, more spam emails are rejected earlier in the pipeline, giving the later processes less to do and reducing the potential for bottlenecks developing. In many circumstances implementing a SpamTitan email filter can actually accelerate email delivery.
How does Microsoft calculate Spam Confidence Levels?
It has never been disclosed how Microsoft calculates Spam Confidence Levels, but what is known is that there are seven levels. Level -1 is reserved for whitelisted senders, Level 0 (or 1 in some systems) shows the email has been scanned and is considered not to be spam, and Levels 5 to 9 indicate an increasing level of confidence that an email is spam.
What does relaxing Spam Confidence Levels to prevent false positives mean?
Relaxing Spam Confidence Levels to prevent false positives means that when administrators apply a Level 5 Spam Confidence setting to an Exchange 2016 server, everything rated at Level 5 and upwards is blocked or quarantined. This can result in genuine emails being blocked in error (“false positives”). To prevent false positives, administrators can relax Spam Confidence Levels to Level 6 or Level 7, but this will likely increase the amount of spam that evades detection.
Please can you expand on the benefits of outbound email scanning?
The benefits of outbound scanning include that businesses can identify when an internal account has been compromised by an external source. Compromised accounts can be used for sending spam; or, more likely, to distribute malware and launch phishing attacks from a “trusted account”. You can read more about the benefits of outbound email scanning in our blog.
Is SpamTitan as effective working alongside other Microsoft Exchange servers?
SpamTitan is as effective working alongside other Microsoft Exchange servers. For example, if your organization is still using Exchange 2010 or Exchange 2013 - or has upgraded to Exchange 2019 - SpamTitan will enhance the email filtering capabilities of these servers as well. If your organization is still using Exchange 2010, and you are considering an upgrade, please be aware of the changes to the Exchange FrontEnd Transport service.
Why do spam emails sometimes still get delivered to users' inboxes on Microsoft Exchange 2016?
Spam emails sometimes still get delivered to users’ inboxes on Microsoft Exchange 2016 for two reasons. The first is that spammers are constantly finding new ways to bypass existing defenses and the spam emails are not detected immediately by the Microsoft email filter because it is updated retrospectively. The second reason is that some administrators find the Microsoft email filter difficult to configure and set the acceptable Spam Confidence Levels too low.
What challenges arise from the Exchange 2016 spam filter's complexity?
The challenges that arise from the Exchange 2016 spam filter’s complexity are all to do with being able to fully understand the complexity so the spam filter is configured effectively. If the spam filter is configured too aggressively, it will block or quarantine genuine emails. If the settings are relaxed too much, the spam filter will fail to detect spam emails and deliver them to users’ inboxes.
How does SpamTitan complement the features of Exchange 2016?
SpamTitan complements the features of Exchange 2016 by offering Greylisting, checking returned emails against IP addresses known for distributing spam, malware, and phishing emails, and performing checks on embedded URLs to detect any that are malicious. SpamTitan also provides outbound email filtering, which can help identify compromised email accounts and prevent business’s IP addresses from being blacklisted.
Why is it crucial to monitor false positives and spam that avoids detection in the Exchange 2016 anti-spam system?
It is crucial to monitor false positives and spam that avoids detection in the Exchange 2016 anti-spam system so the system configuration can be fine-tuned. Depending on the reasons for false negatives or spam avoiding detection, it may be simpler to manually whitelist genuine emails and blacklist spam emails – or deploy SpamTitan in front of the Exchange 2016 anti-spam system.
How can SpamTitan prevent sophisticated email-based threats from reaching users' inboxes?
SpamTitan can prevent sophisticated email-based threats from reaching users’ inboxes using various advanced processes – including those that learn and are updated in real time. Additionally, SpamTitan supports “point-of-click” URL analysis, which stops users visiting websites that have been weaponized after the delivery of an embedded URL in an email. By layering SpamTitan on top of Microsoft Exchange or Office 365, businesses enhance security, making it harder for sophisticated threats to reach end users.