As you would expect from Microsoft, the Exchange 2016 anti spam feature-set is fairly good. It includes real-time block lists, Recipient Verification Protocols, Sender Policy Frameworks and a proprietary version of Bayesian analysis (the “Content Filter” agent) that allocates a Spam Confidence Level to each inbound email. However, spam emails still manage to get delivered into email users´ inboxes. Why?
This is generally attributed to spam becoming more sophisticated. Spammers are resourceful and are constantly trying to find new ways to bypass email filters. Sometimes they are lucky due to system administrators setting the acceptable Spam Confidence Levels too low. Other times they may be ahead of the game and have conceived a method of delivery by which their spam emails can avoid detection.
Exchange 2016 Spam Filter Fights Sophistication with Sophistication
In order to address the growing level of sophistication, the Microsoft Exchange 2016 spam filter has three front line defenses at which emails can be rejected, quarantined or allowed through for further testing. Although the purpose of the Connection Filtering agent, Recipient Filter agent, and Sender Filter agent is to save processing, bandwidth and disk resources further down the transport pipeline, it does make the Exchange 2016 spam filter complicated to administer.
Due to the additional administrative process, there is a higher likelihood of configuring the Exchange 2016 spam filter too aggressively or too generously – resulting in the scenarios where either genuine mail is rejected or quarantined as spam, or spam emails potentially harboring ransomware and malware are allowed to travel further along the transport pipeline. Indeed, in the Exchange 2016 spam filter guide, it is recommended system administrators monitor false positives and spam avoiding detection on order to adjust the Exchange 2016 antispam settings as necessary.
How Greylisting Reduces Spam Email
Despite the number of Exchange 2016 anti spam features, there is one key anti spam feature missing – Greylisting. Greylisting is a process that returns every incoming email to its originating server with a request for the email to be resent. Usually genuine emails are returned by the originating servers within a couple of minutes, after which they are processed by the remaining anti spam features and allocated a Spam Confidence Level.
Spam emails rarely get returned. This is because spammers´ servers are so busy sending fresh spam emails, the request to send the returned email is ignored and times out. Therefore, regardless of the email´s sophistication, the acceptable Spam Confidence Levels applied, or whatever method of delivery has been attempted, the spam email never gets delivered – or clogs up a quarantine folder. This is a much easier approach than three front line tests that are complicated to administer.
How Greylisting Enhances Spam Detection Rates
Microsoft claims the Exchange 2016 antispam features capture more than 99% of spam emails when used as part of its premium Exchange Online Protection package. This claim is likely subject to what Spam Confidence Levels have been applied. With Greylisting, verified spam detection levels can be as high as 99.97% even if Spam Confidence Levels have been relaxed to prevent false positives.
What this means to a business being sent 10,000 spam emails per week is that the Microsoft 2016 antispam features will fail to detect about one hundred emails or 100 per week. An email filter with a Greylisting feature will fail to detect just three out of the 10,000. The huge reduction in spam email will reduce annoyance levels and the time it takes to identify and delete spam emails; and, more importantly, substantially reduce the risk of a successful phishing attack, malware deployment or ransomware infection.
Greylisting is available as an optional spam control, but it is strongly recommended to enable greylisting due to the added protection it offers. To avoid messages from key organizations from being delayed, trusted email addresses can be added to a white list to ensure they are always delivered immediately.
Anti Spam Email Filters from SpamTitan
SpamTitan´s anti spam email filters are the perfect complement to the Exchange 2016 anti spam feature-set. Not only do they include a Greylisting feature to maximize spam detection rates, they check each returned email against a database of IP addresses from which phishing emails are known to have originated, and perform a malicious URL check to further protect businesses from web-borne threats.
SpamTitan also supports outbound email filtering – a Microsoft feature only available to businesses running Office 365 via the premium Exchange Online Protection package. This feature can help identify compromised email accounts within a business´s internal network and prevent malware-infected emails being sent from the business´s mail server – potentially saving the business IP address from blacklisting.
Other features of our anti spam mail filters include:
- Easy administration via a centralized, web-based management portal.
- A choice of deployment options – including a cloud-based option and anti spam software.
- Directory synchronization as standard, rather than at a premium.
- Whitelist or blacklist senders with the click of a mouse.
- Flexible user policy application.
- Multiple web authentication settings.
- Compatible with all operating systems.
- Unlimited scalability.
- Advanced phishing protection.
How the SpamTitan Spam Filtering Service Works
It is easiest to explain how the SpamTitan spam filtering service works with a diagram. The image below details the many different processes that SpamTitan uses to differentiate genuine messages from spam and malicious emails. By applying SpamTitan on top of Microsoft Exchange – or Office 365 – it is possible to greatly improve your security posture and prevent sophisticated email-based threats from reaching your end users’ inboxes.
How Does SpamTitan Compare with Microsoft Exchange and Office 365
Microsoft Exchange and Office 365 have many in-built security controls, although organizations that have become accustomed to dedicated security solutions with enhanced capabilities are likely to find Microsoft’s default security offering does not offer a sufficient level of protection. Phishing attacks are becoming much more sophisticated and new malware and ransomware variants are being released faster than ever before. Organizations that do not implement additional email security controls and rely on Microsoft Exchange or Office 365 are unlikely to be able to stop a significant percentage of these threats from being delivered to end users’ inboxes.
Listed below are some of the advanced anti-spam and anti-malware controls that are included in SpamTitan, which are lacking in Exchange Online Protection for Office 365.
Enhance Your Exchange 2016 Anti Spam Feature-Set with SpamTitan
If you would like to know more about SpamTitan´s anti spam mail filters and how they complement the Exchange 2016 anti spam feature-set, do not hesitate to contact us. Our team of Sales Technicians will be happy to answer your questions and will invite you to take advantage of a free trial of the SpamTitan solution most appropriate for your requirements.
Our free trial gives you the opportunity to evaluate our anti spam mail filters in your environment, tackling the spam emails your business receives every day. During the free trial you will have access to the full SpamTitan product and support services. A software engineer will be available to help you get the correct exchange 2016 antispam configuration and ensure a smooth and seamless transition from your current Microsoft exchange anti-spam solution to SpamTitan antispam for Exchange 2016.
At the end of the free trial, there is no obligation on you to continue using our spam filtering services; but, should you choose to do so, we offer a competitive range of subscription options based on the number of mail boxes SpamTitan will protect, your preferred deployment option and the frequency of payment.
Anti Spam Frequently Asked Questions (FAQs)
If SpamTitan has more filtering processes than Office365, doesn´t that slow email delivery?
Not at all. Because of the way in which the filtering processes are ordered, more spam emails are rejected earlier in the pipeline - giving the later processes less to do and reducing the potential for bottlenecks developing. In many circumstances implementing a SpamTitan email filter can actually accelerate email delivery.
How does Microsoft calculate Spam Confidence Levels?
Microsoft doesn´t disclose how Spam Confidence Levels are calculated, but what is known is that there are seven levels. Level -1 is reserved for whitelisted senders, Level 0 (or 1 in some systems) shows the email has been scanned and is considered not to be spam, and Levels 5 to 9 indicate an increasing level of confidence that an email is spam.
What does relaxing Spam Confidence Levels to prevent false positives mean?
When administrators apply a Level 5 Spam Confidence setting to an Exchange 2016 server, it means everything rated at Level 5 and upwards is blocked. This can result in genuine emails being blocked in error (“false positives”). To prevent false positives, administrators can relax Spam Confidence Levels to Level 6 or Level 7, but this will likely increase the amount of spam that evades detection.
Please can you expand on the benefits of outbound email scanning?
Outbound email scanning enables businesses to identify when an internal account has been compromised by an external source. Compromised accounts can be used for sending spam; or, more likely, to distribute malware and launch phishing attacks from a “trusted account”. You can read more about the benefits of outbound email scanning in our blog.
Is SpamTitan as effective working alongside other Microsoft Exchange servers?
Certainly. If your organization is still using Exchange 2010 or Exchange 2013 - or has upgraded to Exchange 2019 - SpamTitan will enhance the email filtering capabilities of these servers as well. If your organization is still using Exchange 2010, and you are considering an upgrade, please read this support post about changes to the Exchange FrontEnd Transport service.