Although the default Microsoft Exchange spam filter has a number of features to help block spam and protect businesses from email-based threats such as phishing, malware and ransomware, few people speak highly of the built-in mechanism of anti spam for Exchange. One of the most common criticisms is the default Exchange anti spam mechanisms are not as effective at detecting spam as third party solutions and many threats bypass Microsoft’s controls and are delivered to inboxes. Since all it takes for a data breach to occur is for one employee to respond to a phishing email, it is vital that the vast majority of threats are blocked.
One of the reasons for this is the way in which some third party solutions approach spam detection – using Greylisting to prevent spam from previously unknown sources, and SUBRL filters to detect malicious URLs within the body of emails. Other features that could increase Exchange email security are also absent from the default Microsoft Exchange spam filter – Exchange Online Protection (EOP), or have to be paid for separately by upgrading to Advanced Threat Protection (APT). For many businesses, APT is prohibitively expensive especially when third-party solutions can be purchased at a fraction of the cost and provide equivalent or better protection.
How Greylisting and SUBRL Filtering Enhances Exchange Email Security
Greylisting and SUBRL filtering could significantly enhance Exchange email security – if they were present. When third party anti-spam solutions are implemented, these two mechanisms work independently of Microsoft´s real-time blackhole lists (RBLs) to increase spam detection rates and prevent phishing emails reaching their intended recipients. Greylisting in particular can increase spam detection rates from the 99% achieved by the default Microsoft Exchange spam filter to 99.97% with no false positives. Greylisting involves rejecting a message and requesting it be resent by the server where it originated. Spammers’ servers are usually involved in massive spam campaigns, and are too busy to respond. The delay indicates the messages have come from a new spamming source. Greylisting is an optional spam control with SpamTitan. While it is highly recommended to have greylisting enabled, messages may be delayed by a few minutes. When used in combination with whitelisting for trusted senders, important emails will not be delayed.
SUBRL filtering works in a similar way to real-time blackhole lists; but rather than compare the IP addresses of inbound emails against a list of known sources of spam, the filter compares links in emails against a list of URLs known to be malicious. This feature prevents users clicking on a link they believe to be safe and visiting a phishing website or malicious site hosting malware.
Antispam Exchange Outbound Filtering
One of the “absent/paid for” features is antispam Exchange outbound scanning. Outbound scanning is particularly important for Office 365 users following the introduction of the “IP reputation” marking system, as any business considered to be sending spam or malware could find its IP address on Microsoft´s real-time blackhole list. This would not only affect business-critical communication channels, but could potentially result in the business´s website being blacklisted.
Antispam Exchange outbound filtering monitors outbound emails for any signs of spam which could indicate an email account has been compromised as the result of a phishing attack. Antispam Exchange outbound filtering is important, but Office 365 users only get access to this feature if they pay for it via an Advanced Threat Protection package.
The Complicated Nature of Anti Spam for Exchange
Another common criticism of the Microsoft Exchange spam filter is it is too complicated. Naturally, the aim of anti spam for Exchange is spam detection and reporting. However, due to the complicated nature of anti spam for Exchange, Spam Confidence Levels can be set too low with the consequence that the filter is ineffective at preventing spam. Alternatively the levels can be set too high – resulting in genuine emails being quarantined for having marginally spammy content.
Once you combine anti spam for Exchange with Office 365 and Exchange Online Protection (or Forefront Protection for Exchange 2010), the complicated nature of anti spam for Exchange multiplies. Furthermore, businesses that want to use the Directory Synchronization feature to help better manage their email accounts have to subscribe to an Advanced Threat Protection package. Third party email filtering solutions eliminate the complexity, which is another reason why they are often favored over the default Microsoft Exchange spam filter.
SpamTitan´s Spam Filter for Exchange
SpamTitan´s spam filter for MS Exchange has many of the features that are absent from default Microsoft Exchange spam filter and are only provided with APT. SpamTitan enhances Exchange email security with Greylisting and SUBRL filtering, uses antispam Exchange outbound filtering to identify compromised email accounts, and has automatic updating to ensure the spam detection mechanisms and antivirus software is always current. System administrators will find SpamTitan offers flexible user policy application and has multiple web authentication settings, plus our spam filter for Exchange is universally compatible and infinitely scalable. The advanced mechanisms of spam detection in SpamTitan will increase spam detection rates from around 99% to 99.97%. In addition to improving detection rates, SpamTitan has been designed to be easy to use and includes (free) synchronization with directory tools such as Active Directory.
How SpamTitan Differs from Microsoft Exchange Online Protection and Office 365
Microsoft Exchange and Office 365 incorporate security features to provide a basic level of spam protection; however organizations will no doubt discover that a significant number of spam messages and email threats still reach the mailboxes of their employees. Even if security awareness training is provided to employees, there will always be some employees that open malicious email attachments or click hyperlinks that direct them to phishing websites. Organizations therefore need to implement an advanced spam filtering solution to block these email threats and ensure they are not delivered to inboxes. Exchange Online Protection and Office 365 email security controls alone will not provide the level of protection that most organizations need.
Listed below is a summary of the features of SpamTitan that are lacking in Office 365 email security and Exchange Online Protection.
Try Our Exchange Anti Spam Solution for Free
If you have found little about the Microsoft Exchange spam filter to speak highly of, and would like to try our Exchange anti spam solution for free, do not hesitate to get in touch. Our Sales Technicians will be happy to answer any questions you have about SpamTitan and its suitability as an Exchange anti spam solution, suggest the best deployment option for your business, and will guide you through the registration process to start your free trial.
The free trial of our Exchange anti spam solution gives you the opportunity to evaluate SpamTitan in your own environment with the volume of email traffic you are accustomed to. The trial also gives you the opportunity to experiment with different features until you find the optimum Spam Confidence Levels for your specific needs so that, should you decide to continue using our service at the end of the trial, no further configuration of our Exchange anti spam solution will be necessary.
- SpamTitan has a higher spam capture rate than the Microsoft Exchange spam filter.
- SpamTitan´s Greylisting feature overcomes issues with Microsoft´s “IP throttling” feature.
- SpamTitan is more likely to prevent the delivery of spear phishing emails and BEC attacks.
- SpamTitan offers outbound mail filtering as a free feature rather than as a premium service.
- SpamTitan is much simpler to use than the Microsoft Exchange spam filter – reducing the risk of human error.
- SpamTitan is available as anti spam software solution or a cloud-based filter
- You can try our SpamTitan Exchange Anti Spam Solution for free. Contact us today to find out more.
Microsoft Exchange Spam Filter FAQ
What should everyone know about spam filtering?
A spam filter is the most important technical measure you can implement to reduce the risk of email impersonation and phishing attacks. Choose a solution with sandboxing to block zero-day attacks, greylisting to identify and block new sources of spam, and outbound filtering for data loss prevention and detecting compromised email accounts.
Why is it important to use a third-party spam filter for Office 365?
Office 365 only includes a basic level of protection against spam, malware, and phishing, so many threats will not be blocked. SpamTitan adds an extra layer of security and will greatly improve protection against zero-day and sophisticated phishing threats through sandboxing, greylisting, and advanced machine learning techniques.
What is greylisting?
Greylisting is the term given to temporarily rejecting an email message and requesting it be resent. Since email servers used for spamming do not typically respond to these requests, or delay resending messages as they are busy on huge spam runs, it helps to determine if the sender is spamming. It is an important control for detecting new sources of spam.
Will a spam filter block all malware sent via email?
No. New malware variants are constantly being released and many spam filters only use signature-based detection so they will only detect known malware threats. This is why SpamTitan uses sandboxing in addition to dual AV engines. Unknown and suspicious programs and files are sent to the sandbox for in-depth analysis to identify malicious actions.
Does SpamTitan work with all Microsoft Exchange servers?
SpamTitan can be used with Microsoft Exchange 2010, 2013, 2016, and 2019 servers. Setup is a quick and easy process and our support engineers will guide you through the process. Once configured, SpamTitan is a set and forget solution that requires no patching and very little ongoing maintenance.