The effectiveness of a spam antivirus filter can vary considerably depending on the mechanisms used to identify spam and malware, and the order in which the mechanisms are applied. Even the functions of the antivirus software used in the filtering solution can make a difference between malware being identified as a threat or allowed into your organization´s network.
These multiple factors can create headaches for organizations evaluating the effectiveness of spam filtering solutions. Spam filtering solutions often mention how good they are at “x”, but not necessarily “y” or “z”. Unless an organization is aware of every factor that contributes to an effective spam antivirus filter, the scenario exists whereby they may select a solution that creates more problems than it solves.
Why do Spam Filtering Solutions have so many Mechanisms?
A spam antivirus filter has multiple mechanisms to detect spam and malware because spammers and hackers use a variety of techniques to send malicious emails. No single tool or process can eliminate all spam and malware threats, so spam filtering solutions have a multilayered and multifaceted approach to filtering inbound emails in order to identify those which are malicious.
Because of the number of processes used to filter inbound emails, the order in which the mechanisms are applied is important to prevent queues forming in a mail server. Front end tests such as comparisons against Realtime Blackhole Lists, Sender Policy Frameworks, and SMTP Controls quickly determine if an email is spam before remaining emails pass through a more intensive process that scans emails and attachments for viruses.
The antivirus software used to scan email and attachments should have malicious URL blocking and phishing protection. Malicious URLs hidden within emails and their attachments – and phishing attacks – are now bigger threats to organizations´ online security than rootkits, adware and spyware. Without these features, a spam antivirus filter is not fully effective.
Two Important Features Every Spam Antivirus Filter Should Have
The front end tests conducted by a spam antivirus filter are based upon “known” spammers and their IP addresses. Consequently, if spam is sent from a new source, it is not necessarily picked up by the front end tests. Leading spam filtering solutions have additional “second-wave” features to identify spam from previously unknown sources – “Bayesian Analysis” and “Greylisting”.
Bayesian Analysis inspects the content of an email for words regularly associated with spam and attempts to disguise the words. For example, a spammer may send an email with the title “VVin α þrize” – two “Vs” representing the “W” of “Win”, the Greek letter “α” representing “a”, and the Icelandic symbol for “th” representing “P”. Some spam filtering solutions would not identify the title as a potential threat – passing the email through to its intended recipient.
However, Bayesian Analysis would recognize the rather weak attempt to avoid spam detection and send the email for Greylisting. This process involves sending the email back to the sender´s server and asking for it to be resent. Because spammers´ servers are too busy sending out emails, the request to resend the email is declined. The “VVin α þrize” email is then classified as spam and quarantined. In this way, the two mechanisms prevent spam from previously unknown sources avoiding detection.
The Cost of an Ineffective Spam Antivirus Filter
It only takes one click of a link on a malicious email to allow malware into your network, and the cost of such an error can be colossal. In 2015, the Ponemon Institute produced “The Cost of Phishing & Value of Employee Training” report in which researchers calculated the average cost to an organization of removing malware infections and recovering data was $1.8 million.
Even with highly-trained staff aware to the risks of spam emails, cost of an ineffective spam antivirus filter can be significant. It takes an average of four seconds to identify and delete a spam email. If yours is an organization employing 500 staff, and each were to receive five spam emails per day, an ineffective spam antivirus filter would cost your organization more than 109 days of lost productivity per year.
By comparison, the cost of implementing an effective spam antivirus filter is typically less than $10.00 per employee per year.
SpamTitan Spam Filtering Solutions
TitanHQ is an international company that has been developing email and web security solutions since 1999. More than 5,000 customers use SpamTitan, our suite of spam filtering solutions to detect spam emails and prevent email-borne malware from infecting their networks. We offer two spam filtering solutions that are top-rated for “x” (spam detection), “y” (malware detection) and “z” (false positives) – “SpamTitan Gateway” and “SpamTitan Cloud”.
- SpamTitan Gateway is a software appliance that is installed between your organization´s firewall and its mail server. It is a robust spam antivirus filter that consistently has one of the best catch rates for Anti-Spam appliances from a host of market leaders. SpamTitan Gateway is an ideal solution for Managed Service Providers (MSPs).
- SpamTitan Cloud is a cloud-based spam antivirus filter that simply requires a minor change to your organization´s mail exchanger (MX) record to implement. With virtually no maintenance overhead and a choice of three hosting options, SpamTitan Cloud is one of the most versatile spam filtering solutions available.
Both spam filtering solutions use the same mechanisms to block 99.97% of spam email and 100% of malware content and attachments with a low false positive rate of 0.03%. Both solutions include malicious URL blocking and phishing protection, and Bayesian Analysis and Greylisting. Both also have an easy-to-use administration console that includes customizable configuration settings, filtering options, monitoring features, and report options.
One further advantage of SpamTitan Gateway and SpamTitan Cloud is that they scan outbound emails for content or attachments that may be interpreted as spam. The importance of outbound scanning is that it prevents your organization´s IP address from inadvertently being included on a Realtime Blackhole List – the consequence of which being that your organization’s emails would get identified as spam and blocked by your customers´ spam filtering solutions.
Your Invitation to Try SpamTitan for Free
Just as no two organizations are the same, no two spam filtering solutions are identical. Consequently we invite you to try SpamTitan for free for thirty days in your own environment in order to witness just how user-friendly, versatile and effective our spam antivirus filter is.
Our offer consists of a fully-enabled spam antivirus filter with comprehensive customer and technical support. After the thirty-day trial period, there is no obligation on your organization to continue with the service – although we do provide a range of pricing plans to suit every budget.
Wouldn´t the Greylisting process delay the delivery of business-critical emails?
Although the Greylisting process can delay the delivery of emails by up to several minutes, it is possible to circumnavigate the process by adding the sender of the email to a whitelist (effectively an “approved sender” list). Approved senders can be quickly added and removed to a whitelist as necessary. This will eliminate any delays between the inbound mail server and the recipient´s inbox.
Does outbound scanning just check for potential spam content?
Outbound email scanners also check for malware within or attached to an email. Although it may seem unlikely an employee would deliberately send malware from a device connected to the corporate network, he or she may have unknowingly acquired it on their device or in a file they may have prepared on - for example - a home computer.
How are inbound spam emails treated by the spam antivirus filter?
Organizations have a choice of how spam emails are treated. They can be automatically blocked, deleted, sent to a quarantine folder, or delivered and flagged according to their confidence score. Initially it can be better to select a mid-range spam tolerance level, before reviewing reports of blocked, deleted, and quarantined emails in order to revise the spam tolerance level as necessary.
Is it possible to apply different spam tolerance levels per department?
Spamtitan spam filtering solutions facilitate granular spam tolerance levels by user, team, and/or department. Therefore, if you have concerns your sales team might miss a potential lead because it is sent to quarantine, but you want to protect your finance team from phishing emails, you can apply a higher spam tolerance level to emails addressed to the sales team.
How much does it cost for a spam antivirus filter?
Our spam antivirus filters are subscription-based services and priced according to the number of email inboxes you wish to protect and the length of time you wish to subscribe to our service. To help businesses better understand the cost of a spam antivirus filter, we provided a cost calculator, or you are invited to contact us and request a quote.