Despite the emergence of digital collaboration tools such as Slack, Yammer, Huddle and others, email remains the most used method of communication in the workplace. Millions and millions of emails are sent and received each day. This means there are many opportunities for cyber-criminals to use email as a way of accessing a corporate system, stealing data, infecting it with ransomware, or whatever other nefarious activity they have in mind.
Spam is still the most widely deployed way of using email for cybercrime. While the overall spam levels are declining – in 2012, 69% of all email was unsolicited spam compared with 47.3% in 2020 – it remains a significant problem. Not only can it carry a potent and varied cybersecurity threat, but it can also be hugely disruptive to people’s working day.
What’s the most effective way for organizations to protect themselves against spam emails in 2021, and what anti-spam features should they be looking for in an anti-spam software solution?
What is Spam?
Spam is a term that many are familiar with yet is still one that people interpret slightly differently. Some people see unsolicited marketing or promotional emails as spam. These can be very annoying and intrusive, and legitimate marketers should only ever send emails when someone has opted-in to receive such emails.
But this type of spam is benign. What can be much more dangerous is spam with malicious intent. This can significantly impact an organization and has grown more and more sophisticated over the years. Gone are the days of emails purporting to be from a far-away prince requesting your bank account details. They have been replaced by much more realistic seeming (and therefore dangerous) emails that attempt to get recipients to click on a link and damage or hijack that user’s system.
Examples of this kind of spam are spyware and ransomware. The threat posed by these means that organizations must be continually ready to combat spam. Organizations need to manage this upfront, using keyword anti-spam. Clearswift's Secure Email Gateway, for example, comes with robust lexical analysis and regular expression rules, which search messages and content for keywords and phrases.
How Does Anti-Spam Software Work?
The Clearswift Secure Email Gateway has a multi-layer anti-spam solution designed to detect more than 99% of spam. The features are broken into two categories – connection level checks and content level checks.
Connection Level Checks
- Reputations – this sees every single external message checked against a real-time database (TRUSTManager) that contains the reputation of millions of IP addresses. If the reputation of a sender’s IP is classed as bad (the sender is a known source of spam), then the message can be dropped instantly. If the reputation is suspicious, then additional checks are made to get a more accurate assessment of the server. If the reputation is good, then some of the checks are not performed to streamline delivery of the message.
- Greylisting – if a sender's reputation is suspicious and Clearswift has not processed a message from that address before, the connection is initially rejected, and a request sent to the sender to retry and deliver the message. This eliminates spam botnets and reduces the amount of malware received by the system.
- RBL – the integrated Real-time Block List (RBL) within the solution can be supplemented with multiple other RBLs, such as Spamhaus, Abusix, Sorbs, and more. This system is designed to look at the sender's IP address to check if it has been involved in spam activity.
- Message Authentication Services – The Secure Email Gateway has algorithms built into the system, all designed to detect a spoofed message. This functionality is also aided using Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC).
- Validate sender – this is a straightforward check to see if the sender's domain exists or not. If it doesn’t, then the message is clearly spam.
- Validate recipient – To prevent dictionary attack methods, where spammers guess recipients in a business, the Secure Email Gateway maintains a list of all valid users to verify connections, allowing only valid ones and noting any failures. When the senders generate too many failures, the connection is dropped.
- BATV – Bounce Address Tag Validation (BATV) detects non-delivery spam received by the system. This is usually caused by cyber-criminals spoofing an internal email address and sending out spam mail. If this causes the generation of a non-delivery report, it will be sent back to the spoofed sender causing confusing.
Content Level Checks
The following features are all used to check the content within an email for signs that the message is spam:
- Phishing – this looks for the presence of URLs and/or attachments that indicate that the email is a phishing message and not just bulk spam or a newsletter. Using multiple sources of phishing data, this Clearswift feature allows phishing emails to be separated from other promotional spam.
- Signatures – the focus here is on messages that are sent in bulk. Standard emails are rarely sent to mass recipients, so those that are, are generally classified as spam.
- Content – cyber-criminals have become more creative and more persistent over the years, pushing the limits of HTML formatting in order to bypass spam filters. The Secure Email Gateway looks for these creative approaches to provide another layer of protection for organizations keen to identify spam.
As big a problem as spam can be, and despite the comprehensive functionality in the Clearswift Secure Email Gateway, few organizations are likely to base their email security purchasing decisions solely on anti-spam functionality alone. That is why the Clearswift solution comes with a range of other features that help make it such a compelling email security platform, capable of protecting a business against various email and data loss threats.