How does a spam filter work?
A spam filter on your emails is a great preventative tool to help keep your business secure. Spam filters work to block malicious threats like phishing, impersonation, malware, ransomware and spam-type messages. It is a preventative tool because it works to remove the threat before it has chance to reach the end users inbox, and will flag it in their quarantine to warn them before releasing the email. This helps to reduce the potential for end users to download malicious attachments and click on links to unscrupulous websites.
But how does a spam filter actually work? Let’s break it down to help you understand how this key feature of your security is working to help protect your business. The below flow diagram can help to visualise the stages as we describe them.
When we setup your spam filter, we change the direction of your mail flow to pass through the spam filter before reaching the end users in their chosen email client. This means that the first stage for the email is to pass through a multi-layered filtering engine.
This filter looks at the email header information to determine if the sender is blacklisted, or signs that suggest the email may be junk mail. There is lots of information within the header of an email for example every server that this email has passed through, date and time and security stamps. Basically the spam filter is looking to see if the sender of the email is trying to trick you as the recipient and then block you from receiving these emails, so things like replacing the letter O in a company name with the number zero.
Here at MJD we deploy Advanced Email Threat Protection from our spam filter partner, AppRiver, which also provides attachment assurance and link protection. Attachment assurance will analyse the attachments in a cloud-based sandbox and then if safe, deliver the attachment or deliver a disarmed version or PDF of the attachment. Link protection means that every link within an email that has passed through this spam filter is re-written and is checked at the time-of-click to always keep you safe no matter when you click on that link after receiving the email. The testing may take you to a safe site, provide a warning for suspicious content or block the link as a malicious website.
These additional features mean that we can offer you a high level of upfront protection for your end users from phishing attacks and virus/malware attacks in their inboxes. As with any spam filter, it will take a short period of time to learn your email traffic and need your help to whitelist genuine senders you wish to receive emails from, but after this period rest assured that the 24/7/365 threat analysis team are working to keep adding new threats to your inbox.
If you are interested in setting up Advanced Email Threat Protection please don’t hesitate to get in touch with the team here at MJD, we’d be more than happy to help.