As with most software-as-a-service (SaaS) solutions, a hosted spam filtering service is available on demand, has minimal maintenance overheads, and requires little initial investment. To install on-premises solutions, a business would need thousands in initial setup costs, the real estate to house the equipment, and the administrator’s time to install and configure the solution. With SaaS anti-spam solutions like SpamTitan, a business can have the solution installed and configured within minutes without needing any real estate for physical equipment.
Despite being hosted in the cloud, businesses using a cloud-based anti-spam service retain complete control of their email filtering policies. They can apply those policies by individual users, user groups, or companywide through integration with directory services such as Active Directory (AD). In contrast to appliances and software installations, setup only takes a few minutes of administrator time, including a slight change to the MX record stored on a nameserver.
Within this article, we explain the benefits of a hosted spam filtering, describe in more detail how a hosted spam filtering service works, and identify the features an anti-spam cloud filter should include to obtain the best results. Readers can fast-track to any of these sections by using the links below. First, we will explain why spam filtering is so important and why it is unwise to rely on the default spam filtering protections provided by your email provider.
Why is Hosted Spam Filtering Important?
Most people are familiar with spam boxes offered with free email solutions (e.g., Gmail or Yahoo), but effective business-grade spam filters and standard free spam filters have significant differences. According to the latest industry statistics, 333 billion emails are sent daily in 2022, and nearly half of these messages are spam. The term “spam” means a message is unwanted or unsafe, and the message could contain malware or ransomware. Spam messages could be phishing attacks to obtain sensitive information such as usernames and passwords.
Standard email filters you get with free services detect approximately 97% – 99% of spam emails depending on the “acceptable spam thresholds” applied by system administrators. Messages identified as spam are either rejected, quarantined, or flagged in the software and displayed to a recipient as spam. System administrators set the threshold for spam filters, but users have some control over inboxed messages versus spam-filtered messages sent to their spam boxes.
One main difference between free email spam filters and business-grade spam software is that users can still access spam messages in a spam box. This means that users can browse their spam box for any unwanted messages and interact with the sender. Allowing users to read spam messages will enable them to interact with phishing links or fall victim to credential theft. Even though a spam box hides a message in a separate location, it does not stop a recipient from interacting with a phishing or malware-laden email. Free spam box solutions are not effective for businesses.
Approximately 1% to 3% of spam emails are delivered to end-user mailboxes with potential consequences. We’ve collected a list of possible outcomes from poor email filtering solutions.
The Potential Consequences of Undetected Spam Email
Productivity loss: The average cost to an organization to manage spam is $285 per person without any email filtering solution. In addition to productivity loss, businesses also pay for bandwidth, storage, and administrator staff needed to manage spam messages.
Malware installation: According to the latest threat intelligence reports, one in every 359 email messages contains malware. Malware is malicious software that can range in severity from adware and spyware to trojans, worms, and rootkits. The worst malware installs silently in a corporate environment and exfiltrates sensitive data. Other malware gives remote control access to cyber-criminals and continues communicating with a central command and control (C2) server where attackers can send the local machine instructions. A local machine under control can be used in a botnet for a distributed denial-of-service (DDoS), send data to a remote server, or allow attackers to control it remotely.
Ransomware: The Federal Reserve Bank of Atlanta reports that the average ransomware payment for businesses was $4.7 million. Most cyber-attacks are financially motivated, and ransomware provides cyber-criminals an effective way of extorting millions from firms. The ransom payment is just a fraction of the total costs attributed to ransomware. Businesses still need to shoulder the costs for remediation, containment, investigations, legal fees, and any loss of revenue from brand damage. Total costs from ransomware can be several millions of dollars over the immediate ransom payment.
Phishing emails: As of 2022, IBM reports that phishing and BEC (Business Email Compromise) attacks are the most expensive threats today. The IBM Cost of a Data Breach 2022 report indicated that companies spend an average of $4.89 million after an event. Ransomware, BEC, and phishing threats cost more than the initial containment and remediation. Companies must also pay for investigation and legal fees, and most serious data breaches result in a loss of revenue from brand reputation damage.
Loss of reputation: Some malware variants can steal end-user email credentials, and stolen user email accounts are used to send spam messages from the business´s mail server. The business email server IP address could then be added to global blocklists, which means that companies and ISPs might block all emails coming from the business email server. When a business email server IP address is added to a global blocklist, all emails –including legitimate messages—will not reach the intended recipient. Having an email server blocked could result in the interruption of important communication, and it could harm business negotiations or customer trust when messages are filtered out or sent to spam boxes.
Credential theft: Phishing messages often ask employees to click a link. The link points to a phishing site where users can be tricked into divulging their network credentials or their credentials for productivity software. With these credentials, cyber-criminals can authenticate into the business network or use employee credentials to authenticate into their production software. Credential theft is more complex than most threats because the user account stealing data is legitimate. It could take months to finally detect a threat from credential theft.
These potential consequences are just a few of the significant challenges facing businesses. Spam filtering solutions protect businesses from most email-based threats and stop them from causing critical data breaches. Spam filtering offers spam detection rates of up to 99.97%, depending on the “acceptable spam thresholds” administrators set during the installation and configuration of their solution. By reducing the number of spam emails accessing employee inboxes, business employees, including IT administrators, spend less time managing unwanted and unsafe emails. Reducing spam overhead, in turn, increases productivity. In addition to data protection and protection from phishing, businesses can significantly improve their security posture and prevent costly cyber-attacks and data breaches.
Did You Know?
99.99%
SpamTitan's spam catch rate
11 Seconds
a ransomware attack occurs
$285
the average cost to manage spam per person without an email filter
56.50%
of all email is spam
How Anti-Spam Solutions Offer Effective Filtering
The reason why such a high percentage of spam emails evade detection is that spammers are continuously devising new ways to penetrate email security defenses. The cybersecurity landscape constantly changes, so any email filtering solution must adapt. One benefit of cloud-based email filters like SpamTitan is integrated threat intelligence, where zero-day threat detection is incorporated as soon as new threats are identified. Due to the increasing sophistication of spam and other email-based threats, modern antispam solutions take a dynamic approach to email filtering that incorporates highly effective filtering techniques.
A few sophisticated email filtering strategies incorporated with SpamTitan include:
Domain Name Server Blackhole Lists (DNSBLs): DNSBLs compare the IP addresses of inbound emails against those of known and suspected spam sources and reject quarantine or flag any originating from an IP address with a poor reputation. A blocklist of email server IPs changes daily, so your chosen solution should update its blocklist frequently to identify the latest spam email servers.
Sender Policy Framework (SPF): An SPF strategy prevents the delivery of “spoofed emails” by checking the domain servers to ensure that the sender server’s IP address is listed as an authorized sender for email messages. The official business must add an SPF record to their nameserver records to leverage SPF. Once SPF is configured, any unauthorized servers used to mimic the official domain in the email sender address will be dropped by the recipient email server. Using SPF strategies, the legitimate business cannot be the victim of impersonation, more commonly called “email spoofing.”
Content Analysis Tools: Sophisticated tools analyze email headers and email content of inbound messages and allocate a “spam score.” The spam score is compared to the email filter’s tolerance level configurations. If the preset spam tolerance level is exceeded, flagged messages are quarantined or rejected. These tools should also incorporate machine learning and use heuristic data to learn from previous false positives and false negatives and progressively improve results over time.
Recipient Verification Protocols: Verification protocols compare the recipient addresses of inbound emails to ensure they match a valid mailbox (e.g., j.doe@xyz.com, sales@xyz.com, etc.). If they don’t, they are rejected or quarantined. Some administrators use a catch-all email address where rejected email messages are sent. Administrators can then review redirected messages to review them for malware or simple spelling mistakes added by legitimate senders.
URIBL and SURBL Filters: Some unwanted messages are phishing and not nuisance spam. URIBL and SURBL filters identify embedded malicious URLs that link to websites known to host malware or phishing kits. SpamTitan uses several factors to identify malicious embedded links, including URIBL and SURBL filters, heuristic data, artificial intelligence, and threat intelligence.
SMTP controls: Simple Mail Transfer Protocol (SMTP) is the primary communication framework for passing email messages from the sender server to the recipient server. SMTP dashboard controls perform several tests to verify the source of email messages. These tests include checking the originating email´s MX record, confirming qualified “MAIL FROM” commands, and looking for digital signatures. Digital signatures are used in DMARC (Domain-Based Message Authentication Reporting), which works with SPF (mentioned above) to quarantine messages using spoofed sender domains. Recipient email servers can use a digital signature to verify that an email message has not been altered, and it can be used to tell recipient servers how to deal with tampered messages.
Some – but not all – anti-spam solutions also have the option of activating the greylisting process. This filtering technique returns email messages to the originating server, requesting them to be re-sent. Spammer mail servers often ignore requests from bounced greylisted messages, as they are too overloaded with sending spam to reply. The result is that a spam message is never resent, so it never reaches the intended recipient. This technique is the most effective way to prevent spam from IP addresses and domain names that are “not yet known” to DNSBL, URIBL, and SURBL filters.
The Benefits of Cloud-Based Spam Filtering
Although hardware and software-based email filters exist, cloud-based spam filtering offers more sophisticated ways to block spam. It solves some of the challenges of traditional hardware and software email filters. Cloud-based email filtering solutions are much simpler and more cost-effective for organizations to connect their mail servers to a cloud-based anti-spam service than installing hardware or software-based solutions, including maintenance and keeping them updated.
Since the filtering process is performed in the cloud, corporations can offload resource usage to the cloud provider. Email server filtering services use the cloud provider’s CPU and storage resources in a data center rather than on internal on-premises infrastructure. That means more filtering techniques can be incorporated into the cloud spam filter, effectively filtering without negatively affecting network performance.
Because cloud-based anti-spam software is installed on data center servers, it’s compatible with all operating systems and scales indefinitely. Businesses control costs and scale budgets up and down based on the number of user inboxes protected by the cloud filtering solution. Business costs are lowered when companies no longer need to buy storage and server resources to support their upper-limit user count without being able to scale down.
How a Hosted Spam Filtering Service Works
Connecting to a hosted spam filtering service takes just a few minutes and involves redirecting the mail exchange (MX) record to the service provider’s filtering service. After that, the filtering process is conducted in the cloud, the service provider undertakes software updates, and the only configuration required is to meet the business´s monitoring and reporting requirements.
Typically, a hosted spam filtering service integrates with LDAP and Active Directory, so email filtering policies can be applied with the click of a mouse to different user groups and departments. After that, new approaches can be used – or existing policies adjusted – via a web-based portal through which spam filtering controls are managed for the entire organization without needing any per-device agents.
From the web-based portal, administrators can allow approved senders, apply “acceptable spam thresholds,” monitor real-time activity on the mail server, and schedule activity and quarantine reports. Administrators can also connect with their service providers via the web-based portal so a secure channel can be created for troubleshooting any issues with the hosted spam filtering service.
Hear from our customers
Features an Antispam Cloud Filter Should Include
Many mechanisms a cloud antispam filter should include to achieve effective filtering have been mentioned above (Domain Name Server Blackhole Lists, Sender Policy Frameworks, etc.). However, there are other important considerations when choosing an antispam cloud filter or other email filtering solution.
Versatility and Ease of Use
Adequately managing the volume of email arriving in a large business can be problematic without a versatile and easy-to-use solution. A cloud spam filter should have granular controls and be easy to use. For example, a company may wish to apply a higher acceptable spam threshold for its finance team than its sales team so as not to block sales inquiries while ensuring maximum protection for the finance department, which is often extensively targeted by cybercriminals.
Antivirus Software
Most businesses will already be protecting their networks with antivirus software. Still, the benefit of including antivirus software in an antispam cloud filter is that viruses can be caught and blocked at source, rather than with a retrospective virus scan – by which time damage may already have been caused. As with the filtering process, virus scanning is conducted in the cloud to avoid draining the resources of on-premises CPUs. Solutions that include dual anti-virus engines offer greater protection as they maximize the chance of detecting known malware. Sandboxing is also essential for detecting new (0day) malware threats that have yet to have their signatures added to the virus definition lists used by AV engines.
Outbound Scanning
Outbound scanning is an essential feature as it identifies spam, malware, and phishing attacks sent by malicious insiders and through compromised mailboxes. Outbound scanning is one of the ways that successful phishing attacks are detected, allowing swift action to be taken to remediate the attack. If other spam filters identify outbound mail as having a high spam score, it can harm a business’s reputation.
SpamTitan’s Cloud-Based Anti-Spam Service
SpamTitan Cloud is a dynamic cloud-based anti-spam service that incorporates all the techniques required for effective filtering. Our cloud-based anti-spam service has a verifiable spam detection rate of 99.97% – with a low false positive rate of only 0.03% – and, using dual antivirus engines provided by Bitdefender and ClamAV, a verifiable malware detection rate of 100%, with all email filtering in the cloud.
Having developed email and web security solutions since 1999, we know the importance of versatility and ease of use. Therefore, our cloud-based anti-spam service has been deliberately designed to make the application and adjustment of email filtering policies as straightforward as possible. It is also possible to customize our suite of reporting options to get the data you want when you want it and to automate reports and alerts.
We are also aware of the importance of protecting a business´s IP reputation, so outbound scanning is included in our cloud-based spam filtering service as a standard rather than offered as a premium add-on service for many cloud anti-spam services. We offer a competitive range of subscription and pay-as-you-go options with no added extras or premiums to worry about. The pricing policy is transparent, so you will not have any nasty surprises, and licenses can be adjusted up and down easily. You can learn precisely how much the entire SpamTitan Cloud-hosted spam filtering service will cost by visiting our “Instant Quote Calculator.”
Our Hosted Spam Service for MSPs and Resellers
Our hosted spam service is not only an effective filtering solution for businesses. SpamTitan Cloud supports an unlimited number of users and domains, and it is a fully multi-tenant solution, making it an ideal option for Managed Service Providers (MSPs) and resellers. MSP-friendly features include supplying the solution as a white label to allow MSPs to add their branding and a full suite of APIs to incorporate the solution into back-office management systems.
SpamTitan Cloud can easily be incorporated into an MSP’s service stack and offered as a stand-alone solution or as part of a security package. With SpamTitan Cloud…
- No end-user software installations are required.
- There are no bandwidth-per-client limits.
- Multiple clients can be managed from the same portal.
- A choice of hosting options exists – our cloud, a private cloud, or within your cloud.
To find out more about our hosted spam service for MSPs, do not hesitate to download our MSP Program brochure. Alternatively, to discuss our competitive pricing strategies and aligned billing cycles, you are invited to speak with our sales team at +1 813 304 2544, who will also be able to provide more information about becoming a SpamTitan Certified Partner.
Your Invitation to Try Our Cloud Spam Filter for Free
Not all cloud-based spam filtering is created equal. We believe the SpamTitan cloud-based anti-spam service provides you with highly effective filtering, it is easy to manage, and the service is provided at a highly competitive price point.
If you would like to put our claim to the test, we invite you to take a free trial of SpamTitan Cloud to evaluate our cloud-based anti-spam service in your environment. Starting your free trial takes minutes. Register for the free trial by entering your business email address, and details of redirecting your MX record to our servers will be sent to you. Alternatively, call us, and we will talk you through the process.
During your trial, you are welcome to call us and have your configuration of SpamTitan Cloud reviewed by a seasoned engineer, who will make suggestions and recommendations as necessary. At the end of your trial, if you are happy with our cloud spam filter, no reconfiguring is required. You opt for the subscription plan most suitable for your business, and you will continue getting the same excellent protection.
Frequently Asked Questions (FAQs)
What is sandboxing?
Sandboxing is a process in which emails are sent to an isolated environment where they and their attachments can be subjected to deep analysis. If an email or attachment is scanned by the AV engine and determined to be threat-free, it is sent to the sandbox for further analysis. Sandboxing is essential for identifying new malware threats that have yet to have their signatures added to the AV engines.
Why is DMARC Important?
DMARC is essential because it is a validation system for email that protects against email spoofing. When an email is sent using a company’s domain, DMARC checks to ensure the sender is authorized to send emails from that domain. If the sender is authenticated, the email will be delivered. If not, the email will be blocked. DMARC can identify and block email impersonation attacks.
Will a cloud-based anti-spam service block all spam and malicious emails?
No cloud-based anti-spam service can block all spam and malicious emails because the nature of threats is constantly evolving. A good spam filter will block over 99.9% of spam emails and 100% of known malware. Sandboxing is used to identify new malware that has not been seen before, and machine learning mechanisms can identify new phishing threats.
Why might I need to set different spam thresholds for other users?
You might want to set different spam thresholds for other users if some users have access to sensitive information or are more susceptible to email-borne threats. One set of spam filtering rules for everyone may not work very well in practice if – for example – aggressive settings are preventing members of the sales team from receiving leads via email. Therefore, cloud-based anti-spam services allow administrators to set different spam thresholds for other users.
Does outbound email scanning protect against data theft?
Outbound email scanning can protect against data theft via a data loss prevention capability. SpamTitan allows you to tag certain data elements and block attempts by employees or threat actors who have compromised a mailbox from sending labeled data to external email addresses. Rules can also be set to scan outbound emails for malware and phishing emails. By selecting these rules, you will prevent accidental and deliberate data leaks and protect against IP reputation damage.
What is the difference between a cloud-based anti-spam service and an on-premises service?
The difference between a cloud-based anti-spam service and an on-premises service is that it routes incoming emails through the service provider’s software before sending them to the organization’s mail server. In contrast, an on-premises service is usually integrated with the mail server. Additionally, with a cloud-based anti-spam service, the service provider is responsible for maintaining the service and keeping threat databases up to date. With an on-premises service, the responsibilities are all in-house.
What are the benefits of using a cloud-based anti-spam service?
The benefits of using a cloud-based anti-spam service include reduced email server load, improved email system performance, enhanced spam detection accuracy, and automatic updates to combat evolving spam techniques. Additionally, many cloud-based services include email continuity features that allow users to access and send emails even when their primary email server is unavailable.
Are cloud-based anti-spam filters suitable for businesses of all sizes?
Cloud-based anti-spam filters are suitable for businesses of all sizes as they provide scalable solutions to manage varying email volumes. However, due to the administrative overhead of configuring anti-spam filters, monitoring filtering output, and understanding the suite of reporting options, it can sometimes be better for a small business with limited resources to subscribe to an anti-spam service via a Managed Service Provider.
Can a cloud-based anti-spam service protect against phishing attempts?
A cloud-based anti-spam service does protect against phishing attempts by checking URLs embedded into emails against databases of known phishing sites. Additionally, SpamTitan includes a point-of-click check to ensure that a link that has previously passed inspection has not subsequently been weaponized. However, the best way to protect against phishing is to increase user awareness and reduce their susceptibility to clicking on phishing links.
How does a cloud anti-spam service provide real-time threat intelligence?
A cloud anti-spam service provides real-time threat intelligence through machine learning and real-time database updates of reported threats. Because that cloud anti-spam services must be equipped to detect and block the latest spamming techniques and emerging threats quickly, it is essential users are trained to report – rather than delete - any spam emails or email threats that avoid detection.