A mail exchange spam filter, also known as an MX spam filter, is an essential security measure that prevents unwanted and malicious spam emails from being delivered to end users.
Spam and malicious emails are one of the top ways malware, ransomware, and credential theft occur. The Anti-Phishing Working Group (APWG) captures trends in spam and phishing and has found an upwards trend, with the highest-ever phishing levels recorded in late 2022. This is confirmed by Deloitte researchers, who found that 91% of cyber-attacks begin with a phishing email.
Cybercriminals who exploit spam to infect networks and steal data are changing tactics. Cisco's Talos Intelligence has identified spam morphing, including the banking trojan, IcedID, that was previously used to steal financial data and is now used to deliver ransomware and steal credentials. Massive cyberattacks that started with a spam email include the ransomware attack on the U.S. oil pipeline system, Colonial Pipeline, in 2021. The attack affected the entire U.S. Southwest. A stolen password, likely compromised through a spam email, was to blame.
A simple click on a malicious link, the opening of an infected attachment or the navigation to a compromised website will lead to a compromised device and network. Security awareness training can help train employees about spam email risks. However, a belt and braces approach uses an MX spam filter so that malicious emails are not delivered to employees in the first place.
Did You Know?
SpamTitan's spam catch rate
a ransomware attack occurs
the average cost to manage spam per person without an email filter
of all email is spam
How Does an MX Spam Filter Work?
When a domain name is registered, it is associated with several DNS Records that allow your domain to be located on the internet. The DNS Record includes an MX Record (mail exchanger record) that routes emails to a specific mail server and can prioritize email delivery if there is more than one mail server available. Once directed to the correct inbound mail server, the message will be directed to the employee's mailbox, e.g., Office 365 Mailbox.
An MX filter redirects email traffic to an email server set up to act as a spam filter. This spam filter will check inbound emails and sometimes outbound emails. As such, all emails are directed through the service provider's spam filter server. The spam filter uses specialized software to conduct a series of intelligent checks on inbound (and sometimes outbound) emails to determine the email's legitimacy. If the checks find spam it is automatically quarantined, deleted, or rejected.
Email found to be malware-free and not spam is delivered to the inbound email server of the recipient organization and, from there, directed to the intended recipient's inbox. This fast process helps reduce the load on an organization's inbound email server. MX Spam Filters ensure that employees receive clean, malware-free emails. However, they are also sensitive enough to ensure that legitimate emails are unhindered.
MX Spam Filters are most often cloud-based as they can offer centralized control for organizations looking to block spam email messages for all employees, including remote workers. In addition, MX Spam Filters require no additional hardware installs, and no other software is needed on servers, devices, or PCs.
Three Steps to Introduce an MX Spam Filter to your Organization
The steps to filter spam are simple, and all that is required is to:
- Sign up for an MX Spam Filter with a suitable provider
- Make a small change to the MX record on the inbound email server
- Configure the solution to suit your organization’s needs
The whole process only takes a few minutes.
How Does an MX Spam Filter Detect Spam and Malware?
MX Spam Filters must be able to differentiate between a legitimate email and a spam email quickly and accurately. An MX Spam Filter uses an anti-spam engine that uses several techniques to identify spam emails. This anti-spam engine needs to use a collection of increasingly granular spam checks to ensure that evasion techniques used by spammers are not successful. There are up to five techniques applied by an MX Spam Filter:
- Real-Time Blacklists and SURBL filters: cross-checking the sender's email address and IP address against global blacklists of known spammers.
- Greylisting: MX Spam Filters also use a technique known as ‘Greylisting.’
- Sender Policy Frameworks: detect spoof emails disguised as genuine emails.
- Bayesian analysis: used to calculate the likely probability of an email being spam.
- Antivirus: an antivirus engine analyzes email attachments and detects embedded hyperlinks in emails. An anti-phishing component is part of some advanced Spam Filters.
One typical way data is exposed via email is by accidentally sending an email to the wrong recipient. This was found to be a prevalent security problem in healthcare and financial services.
What is Greylisting?
Greylisting is a second layer of protection used to increase detection rates above and beyond blacklist checks. Suspicious emails are returned to the outbound mail server, and a re-send request is made. The message is categorized as spam if the request is denied or if the email is not re-sent within a set time. Because spammers often generate vast numbers of spam emails, and because outbound mail servers do not tend to process these requests to re-send the emails, Greylisting is particularly effective at blocking emails sent from unknown IP addresses and email accounts that are not yet part of global spam blacklists. As such, Greylisting is an ideal middle ground to prevent spam, as legitimate email addresses and domain names can be added to a safe list.
Because spammers constantly change IP addresses and email addresses to fool spam filters, having multiple layers of spam detection helps to increase spam detection rates.
SpamTitan Cloud – The 100% Cloud-Based MX Spam Filter from TitanHQ
SpamTitan is a cloud-based MX Spam Filter that provides advanced email security designed for all sizes of enterprises and can be delivered by an MSP. SpamTitan requires no hardware purchases or software installations and is a highly scalable anti-spam solution for all-sized organizations.
SpamTitan is quick and easy to install. All that is required for effective email spam filtering is to configure your organization’s MX Record to be updated to redirect messages to SpamTitan’s mail server for checking before sending them back to the appropriate mail server and onto the user’s mailbox.
As well as checking inbound emails for malicious intent, SpamTitan also assesses outbound emails for spam and malware to prevent your corporate domain, IP addresses, and emails from being added to spam blacklists.
Management and configuration of SpamTitan are simple and intuitive. The solution is managed through a web-based interface, and accessed from any internet-connected device. In addition, SpamTitan offers a full suite of reporting and monitoring features.
SpamTitan uses all layered techniques to block spam, including intelligent technologies such as AI. Features of SpamTitan include:
- One of the most cost-effective anti-phishing solutions on the market
- Easy deployment and configuration
- Can be delivered by a managed service provider (MSP)
- Automatic updates pushed out to end-user devices
- Easy to administer using a central web console
- Supports existing identity systems and robust authentication
- Fully cloud-based, no hardware or endpoint software needed
- Collaborative spam fingerprint and real-time checks based on “community intelligence“ from over 650 million users
- Advanced threat detection using AI
- Multi-layered email protection to prevent modern threats
MSPS and SpamTitan
Managed Service Providers (MSPs) and resellers can deliver exceptional MX Spam filtering to clients via SpamTitan.
SpamTitan Cloud can be white-labeled to reflect custom branding. The solution can also be easily integrated with third-party management tools using TitanHQs APIs. SpamTitan is available with a variety of hosting options, including hosting via an MSPs own infrastructure or in a private cloud.
SpamTitan has won thirty-five Virus Bulletin (VB) Spam Awards and nine VB+ Spam Awards for achieving spam detection rates greater than 99.9% – often with 0% false positives (genuine emails incorrectly quarantined as spam).
TitanHQ offers SpamTitan on a free, no-obligation 14-day trial basis. The trial, comes with complete customer and technical support, with no obligation to purchase a license at the end of the trial.
Susan Morrow
- DATA PROTECTION
- EMAIL PHISING
- EMAIL SECURITY