Cloud Based Anti Spam Service

A cloud based anti spam service is an email filtering solution available via in the cloud rather than on a physical appliance or on-premises software installation.

As is the case with most software-as-a-service (SaaS) solutions, a hosted spam filtering service is available on demand, has few maintenance overheads and requires no capital investment.

Despite being hosted in the cloud, companies utilizing a cloud based anti spam service retain full control of their email filtering policies and can change those policies by individual user, user-group or business-wide, through integration with directory services like AD. As opposed to appliances and software downloads, configuration is quick and quick and simple, just requiring a simple amendment to your MX record.

Within this article, we explain the advantages of a cloud based anti spam service, describe in more detail how a hosted spam filtering service works, and see the features an anti spam cloud filter should include in order to achieve the best spam detection rates.

There is a major difference between spam filtering and thorough spam filtering. According to the latest industry statistics, 269 billion emails are sent daily and nearly half of these are spam – unwanted and unsafe emails that can harbor malware and ransomware, or try to obtain sensitive data such as usernames and passwords (phishing emails).

Standard email filters detect around 97% – 99% of spam emails depending on the “acceptable spam thresholds” applied by system administrators. Messages classified as spam are either rejected, quarantined, or flagged to the end user as spam, depending on the policies included in the spam filter. The remaining 1% to 3% of spam emails are delivered to end users´ mailboxes, with the following potential outcomes:

The Possible Consequences of Unseen Spam Email
Productivity Loss The expense of managing spam emails that avoid detection has been calculated at $285 per employee, per year, once linked IT costs are taken into account (bandwidth, storage costs, etc.).
Malware Infection According to the most recent intelligence reports, one in every 359 emails harbors malware – malicious software that can vary in severity from adware and spyware, to Trojans, worms, and rootkits.
Ransomware Coveware reports the average ransom payment was $84,116 in Q4, 2019, although ransom payments over $1 million are common. But that is just a fraction of the total cost of remediation. With a mean downtime of 16.2 days, reputation damage, and data loss (even when the ransom is met) the overall cost runs to hundreds of thousands of dollars at best, and in some instances several million.
Phishing Emails The FBI calculates phishing and BEC attacks lead to more than $1.7 billion in losses in 2019 in the United States, and those are just the scams that were made known to the authorities
Loss of Reputation Some malware strains have the ability to steal end users´ email details, and accounts are used to send spam from the company’s mail server – potentially harming its IP reputation (see “Outbound Scanning“) and phishing attacks usually see email accounts hijacked and used to share phishing emails and malware. The reputation of the company can take a massive hit and brand damage can take a long time to retrieve.

By comparison, effective spam filtering results in spam detection rates of up to 99.97% depending on the “acceptable spam thresholds” applied. By cutting the amount of spam emails evading detection, end users spend less time managing unwanted and unsecure emails – thus increasing productivity – and businesses can greatly improve their security posture and prevent expensive cyberattacks and data breaches.

The reason why such a high percentage of spam emails evade detection is because spammers are continuously devising new ways to penetrate email security mechanisms. Due to the increasing sophistication of spam, modern antispam solutions take a dynamic approach to email filtering that incorporates highly effective filtering techniques. These include:

  • Domain Name Server Blackhole Lists (DNSBLs) compare the IP addresses of inbound emails against those of recognized and suspected sources of spam, and reject, quarantine, or flag any that come from an IP address with a poor reputation.
  • Sender Policy Frameworks stop the sending of “spoofed emails” by checking the domain names to ensure they are authentic and that the supposed sender of the email is authorized to share emails from that domain. This is an excellent filtering technique to reduce phishing emails and prevent email impersonation attacks.
  • Content Analysis Tools review email headers and email content of inbound messages and allocate a “spam score”. If the preset spam tolerance level is exceeded, the messages are quarantined or rejected. These tools also include machine learning, and learn from previous false positives and false negatives and get better as time goes on.
  • Recipient Verification Protocols compare the recipient addresses of inbound emails to ensure they match a genuine mailbox (i.e. j.doe@xyz.com, sales@xyz.com, etc.). Those that do not match an authentic mailbox are rejected or quarantined.
  • URIBL and SURBL Filters spot malicious URLs that link to websites known to be harboring malware or phishing kits.
  • SMTP Controls carry out a number of tests to authenticate the source of emails. These tests can include reviewing the originating email´s MX record, confirming qualified MAIL FROM commands, and checking for digital signatures (a good way of reducing “false positives”).

Some – but not all – antispam products also have the option of activating the Greylisting process. This is a filtering method which returns emails to the originating server with a request for the emails to be sent again. Hackers’ mail servers often ignore the requests, as they are too busy sending spam to reply, and the spam email is never sent back. This technique is the most effective way to stop spam from IP addresses and domain names that are “not yet known” to DNSBL, URIBL and SURBL filters.

Although hardware and software-based email filters still are available, cloud based spam filtering is the natural progression to these high maintenance filtering solutions. It is much easier and more cost-effective for groups to connect their mail servers to a cloud based anti spam service than it is to install hardware or software-based solutions, manage and update them.

Additionally, as the filtering process is carried out in the cloud, the demand for CPU resources occurs in the service provider´s data center rather than on the company’s infrastructure. That means more filtering techniques can be incorporated into the cloud spam filter, leading to more effective filtering without negatively affecting network performance.

Cloud based spam filtering can be used with all operating systems and infinitely scalable. It allows businesses to adjust their contracts with service suppliers as the number of users changes.

Linking a hosted spam filtering service takes just a few minutes and involves sending the mail exchange (MX) record to the service provider’s filtering service. Following this, the filtering process is conducted in the cloud, software updates are undertaken by the service supplier, and the only configuration required is to meet the business´s monitoring and reporting obligations.

Normally, a hosted spam filtering service integrates with LDAP and Active Directory so email filtering policies can be set with the click of a mouse for different user groups and departments. Thereafter, new policies can be applied – or existing policies changed – using a web-based portal through which spam filtering controls are managed for the entire group without the need for any per-device agents to be added.

From the web-based portal, administrators can whitelist approved senders, apply “acceptable spam thresholds”, review real-time activity on the mail server, and set activity and quarantine reports. Administrators can also connect with their service suppliers using the web-based portal so a secure channel can be created for troubleshooting any issues with the hosted spam filtering service.

Many of the mechanisms an antispam cloud filter should incorporate to result in effective filtering have already been mentioned previously (Domain Name Server Blackhole Lists, Sender Policy Frameworks, etc.). However, there are other crucial things to think about when choosing an antispam cloud filter or other email filtering solution.

Adequately handling the volume of email arriving in a large business can be difficult without a versatile and easy to use solution. A cloud spam filter should therefore include granular controls and be easy to use. For example, a company may wish to apply a higher acceptable spam threshold for its finance team than its sales team, so as not to prevent sales inquiries while ensuring maximum protection for the finance department which is often extensively focused on by hackers.

Most businesses will already be protecting their networks with antivirus software; but the benefit of including antivirus software in an antispam cloud filter is that viruses can be caught and blocked at source, rather than with a retrospective virus scan – by which time damage may already have been caused. As with the filtering process, the virus scanning process is conducted in the cloud to avoid draining the resources of on-premises CPUs. Solutions that include dual antivirus engines offer greater protection as they maximize the chance of detecting known malware. Sandboxing is also important for detecting new (0day) malware threats that have yet to have their signatures added to the virus definition lists used by AV engines.

Outbound scanning is a vital feature as it spots spam, malware, and phishing attacks sent by malicious insiders and through impacted mailboxes. Outbound scanning is one of the ways that successful phishing attacks are discovered, permitting swift action to be taken to remediate the attack. If outbound mail is identified by other spam filters as having a high spam score, it can damage a business’s reputation.