Did you know that 84.57% of the email volume worldwide in October 2020 was spam? That’s a staggering 242.42 billion spam emails per day.

Without the right set of spam filters in place, you may see more spam landing in your organisation’s inboxes than you should.

Spam is not only a waste of mailbox space for organisations, it can be malicious, too. While plenty of spam mail is designed to encourage you to purchase unwanted or dodgy looking products, other spam messages can be from people trying to defraud your organisation, install malware on your systems, or obtain precious company IP. While you can set up email filtering on your mail server, it may oftentimes not be enough on its own to protect you from spam.

Cloud services

Whether you’re hosting your email on-site, via an on-premises Exchange server, or you’re running O365 in the cloud with associated mail, you can use cloud spam filtering services to help eliminate spam and malicious emails from your company’s inboxes.

Whereas on-site hardware and software can often be recommended if you host your email server onsite (covered below), cloud-based spam filtering services hide away the installation, space, and computing power (or specific hardware requirements) – leaving that up to the vendor. On your end, all you’ll need to do is configure your settings to make the mail server work with the filter.

The major recommended cloud spam filter vendors in the market currently are Barracuda Essentials, Proofpoint Email Protection, and Mimecast Email Security.

Hardware devices

Believe it or not, you can purchase anti-spam hardware. That’s right, not all spam filtering solutions are software-based. Having an on-site hardware-based spam filter actually makes sense – before an email hits your systems, it needs to pass all the filters on the hardware, meaning complete isolation from your systems and no chance of ‘poisoning the waters.’

Barracuda, for example, still offer physical email filtering devices for use on-site. These devices must be managed and maintained to remain useful over the years. This is why cloud-based email filtering (sometimes with a company’s own specific hardware) is often used instead of on-site physical hardware these days.

Software-based filters

You can stack other software-based filters on top of your regular mail server filters, too. You may even have extra built-in filters in your email service already. If you use O365 then you can use the Advanced Spam Filters in this product.

Software-based filters are on-site software solutions that add an extra layer of protection before mail hits your email filter. While they are less expensive than hardware solutions, they also require you to install and manage the software on-site.

These type of solutions sit between an organisation’s firewall and their email server. SpamTitan Gateway is an example of such a software product.

Education of staff

As always, when it comes to security, your employees are your last line of defence when it comes to inbound emails. With phishing becoming more complex and changing at a breakneck speed, sometimes these emails are not caught by filters.

The phishing email that lands in an employee’s inbox after slipping through your filters may not be identified as malicious if they haven’t had proper security training and up to date, regular briefings about new tactics.

You can choose from online security awareness training packages, develop your own, or have an outside provider brief staff regularly.

On-demand services

SPF, DKIM, and DMARC configurations

SPF

SPF = Sender Policy Framework. This protocol matches IP addresses to domains to check whether the IP address used to send the email is linked to the domain. Malicious senders try to piggyback off legitimate domains by trying to send emails from the domain, but from their own mail servers. Using SPF, any mail sent from an IP address not listed in the SPF record on the domain gets bounced or given a soft fail (sent to Spam), given the mail filtering configuration. If you are setting up your own incoming filtering, make sure to include SPF.

If you are looking to configure your own domain and legitimate IPs (to prevent spammers from emailing from your domain), you will need to alter the SPF TXT record to include all the IPs you send from.

For example, you may configure it as such:

v=spf1 ip49.75.210.0 ip6:ea83:d11f:3570:b33b:4bf2:fbe4:c2c8:e52b

Or, if you are fully hosted with O365:

v=spf1 include:spf.protection.outlook.com -all

DKIM

DKIM = Domain Keys Identified Mail. This is another technique to match legitimate senders to a domain. A DKIM signature is a digital signature that confirms sender identity via an encrypted header attached to the email. It also proves that an email hasn’t been altered along the send path. The signature is verified by a public key in the DNS. Ensure that DKIM is on in your email filtering solution for heightened security – either to bounce non-DKIM emails or to send them to the Spam folder.

If you want to use DKIM for your outgoing emails, you will need to choose a DKIM selector (a name with the type of email), generate a public-private key pair, then publish both on your domain with the DKIM TXT record. For example:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com; s=mail; t=1606089654; bh=TGV0J3MgZ28gdG8gdGhlIGJlYWNoIQ== h=From:To:Subject:From; b=RnJvbTpUbzpTdWJqZWN0OkZyb21MZXQncyBnbyB0byB0aGUgYmVhY2gh

DMARC

DMARC = Domain-based Message Authentication Reporting and Conformance. DMARC is a policy that first requires either (or both) SPF or DKIM checks to pass first. It combines SPF and DKIM then adds its own ‘alignment’ – checking the sender domain name in the From: field. The From: field’s domain must match the “return-path” from SPF – the address of the server which hosts the SPF Record. This is DMARC alignment for SPF. Similarly, in DKIM, the d= field (here, mydomain.com) must match the From: field’s domain to have DKIM alignment. Either SPF alignment or DKIM alignment (or both) need to be successful to pass DMARC. It is simply another step to layer to ensure better email security. This may be enabled (and configured to with or both SPF and DKIM) in your domain’s DNS settings to either quarantine messages or reject them. Sub-domains can also be configured.

DMARC can be set up under your DNS setting by applying the following DNS TXT entry:

v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com

This means reject all emails not passing DMARC, and send reports about DMARC activity to dmarc@yourdomain.com. You can check more detailed DMARC flags at ‘Add your DMARC record.’

Need expert help with your email protection solution?

We can help determine which is the best spam filtering solution for your current email setup, or help in upgrading your solution to something more modern and secure. Whether it’s a hardware, software, or cloud filter, we can help determine which vendor and service will work best for you – plus we can even offer email security training for your team. Drop us a line at A1 Technologies to get started on beefing up security for your email systems.