Part 5 of 9 - Spam Filtering

How To Secure Your SMB Network – Part 5 of 9 – Spam Filtering

Philip Banks Security 2 Comments

Welcome to How To Secure Your SMB Network! This is part 5 of a 9 part series that discusses our approach to Network Security and how we secure client networks. As you will see there are many facets that go into creating a secure network. Think of it as puzzle with each piece playing an important role. The days of installing Norton Anti-Virus on your computer and thinking you are safe are over.

What Is Spam Filtering

Spam Filtering is essentially separating the “good” email from the “junk” email. It’s the same thing you do when you get home from work; stand over the trash can with that day’s mail. You filter the junk into the trash can and you keep the important items.

Spam email can be overwhelming without effective filtering. Estimates indicate that spammers send over 14.5 billion spam messages daily. In addition, some estimates indicate that 73% of all email traffic is spam. These aren’t just advertisements for the next gadget or miracle pill, these messages often contain malware, viruses, or phishing scams.

Spam is also very costly to a business. Without effective spam filtering, employees can spend significant time simply identifying and deleting spam. Nucleus Research Inc. did a study that found spam costs U.S. companies over $71 billion per year in lost employee productivity.

 How Does Spam Filtering Work

Spam Filtering is the process of identifying unwanted or potentially dangerous email messages and preventing them from reaching a user’s inbox. Effective spam filters will look at many different data points and then use an aggregate score to identify spam.

Filters look for many things, for example certain key words can raise the red flag, country of origin, language, along with attachments can also cause a message to be identified as spam. Most filters now use the Sender Policy Framework Record or SPF Record. The SPF Record tells the spam filter which email servers are allowed to send email for a particular domain. For example, if the spam filter receives a message from john@example.com, the filter will check the SPF record for example.com. The SPF record will indicate the email server named mail.example.com is the only server that sends email for example.com. If the spam filter detects that this email message came from a server other than mail.example.com it would be identified as spam.

Types of Spam Filters

There are many different types of spam filters. We’re going to take a look at Cloud Based Spam Filters, Software Based Spam Filters, Anti-Spam Appliances, and Built-In or Existing Spam Filters.

Cloud Based Spam Filters

Cloud Based Spam Filters work by redirecting all mail destined for your inbox to a spam filter based in the cloud. After processing the Cloud Based Spam Filter will then pass the relevant email messages onto your inbox. The major advantage of Cloud Based Spam Filtering is that all of the processing is done outside of your network. This means the spam never even reaches your network before it is discarded by the Cloud Based Filter. Many Cloud Based Filters feature quarantines which allow you to see the detected spam and (if misclassified) release the message to your inbox. Another common feature is Archiving. If there are network interruptions that are preventing your servers from connecting to the spam filter, the spam filter will queue your email and deliver it when connectivity is restored.

Software Based Spam Filters

Software Based Spam Filters typically run on a server in your office. Incoming email is directed to the Software Based Spam Filter for processing. Mail that is deemed relevant is then passed onto your in-house email server which handles delivery to your inbox. In this case, all email enters your network, but it is processed before it ever gets to your in-house email server. Common features of Software Based Spam Filters include a quarantine and the ability to release misclassified messages to your inbox.

Anti-Spam Appliances

Anti-Spam Appliances are hardware devices with the sole purpose of identifying spam. These appliances typically look like network switches and routers that are in the network rack in your server rooms/closets. Anti-Spam Appliances are usually on the perimeter of your network (or just inside of your firewall), giving them the ability to inspect and process every incoming message before it reaches the rest of your network. Some Anti-Spam Appliances can take on dual roles of both a firewall and a spam filter. A major advantage of an Anti-Spam Appliance over a Software Based Spam Filter is that your server is not having to do the processing, this frees up resources for other jobs.

Built-In or Existing Spam Filters

Built-In or Existing Spam Filters are simply the spam filters that come with existing email products. For instance, if you have an in-house Microsoft Exchange server, there is built in spam filtering inside of Exchange. The same is true for most web based email services (GoDaddy, Google Apps, Office 365 etc). These products feature their own Spam Filters. In my experience, these filters are much less robust and less configurable than any of the other options mentioned here. A good practice would be augment your built-in/existing Spam Filters with one of the other mentioned options. Let the Cloud Based Filter, Software Based Filter, or Appliance do the “heavy lifting” then pass along the clean email to your built-in/existing spam filters.

How To Secure Your SMB Network – E-Book

How to Secure Your SMB NetworkThis is the fourth part of a nine part series that details How To Secure Your SMB Network. Every Wednesday we will post a new section that gives details and examples on how Banks Technology Services secures out client’s networks. We have compiled all of this information into into an EBook which you can download for free. The E-Book contains additional information, real world examples, and is updated as new technology emerges. To receive your FREE copy, head on over to the How To Secure Your SMB Network page.

 

 

 

 

How To Secure Your SMB Network Blog Series

Part 1 – Network Security Principles
Part 2 – UTM Gateyway
Part 3 – Content Filtering
Part 4 – Software Restriction Policies
Part 5 – Spam Filtering
Part 6 – Endpoint Security
Part 7 – Patching
Part 8 – Administrative Rights
Part 9 – Conclusion
Philip BanksHow To Secure Your SMB Network – Part 5 of 9 – Spam Filtering

Comments 2

  1. Pingback: How To Secure Your SMB Network - Part 1 of 9 - Network Security Principles - Banks Technology Services

  2. Pingback: How To Secure Your SMB Network – Part 3 of 9 – Content Filtering - Banks Technology Services

Leave a Reply

Your email address will not be published. Required fields are marked *