When you are considering the differences between an anti-spam server and a mail server you may encounter some difficulty.
Historically, an anti-spam server has been thought of as a mail server with email filtering software standing like a doorway between the mail server and the firewall. Currently, an anti-spam server can also be located in the cloud, with the email filtering software linking it to the mail server using the MX record.
In some cases the term anti-spam server is connected to the process that filtering involves at server-level, rather than at each workstation individual device (“client”) on the network is it protecting. When it is installed at server-level there is less management involved than at client-level filtering. Server-level also allows the network to manage more visibility in relation to network behavior. For this reason an anti-spam server will provide you with a higher level of security in the face of cyber attacks like phishing, malware and ransomware compared to a mail server.
An added bonus to an anti spam server is that it involves much less management on behalf of your own employees. Firstly, less spam emails mean that there will be less spam email to have to filter through and mark as maliciou. This is important as it has been shown that it can take an average employee four seconds to tackle every spam email that they are sent. So at a rate of 12 spam emails per day an employee will end up spending approximately 192 minutes per year dealing with spam emails.
As spam email is the main attack vector of cybercriminals the majority of businesses choose to implement third-party email filtering software in order to assist the email detecting capabilities of the default filtering mechanisms and transform their mail server into an anti spam server. Third party email filtering software can also be good, bad or indifferent when it comes to spotting spam emails.
A previous test, involving researchers broadcasting 127,800 spam emails through a number of different spam filters within a one-week period, has indicated that he average spam detection rate between the top ten performing spam filters was 96.86% – meaning that, on average, more than 4,000 spam emails were not spotted by the spam filter that was in place.
Most large organizations would register email figures well in excess of 127,800 spam emails every week. A lot of these emails will be spam emails known as “spoofing”. This is when a hacker designs an email to appear as though it is coming from a trusted source – such as a bank, a solicitor or even internally. If you are not using greylisting (see below), then a spoofed email has a good chance of breaking through your defenses.
Greylisting is a front-line security tactic that first rejects all inbound emails being sent from external mail servers with a request to send the email again sent to the originating server. Typically spam servers are not SMTP-compliant and there is little chance that the email will be returned. In the event a spam email is sent again as spam the second levels of security are likely to spot it on this occasion, it is highly likely to be identified and blocked by a second-line test.
The strongest security against spoofing is to deploy three front line mechanisms – HELO tests, DKIM tests and DMARC tests. These authenticate the identity of the sender of the email using a Sender Policy Framework. This will prevent spoofing emails except those that are sent from an infiltrated internal email account.