We have compiled our anti-spam tips to help individuals and organizations who, however hard they try, continue to encounter pests such as spam mail every day. Many of these tips also help fend off threats such as malicious malware or other email-borne threats.
Some of these features offered by us should be present by default but not all of them are. Others involve measures you can include yourself. Therefore, it is in your best interests to find out what anti-spam tools you have, what you need and what you could replace or adjust.
1: Make Sure the Filter´s Realtime Block List (RBL) Updates in Real Time: No matter what third-party spam filter you have, you will most likely be using a Realtime Block List or RBL. An RBL is a blacklist for IP addresses already known to be previously sending out spam mail and is present in every type of email filter, from Outlook to Yahoo and beyond.
The RBL compares all incoming emails to this blacklist and rejects those who appear on that blacklist. Usually, the RBL will block 70%-90% of all incoming mail. If you receive a very high number of emails regularly, chances are that your RBL is not updating as it should and it is recommended you see technical advice.
2. Activate Recipient Verification Inspection: Recipient Verification Inspection checks that each inbound email is addressed to a valid recipient. Spammers often use addresses like “[email protected]” or “[email protected]” in order to get said emails opened by unsuspecting end-users — possibly loading malicious malware onto your network or creating a response from an end-user that could result in a breach of confidential information. Recipient Verification Inspection can be activated by uploading your valid email addresses to your mail server or spam filter.
Similar to the two tips for eradicating spam emails given above , Recipient Verification Inspection rejects spam email before it is downloaded, reducing the load on your email server and saving bandwidth.
3. Engage SMTP Handshake Protocols: SMTP controls perform a variety of uses and first-line tests. The most important of which is the “SMTP Handshake”, in which your incoming mail server will search for a HELO command, a Fully Qualified Hostname or a Resolvable Hostname. By engaging SMTP protocols your email filter will reject any email coming from an address lacking a DNS A or MX record.
This process requires a minor adjustment to your email server or spam filter, but it may be necessary for you to create a whitelist of approved senders for suppliers or customers with incorrectly configured email servers to allow their emails to be accepted. Unfortunately, this is one of our anti-spam tips unsuited for Managed Service Providers.
4. Block (or at least Quarantine) Potentially Dangerous Attachment Types: A majority of computer users are aware of the dangers downloading .exe files hold, so spammers rarely send malware via an attachment with an .exe extension. Instead they hide the payload file inside an image, spreadsheet, document, PDF file or change the extension name to circumnavigate filtering mechanisms.
It is impractical of blocking all attachments that could harbour malware but with MIME filtering software you can block attachments commonly associated with dangerous code (.exe , .bat , .scr etc.) and separate other that would usually be sent and received via secure file sharing facilities like Dropbox and GoogleDrive.
5. Scan Inbound Mail for Malicious URLs: As well as holding harmful viruses, incoming email can contain links to exploited websites and websites made to create phishing campaigns.
Therefore, one of our anti-spam tips for reducing risk from web-borne threats is that, no matter inbound mail anti-virus software you own, make sure it has malicious URL blocking and phishing protection. (TIP: Not all antivirus software performs these functions.)
Dangerous URL blocking and phishing protection uses “URIBL” and “SURBL” protocols to compare links inside emails against a global blacklist of domain names regularly found in unsolicited bulk mail and already known phishing sites. These mechanisms reject any email containing a dangerous URL or link to a phishing website to defend your organization from fraud and/or threat.
6. Scan Inbound and Outbound Mail for Viruses: Of course, all individuals and organizations alike will have some form of anti-virus software already guarding their network, but even so, proprietary anti-virus software usually works retrospectively — identifying malware only once it has been downloaded. Consequently, it is recommended that you implement secondary anti-virus software to scan incoming and outbound emails.
The vitality of scanning outgoing mail (for spam and viruses) is that a few system admins set their spam filters parameters to “over-zealous”. If emails coming from your IP address are too frequently identified as being infected (or containing spam), you could find the IP address added to a Realtime Block List and all your outbound emails rejected by their recipients.
7. Set an Appropriate Acceptance Threshold: It was mentioned previously that some system admins set their spam filters parameters to “over-zealous”. Though this may be a small overstatement, other organizations will have differing spam tolerance depending on the nature of their business. Spam filters assign a score to each incoming email based on its content, and it is up to system admins to determine the correct score.
Finding the best possible level of filtering to eradicate spam and false positives to a minimum level can take a little trial and error. Most vendors of spam filtering solutions and service providers allow organizations a trial period to evaluate the solution/service. You should use this time to find a suitable acceptance and fine-tune as necessary to become as familiar as possible with the filter.
8. Ensure Your Spam Filter Uses Bayesian Analysis: Bayesian Analysis is a tool based on a spam pattern library that finds trends in spam emails. A spam pattern library contains a large database of recent and previous spam provided by the spam-fighting community, and Bayesian Analysis uses this data — With possibly harmful attachment types and identified dangerous URLs — to decline emails falling under an acceptance threshold.
Instead of being a static mechanism, Bayesian Analysis “learns” to recognise new spamming techniques and “forgets” older spam patterns that could potentially block legitimate emails. The analysis can be bettered if you correct false positives (legitimate emails rejected/blocked by mistake) as they occur, and tell your end-users to tag any spam that gets past your filter.
9. Block New Sources of Spam with Greylisting: We have saved one of the most important tips for defending against spam emails until the end – Greylisting. A majority of the mechanisms listed in our anti-spam tips rely on identifying “known” sources of spam to block inbound emails. However, spammers are always trying to circumnavigate filtering mechanisms by using new or “unknown” sources to send spam from.
Greylisting works by requesting that the sender´s server resends the email. Typically, spammers´ servers are too busy sending out spam emails to respond to the request and, after a period of time without receiving the re-sent email, the Greylisting function rejects the email as spam. Greylisting can be the difference between your spam filter identifying 96% of spam or virtually 100% of spam.
10. Make Use of Group Settings where Available: Some – not all – spam filters have the flexibility to set spam acceptance thresholds by individual user, user-group or globally. In some cases it may be necessary for system administrators to add different settings for different user-groups in order to exponentially increase the effectiveness of the anti-spam filtering solution.
A scenario in which this feature may be used is when a business’s sales team receives leads by email. Like all sales leads, these leads need to be acted upon quickly, so it is vital they are not quarantined as spam and it may be necessary to apply a lesser spam acceptance threshold for the sales department than – for example – the finance department.