Approximately 60-70% emails received are SPAM now a days.
The spam filters are very crucial though they don't provide 100% foolproof results, but are essential to keep spam away from your business. It is necessary to keep your network free from spams like phishing attacks, malware attachments, malicious web links and viruses.
Spam filters help in protecting your email servers a getting overloaded but also keeps spam email away from your users and network.
-
What is Spam-Filtering?
It is about implementing some advance filters to prevent the spam-emails. Spam filters are specifically designed to identify emails that are either sent by marketers unsolicitedly, or sent by cyber-attackers with some malicious purposes.
There is pattern behind the working of attackers, as they would often use their emails to offer some sort of beneficial service to you, or to protect you from some imminent danger. But this is just the facade, the true intention of writing spam emails is to entice you to CLICK on a hyperlink. A single click on harmful link, may instantly download a malware or malicious code on your computer. Most of you, are already aware of this danger. Right?
But SPAM emails don't always deliver harmful content to you, but they can heavily clutter up your inbox. Most employees would endorse this that spam emails causes a lot of confusion, distraction and results in loss of focus while aiming to get some productive work done..
Spam FILTERS can detect a large number of spam emails from reaching you.. They can recognize patterns that spam emails tend to follow.
The person sending the spam sends the same email to many people at the same time, knowing that if the email works on only one in many thousand people, the attack or marketing scheme will be successful.
Because an email spam filter can recognize most kinds of spam emails, it can be a valuable tool for protecting your users from unwanted messages. In fact, many spam filtering solutions have started to use Machine Learning(ML) to deliver more accurate performance.
However, the onus of protecting your employees from spam, still lies with your company, as is the job of protecting them from Business Email Compromises (BEC).
However, spam filters can also identify the legitimate emails from companies your users actually want to get messages from. In this case, your users often have the option to identify the kinds of emails they want and adjust their settings to allow them to pass through the filter.
-
How Do Spam-Filters Actually Work?
Spam filters usually operates with some decision-making algorithms which parses every email and assigns a number. This number is calculated based on the set of rules which these algorithms use to parse email. The number is the probability of email as spam-related content. Once this number crosses the threshold, these emails are automatically marked as Spam. The number is also known as a 'Spam Score' for an email.
Spam score depends on various parameters not just the content of the email, like the email server used to send emails, IP and domain reputation. Many Internet service providers have an aggressive spam filters.
Since the idea behind spam-filters is to prevent the unwanted, unsolicited emails to reach your users/employees, it is achieved using multiple-methods as given below:
1. Blacklist Filters
Anti-spam solutions always come up with a ready-made list of spammers and updated on a regular basis, usually on daily basis. They identify spammers based on their 'email IDs.' This type of filters will check the reputation of IP address on a real-time basis and if anything suspicious found the emails are immediately marked as Spam.
It is one of the old way of filtering out spam, but it is not very effective. Because spammers change their email-address on a very high frequency. Every time, a spammer or marketer switches from one email-ID (or domain) to another, their emails would inevitably succeed in reaching to your inbox, till the time new domain/email-ID is blacklisted again.
As a security professional, you would be using your own 'blacklist' to protect your users. For example, it is imperative to your organisation to stop head-hunters who seek to attract your employees to other organisations. You also don't want that your employees are delivered with attractive sales-offers and promotions, so save them from distractions.
Some of Anti-spam solutions offer you a 'Real-Time' hole to filter out incoming as well as outgoing emails.
2. Content-based Filters
These filters are far more effective than blacklisting in general. These filters are capable to ANALYZE what is inside the emails and then they use that information to decide-- Should the email be marked as spam or not?
These filters can identify emails which serve 'Sales Offers' or 'deals', promote explicit materials or products, ot otherwise tap on human emotions, feelings, and desire, e.g., fear or greed, etc.
Content filters work by search for specific words, such as 'discount,' 'free,' 'offer,' 'limited time,' "You're a winner," 'You have Won,' etc. These filters can also examine an email if it contains some inappropriate language of a sexual nature that would indicate that it may include some explicit content. Such emails have potential to lure your users/employees on clicking on the malicious links.
3. Header Filters
These filters directly target the 'Header' of the emails to see if it is emanating from an illegitimate source-- From where the email has come and its routing information. These filters work on the top of blacklisting filters, as they target the IP address of the senders. It may also include information that indicates to you that the given email is just one copy of many emails sent at the same time to pre-organized groups of recipients.
4. Language Filters
Sometimes spammers target people from other countries, and the email is therefore in a different language than that of the recipient. In most cases, a user will only want to receive emails in languages in which they are fluent.
However, if a business connection or customer from another country reaches out, there exists the chance that the language filter could categorize that legitimate email as spam, so you need to instruct your users to check their spam folders when expecting these kinds of messages.
5. Rule-based Filters
I am a fan of rule-based filters, because I can use a filter to set up 'specific rules' that can be applied to all emails coming into my system. If the email’s content or origin matches one of the rules, it can be automatically sent to a spam folder.
For example, you can set the filter to look for specific words or phrases in the body of an email. If these words are present, the message gets sent to the spam folder. You can also set the filter so it looks for particular words or phrases in the header. This can be useful for emails associated with memberships that, while still useful, result in unwanted messages from time to time.
Rule-based filters are also useful for targeting specific senders. You can set them up to look for information in the domain the email is coming from or the name of the person sending it. These are highly effective and efficient when it comes to counting the 'Business Email Compromises.'
6. Filters based on Heuristic
This technique is one step ahead of content-based filtering. The method not only compares just words and pictures; instead it takes care of multiple terms within an email.
Depending on the content of emails entering the network, it starts assigning points (score). For example, while parsing if it matches the words like "Free" or "$", then the highest scores are assigned.
Similarly, there many such words for the scores are assigned, and once the threshold has exceeded, then those emails are marked as Spam and blocked at the email server. This filter is considered one of the fastest way of installing and configuring for minimizing delay in email receiving and delivery.
7. Bayesian Filter
It is a bit advanced form of spam-filtering, as it uses mathematical probability to check the nature of emails whether they are legitimate or Spam. This filter needs to be trained manually by adding marking one by one emails as Spam. Every time, an email is parsed; this filter gets prepared by adding words, phrases to the list.
This filter is capable of learning of -- What are your preferences, by examining the emails that you send to your spam/junk folder.
It does so by analyzing the CONTENT of the emails you mark as spam. To determine whether the emails are Spam or not, the Bayesian filter parses the email body and compares words within an email, which further calculates the probability of Spam.
And the beauty is that then it creates appropriate RULES automatically. These rules are then applied to all future emails you receive.
For example, if you constantly mark all emails from a specific sender (e.g., neo@matrix.com) as spam, a Bayesian filter can recognize this pattern. It will then look for emails from that sender and move them to your spam folder automatically.
Another example is, let's assume an email from a particular source that has word "FREE", and you have received such emails about 40 times out of 65 which have word "FREE". So, whenever an email has been received with the same word "FREE" from the same IP, then it will be considered 90% as Spam.
-
How Gmail, Yahoo and Outlook emails spam filters work?
[A] Gmail Spam Filters
Google's data centers makes use of hundreds of rules to determine whether an email is valid or spam. Every one of these rules depicts specific features of a spam and certain statistical value is connected with it, depending on the likelihood that the feature is a spam.
The weighted importance of each feature is then used to construct an equation. A test is conducted using the score against a sensitivity threshold decided by each user's spam filter. And consequently, it is classified as a lawful or spam email.
Google is said to be using state of the art spam detection machine learning algorithms such as logistic regression and neural networks in its classification of emails. Gmail also use optical character recognition (OCR) to shield Gmail users from image spam. Also, machine-learning algorithms developed to combine and rank large sets of Google search results allow Gmail to link hundreds of factors to improve their spam classification.
[B] Yahoo Mail spam-filter
The email provider, YAHOO has its own spam algorithms that it uses to detect spam messages. The basic methods used by Yahoo to detect spam messages include: URL filtering, email content and spam complaints from users. Unlike Gmail, Yahoo filter emails messages by domains and not IP address. Yahoo mail uses combination of techniques to filter out spam messages. It also provide mechanisms that prevent a valid user from being mistaken for a spammer.
[C] Outlook Spam-Filters
The main difference between Outlook.com webmail service and the MS Outlook desktop application is that Outlook desktop application allows you to send and receive emails, via an email server, while Outlook.com is an email server.
Outlook.com have its own distinctive methods of filtering email spams. As per Microsoft, they have provided you the list of spam-filters they use to declare any email JUNK and send it to Junk-folder.
Here these are:
-
Safe Senders List
-
Safe Recipient List
-
Blocked Senders List
-
Blocked Top-Level Domains List
-
Blocked Encoding List
-
Kindly write 
your comments on the posts or topics, because when you do that you help me greatly in 
designing new quality article/post on cybersecurity.
your comments on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.You can also share with all of us if the information shared here helps you in some manner.
Life is small and make the most of it!
Also take care of yourself and your beloved ones…
With thanks,
Meena R.
____
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM