When we think about anti-spam, we often think about those annoying emails we receive that relate to subjects we’re not in the least interested in.
But that’s not all there is to spam. Email can also be used as a vector for phishing, or even spear phishing, attacks. A good server anti-spam solution should address both and mitigate the phishing problem, while also increasing your company’s productivity by removing unwanted messages.
Here is how:
The various server anti-spam technologies differ in their effectiveness at handling the multitude of spam problems. Some are really well suited to combat phishing attacks, while others have only limited utility.
Let’s take an in-depth look at the different features:
- Whitelisting: Whitelisting is mainly intended to protect against false positives. While this will not help in preventing phishing attacks, it will ensure that your protections do not interfere with your legitimate emails. However, this is a two-edged sword. If a user of a whitelisted domain, or a whitelisted email, launches a spear phishing attack on your organization, your whitelisting will let that attack through and you will need to rely on other technologies to detect it.
- Databases: Advanced server anti-spam solutions feature databases of URLs and spam finger prints that are specifically designed to detect phishing emails. These can be very effective at blocking phishing emails that target you.
- Greylisting: Greylisting is a process whereby emails from new sources are rejected with a temporary error. The idea behind this is that legitimate servers following email standards will re-send the email after a short delay. Spammers, on the other hand, will not follow these protocols and thus will not resend the email. This technology can help prevent regular phishing attacks to a degree, but is unlikely to be effective against spear phishing.
- SPF (Sender policy framework): SPF is a system where any email that is received by your mail server has its domain queried. This data is then checked against a list of authorized email servers that can send on behalf of the host in question. If the data does not match, the email is rejected. This system is effective at stopping regular phishing emails, as well as spear phishing emails, for the simple reason that many of these attacks spoof the sender email address to gain legitimacy. As a result, the SPF catches them when querying the authorized email sending hosts for that domain. The only down side to this system is that email domain owners need to have set a list of authorized email hosts for this method to work.
- DNSBL (DNS block-list): DNS block list is a system that anti-spam service providers use to maintain a database of known spamming hosts based on DNS values. This is very effective against regular phishing emails, as these are likely to be caught by the various DNSBL’s honey pots and traps. However, this technology offers limited protection against spear phishing attacks that may use pristine mailing hosts which will not show up in DNSBL lists.
- Bayesian: Bayesian analysis can be quite effective against phishing attacks. The system works by performing a statistical analysis on emails and classifying them according to their content. To be effective the Bayesian filter needs to be trained periodically with samples of different types of email, both spam and legitimate. Such training can be done by the vendor or the user themselves. As long as the Bayesian filter is trained with samples of phishing emails, it should be effective at detecting them. Spear phishing emails can elude Bayesian analysis in some cases, provided it is different enough from the regular spam the system is trained on.
There are quite a number of methods attackers can use to make phishing attacks against your users. And a major delivery platform for such attacks is, without a doubt, the email system. A good server anti-spam solution can go a long way in protecting your users from such insidious phishing attacks, as well as the more regular spam we are used to.
This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about what the right server anti-spam solution for your company should include.
All product and company names herein may be trademarks of their respective owners.