Why Does My Spam Filter Suck?

You’ve been working on next week’s presentation all morning, patiently waiting for the updated shipping report from a supplier. Every time you see that mail icon or hear that ding, you quickly check your email. As the day drags on, you realize you’re going to work the weekend after all. The promised report hasn’t arrived.

Before you log out for the day, you check your spam folder. Sure enough, there’s the report you’ve been waiting for. Why did that email end up in the spam folder? That supplier’s been around for years. You’re sure the spam filter has it out for you. Blocking needed emails, so you have to work the weekend but letting through emails on preventing hair loss.

Spam filters can be frustrating and hard to phantom, especially when their behavior appears to be random. Going behind the scenes may help you understand how a spam filter works and whether the one you’re using really does suck.

Why Do You Need a Spam Filter?

Many have forgotten why spam filters exist. It’s not just to keep annoying emails from an inbox. They are part of an overall security program that helps protect against malicious attacks. Approximately 86% of email attacks use phishing or impersonation emails. Another 14% involve malware. If it weren’t for spam filters, many of these threat emails would land in an inbox.

How Do Spam Filters Work?

Spam filters are software applications that use algorithms to evaluate email messages while they are in transit. Many filters use industry-standard parameters, while others are based on company-specific criteria. Filters are created based on different criteria.

Content 

Filters can be set to look for words or word combinations that indicate sexual references, profanity, or other offensive terms. They analyze content patterns such as text strings, word groupings, or embedded objects that violate a filter’s algorithms. Common content-based spam filters block the following types of content:

  • Adult material. Pornography or other sexual-related materials are blocked.
  • Spam sites. Specific websites, domains, or IP addresses that send out spam are blocked because many distribute malware or other viruses.
  • Hate sites. Many spam filters block content that references such sites.

Other filters can be created to further restrict email content. Depending on how tight content filters are set, valid emails could be blocked.

Header Information 

Email addresses can trigger a spam filter. False addresses are often used to trick individuals into responding to bogus emails. It’s not uncommon for hackers to remove or add a letter to a valid email address because it’s easy for people to overlook a slight variation among the 121 emails they receive each day. If header information triggers a filter, the email may be blocked or quarantined to protect against cyber threats, even if the sender is valid.

Blacklists

Websites, IP addresses, and emails that distribute harmful information or malicious software are placed on a list that internet providers use to block activity coming from those sites. These so-called blacklists may be private or public. Private blacklists may apply very stringent standards. People or businesses may not be aware they are on a private blacklist until messages are bounced back.

Public blacklists can be searched to determine if an IP address or domain name is listed. When emails are sent or received, the address is compared to the list. If the address appears, a trigger is set, and the message is blocked. Individuals may be blocked if the domain or IP address appears on the list. Often, companies or businesses are unaware of the listing until they have difficulty sending and receiving emails.

Rules

Rules are instructions to spam filters that can be added to the standard filters. These rules can be created to prevent emails with specific types of attachments. They can block emails with links to social media or file-sharing sites. The number of rules depends on the organization controlling internet access.

Attachments

According to a 2020 survey, 20% of all email attachments are associated with malware attacks. Many providers apply robust controls on all attachments sent by email because of the potential for malware-invected attachments. Certain file types are more likely to trigger a spam filter than others. For example, pdfs, executable files, word documents, and zip files are considered the most used file types for business-related threats.

Are Your Spam Filters Working?

No matter how frustrating it can be to find the emails you were waiting for in a spam folder, the fact that those emails end up there means the filters are doing their job. You can help minimize your frustrations by practicing good email hygiene. Here is a list of things to consider when sending and receiving emails.

  • Write clear and purposeful subject lines. Vague subjects and content are often an indicator of spam. Many scamming emails use vague terminology to get you to click on a link or open an attachment.
  • Avoid attachments. Many organizations use file-sharing sites to enable employees and partners to share files, especially those that trigger spam filters.
  • Don’t purchase an email list.  Conferences or other events will often sell email lists of attendees. Other organizations sell lists as well. Many lists have a high ranking of invalid or spam addresses. Using a list can get you blacklisted if you’re not careful.
  • Limit the use of blind copying. Spam emails often include a long list of BCC addresses. If you don’t want to be put on a blacklist, avoid using BCC.
  • Avoid spam words. Filters are looking for terms such as Free, Win, Opportunity in all capitals, followed by exclamation marks or symbols.
  • Restrict Images. Emails that are primarily images are likely to be blocked since malicious objects can be embedded in pictures.

By applying hygiene rules to emails, you can reduce the number of emails that are blocked or end up in a spam folder.

Whitelists

Whitelists identify individuals or domains that can pass through filtering unchecked. It may minimize the number of legitimate emails that end up in spam folders, but it also increases the risk of exposure to malware and other viruses. If filters are flagging emails, there’s a reason. Be sure to investigate before adding them to a whitelist.

Whitelisting can help in situations where a trusted sender is being blocked. However, adding someone to a whitelist or removing them from a blacklist takes time as these listings are automated, making it difficult to ensure that changes have effectively rippled through the system. It is essential to realize that addressing an individual email is not the same as addressing a website or domain. As a result, the IP address or domain may be blacklisted, even though an individual is not.

Parkway Tech

As a managed IT provider in Winston-Salem, Greensboro, and the Triad, Parkway Tech is experienced in administering spam filtering solutions. Our team of experts understands the vital role spam filtering plays in a company’s cybersecurity strategies. Contact us to learn more about how to ensure your spam filters don’t suck.

Written by Chris Michalec posted on February 19, 2021

If you are thinking of switching IT companies but aren’t sure where to start, contact us now.