Anti-spam appliances are hardware or software-based gateways through which all email traffic is channeled. The appliances act as a filter, catching all the crud that should not be delivered to inboxes. That includes nuisance spam emails and unwanted marketing correspondence to serious security threats such as phishing emails and malspam.
Hardware and Software-Based Anti-Spam Appliances
While these filtering tools are often referred to as anti-spam appliances, they can be physical devices or virtual appliances. Physical appliances are hardware solutions that located within your own IT infrastructure. Software-based appliances are run on a virtual machine on existing hardware. It is worth noting at this point that there is an alternative to both: A cloud-based filtering solution. This is essentially a software-based appliance running on the service provider’s servers.
Physical appliances require an up-front initial cost and the devices lack scalability. If mail accounts increase, a new appliance will need to be purchased. The hardware must also be housed and maintained by IT staff or through support contracts.
Software-based appliances are a more convenient choice for most businesses, especially those that do not want to transmit sensitive information through the cloud. The virtual appliance is installed as a gateway and sits between the firewall and the mail server on existing hardware. The software is updated automatically by the software provider, so it does not add to the patching burden. Licenses are usually purchased and can be paid monthly, quarterly, or annually.
Cloud-based filtering has the advantage of having all filtering taking place off-network on the service provider’s servers, which is achieved by redirecting the MX server record. This is the quickest and easiest ay to start filtering email.
A spam and antivirus filter for email is an essential cybersecurity measure for all businesses. Without a filter in place, businesses will be exposed to an excessive risk of phishing, malware, and ransomware attacks. With an advanced anti-spam appliance in place, it is possible to block in excess of 99.95% of spam and malicious messages.
Features of Anti-Spam Appliances
The first spam filter was developed in the mid-1990s and consisted of a list of IP addresses from which email would not be accepted. The list was shared using a DNS-based method, which was later developed into a Border Gateway Protocol that was at the heart of the Mail Abuse Prevention System. This system is still in use today, and is better known as Real-Time Blackhole Lists.
These lists are the primary method of filtering out spam from genuine emails. The lists contain IP addresses that have been reported to RBL agencies for spamming. Naturally, there have been refinements in the 20 years since the system was first developed. RBL agencies provide more detailed data, including reputation scores for IP addresses.
Messages that pass through this first layer of security are then subjected to various content scoring tests to determine a spam score for the message. The higher the score, the greater the probability that the message is spam. Administrators can set their level of tolerance via their user interface and determine what happens to those messages: Reject; Quarantine; Flag.
Modern spam filtering appliances incorporate a range of additional tests to assess the validity of messages. Front-end tests are often performed to determine whether the sender of the message is authorized to use that domain. These Recipient Verification Protocols and Sender Policy Frameworks such as DMARC help to ensure that spoofed email messages are identified and rejected rather than being delivered to inboxes.
Greylisting may also be used. This is the process of rejecting a message and requesting it be resent. This front-end test reduces the strain on the mail server and helps to identify spam from previously unknown IP addresses. Genuine messages are resent quickly. Spam messages are never resent or are severely delayed.
Some anti-spam appliances can also scan and filter outgoing mail. This additional control prevents insiders using a domain for spamming and limits the harm that can be caused in the event of an email account compromise.