Spam Filtering Services

Spam filtering services provide protection against phishing and malware attacks, can prevent costly data breaches, and are important for HIPAA compliance.

Healthcare organizations are heavily targeted by cybercriminals and email is the most commonly used attack vector.

Email offers an easy entry point into healthcare networks as it allows threat actors to target the weakest link in the security chain: Employees. Security awareness and phishing email simulations are proven to be effective at reducing susceptibility to phishing attacks, but even with regular training employees are prone to make mistakes. Phishing attacks have also increased in sophistication and the social engineering techniques used by today’s threat actors make it difficult for even trained employees to identify all threats that arrive in their inboxes.

Due to the increasing sophistication of phishing and email-based malware attacks and the likelihood of at least some employees clicking links and opening attachments, healthcare organizations need an effective spam filtering service to make sure that the vast majority of these threats are blocked.

Spam Filtering Services and HIPAA Compliance

HIPAA-covered entities must conduct regular risk analyses covering all systems that touch electronic protected health information to identify potential risks to the confidentiality, integrity, and availability of PHI. Any risks and vulnerabilities identified must be reduced to a reasonable and acceptable level.

The risk analysis should identify email as a potential source of malware, while phishing could easily allow unauthorized individuals to gain access to email credentials and view and copy emails containing ePHI. To protect the email system, healthcare organizations must adopt a layered approach to security.

Anti-virus software can help to reduce the threat from email-based malware attacks, and security awareness training can reduce susceptibility to phishing attacks. However, signature-based antivirus software is ineffective at blocking zero-day threats, macros, and malicious scripts that download malware and ransomware and security awareness training is not always effective. According to the Verizon Data Breach Investigations Report, 30% of phishing emails are opened by end users and 12% of users click the links in phishing emails or open potentially malicious email attachments.

Advanced spam filtering services can greatly reduce risk and are therefore essential for HIPAA compliance. They provide an extra layer of security and protection against zero-day threats, email impersonation attacks, social engineering, and spear phishing, and block email threats before any messages are delivered to the email system.

Office 365 Spam Filtering and Phishing Protection

There is a common misconception that the anti-spam and anti-phishing defenses Microsoft has incorporated into Office 365 are capable of blocking all but the most sophisticated email attacks. In reality, Office 365 anti-phishing controls are often bypassed. Exchange Online Protection (EOP) is effective at identifying and blocking spam emails, but often falls short of requirements when it comes to blocking phishing emails. A recent report from Avanan revealed 25% of phishing emails bypass Office 365 anti-phishing protections and Office 365 users are being extensively targeted.

If email credentials are obtained, they are used to access accounts, harvest protected health information, and the compromised accounts are used to launch further phishing attacks on other individuals in the organization, contacts, and business associates.

Without effective spam filtering services to protect Office 365 inboxes, healthcare organizations will be at risk of suffering a costly email account breach and will face increased scrutiny from the Office for Civil Rights. A single phishing email could easily lead to a financial penalty for noncompliance.

Cloud-Based Spam Filtering Services

Cloud-based spam filtering services are now one of the most popular choices for healthcare organizations as they are cost effective, easy to implement and maintain, and offer a high level of protection for the email system. These spam filtering-as-a-service offerings require no hardware or software installations. Rather than having a physical appliance or virtual appliance, mail exchange records are redirected to the service provider and all filtering takes place in the cloud on the service provider’s infrastructure. As an added advantage, all updates are handled by the provider, so cloud-based anti-spam services do not add to the IT department’s patching burden.

Important Features to Look for in a Healthcare Anti-Spam Solution

Most cybersecurity vendors and MSPs will be able to offer effective anti-spam services that will improve your security posture by blocking spam, phishing, and email-based ransomware and malware threats. However, not all spam filtering services are created equal. The most expensive solutions are not necessarily the best and some of the lower cost solutions can provide an equivalent or even greater level of protection, allowing more money to be invested in other layers of your security suite.

When evaluating spam filtering services, take advantage of free trials to test the solutions in your own environment, check business review sites to find out how other organizations have fared with a particular service, and check the features of the solution to ensure it will be capable of blocking sophisticated phishing attacks and zero-day malware threats.

Some of the most important features of spam filtering services have been listed below:

Bayesian Analysis and Heuristics

Some spam filtering services conduct a Bayesian analysis to identify spam and malicious messages. This important feature involves a real-time analysis of incoming emails for words and phrases commonly used in spam and phishing emails. Each email is then assigned a score based on the message content. If the score is above a user-defined threshold, the message will be categorized as spam and quarantined or deleted. Some spam filtering services also incorporate machine learning systems that are trained to identify spam emails and phishing threats. These machine learning systems have been trained through the processing of millions of messages and the more they are used, the more effective they become.

DMARC Authentication and Sender Policy Frameworks

Sender Policy Frameworks and DMARC email authentication are important for blocking email impersonation attacks. The sender of a message is checked to make sure they are authorized to use a particular domain. If the sender is an authorized user of the domain, the message will be delivered. If not, the message will be rejected. DMARC is more effective at identifying email impersonation attacks and the best spam filtering services use DMARC in addition to SPF.


Sandboxing is an important feature for protecting against zero-day malware threats. New malware variants are not detected by signature-based AV solutions and so it is unlikely they will be identified as malicious files. Spam filtering services that include sandboxing provide protection against these zero-day threats. When a suspicious email attachment is received, it is subjected to deep analysis in the sandbox to identify any malicious actions such as C2 callbacks.

Malicious Link Protection

URIBL and SURBL filters are used to identify malicious URLs embedded in emails. These URLs redirect users to web pages hosting phishing kits or sites where malware is downloaded. Scans of URLs in emails should be performed in real-time and checked against blacklists of known malicious URLs and domains. Sandboxing is also used to explore the content of the webpages through embedded hyperlinks.


Greylisting is a technique used to identify mail servers that have not yet been added to real time blackhole lists (RBLs). When an email is received from a suspicious domain, rather than accepting the message it is rejected along with a request to resend the message. Mail servers being used for spamming rarely process these requests, and if they do, there is often a considerable delay. The delay can indicate whether a message is spam when other analyses are inconclusive.

Outbound Scanning

Not all spam filtering services include outbound scanning of emails, but this is an important feature that can help to identify compromised inboxes. Compromised mailboxes are often used for spamming and conducting further phishing attacks. Anti spam services that include outbound email scanning generate alerts for administrators which means breaches can be identified and mitigated much faster.


What is the typical detection rate for spam filtering software?

Most spam filters will block in excess of 99% of spam email and 100% of known malware threats. The best spam filtering solutions block more than 99.9% of spam email and have a low false positive rate. While it is possible to block 100% of spam and malicious emails, such aggressive spam filtering will typically result in many genuine emails being sent to the quarantine folder.

How much does an Office 365 spam filter cost?

The cost of a third-party spam filter for Office 365 ranges from around $1 per mailbox per month to more than $5. The price will depend on the solution chosen, the number of mailboxes you need to protect, and the length of the contract. While this may seem a lot, it is far lower than the cost of mitigating a phishing attack or malware infection.

Does a spam filter include antivirus software?

Modern spam filters use proprietary or third-party antivirus engines to detect malware threats. Email attachments are scanned and any messages containing malware will have the malware threat neutralized. While antivirus engines will block almost 100% of known malware, being signature based, they will not detect new malware threats until the virus definition lists are updated.

What is sandboxing and why is it important?

A sandbox is an isolated environment where email attachments can be opened and inspected in safety. Antivirus engines in spam filters will detect known malware threats, but new malware variants will not be detected. Suspicious attachments that pass AV checks are sent to the sandbox for deep analysis, which helps to detect never-before-seen malware threats.

Do I need a separate spam filter for Office 365?

Office 365 licenses include a basic Microsoft spam filter called Exchange Online Protection (EOP). EOP is effective at blocking spam email and known malware threats, but it is far less effective at blocking phishing and spear phishing emails. In healthcare, which is extensively targeted by phishers, a more advanced spam filter is recommended to protect Office 365 environments.