Spam Filtering Software

The first spam filter was developed in the 1990s to address a growing problem of unsolicited and unwanted emails. Two software engineers compiled a list of IP addresses that were sending the messages and created a blacklist which was made available to subscribers of the Mail Abuse Prevention System. While initially developed to deal with nuisance emails, spam filters now have to block far more sinister threats and in much more significant volumes.

The same blacklist system is still in use today. It is known as the Domain Name Server Blackhole List or Real-time Blackhole List (RBL). It contains the IP addresses of known spammers and is constantly updated. The blacklist is one of the key mechanisms for identifying spam emails and is at the heart of modern spam filters.

Spammers are constantly changing tactics to bypass RBLs and ensure their emails reach inboxes. Domains are used for very short periods before being abandoned, or thousands of domains are used to send small batches of emails at levels where spamming is unlikely to be detected. Blacklists are still important for blocking nuisance emails, but alone they will do little to block more sophisticated threat actors and more sinister threats.

The Importance of Spam Filtering Software

Email is the malware delivery vehicle of choice for cybercriminals and the main way hackers gain access to healthcare networks. Figures from Verizon indicate 66% of all malware infections in the healthcare industry were the result of employees opening infected email attachments.

Phishing attacks on healthcare organizations are increasing and barely a day goes by without another report of a healthcare phishing attack. Each year, scores of businesses are fooled into disclosing W-2 Form data and making fraudulent wire transfers.

With appropriate technical solutions, policies, procedures, and staff training, it is possible to mount a robust defense against phishing attacks. Without effective spam filtering software in place, healthcare organizations will not be able to manage and reduce threats to an acceptable level and data breaches and regulatory fines are likely to follow.

Key Features of Spam Filtering Software

The use of blacklists is a common feature of spam filtering software, but in order to protect against more sophisticated attacks, additional mechanisms must be employed. Modern spam filters use an array of additional mechanisms to detect malicious messages and sophisticated phishing attacks.

DMARC Authentication

DMARC is used to authenticate authorized users of a domain and detect email spoofing and brand impersonation attacks.


Sandboxing capabilities allow deeper analysis of suspicious email attachments. File attachments are executed in a safe environment and studied for malicious actions.

Content Analysis

Machine-learning systems scan and analyze message content for spam signatures and assign confidence scores to messages. Messages are only delivered if the score is below a pre-defined threshold.

SURBL/URIBL filtering

A technique used to filter out phishing emails and reject, quarantine, or flag messages with suspicious embedded hyperlinks.


Greylisting is the process of requesting the resending of an email. Normal mail servers respond quickly, whereas spamming servers are typically too busy to respond. Time delays are a good indicator of the trustworthiness of the mail server.

Outbound scanning

Scanning of outbound messages for malicious attachments, phishing and spam, to help detect account breaches and prevent domain blacklisting

An Essential Part of Your Cybersecurity Defenses

An advanced spam filtering solution will achieve a spam detection rate in excess of 99.9% and will have a low false positive rate under 0.05%. Over time, machine-learning systems will improve detection rates further, but it is not possible to block all spam and malicious messages.

Cybercriminals are constantly developing new methods of attack and are perfecting their email spam campaigns. New fileless malware variants are being used and other methods of obfuscation are employed to hide malicious code. Spam filtering software will block the majority of threats, but it is inevitable that some malicious messages will slip through the net and be delivered to inboxes. It is therefore essential for all staff to be provided with regular security awareness training and taught to be alert to email threats.