Spam Filters: Recommended for Productivity, Critical for Security

Spam filters are tools which identify whether or not incoming emails contain unwanted or harmful content—and it automatically flags and quarantines any emails if so. Therefore, it acts as an additional layer of security, through determining whose messages actually deserve attention, and by controlling whose messages actually arrive at your inbox.

How Do Spam Filters work?

Typically, a spam filter uses a predefined algorithm to scan incoming emails. The spam filter searches for commonly known characteristics of both unwelcomed marketing material and fraudulent phishing attempts. If a certain degree of these characteristics are present which match the profile of spam mail then the email will be flagged, and will be quarantined accordingly.

Of course, the strictness in which the algorithm identifies these “spam” characteristics may vary. The spam filter can be configured so that it tolerates a high degree of spam characteristics, in which case it would not be considered strict at all. On the other hand, the spam filter may be configured so that it cracks down on even the slightest suspicion of spam mail, in which case it would be considered very strict. Organizations often customize this “strictness” setting according to what suits them best—which is most often based on their experience and their preference for security over convenience.

Supplementing this algorithm is a database of sender reputation. Organizations who manage spam filters have come face-to-face with marketers and cybercriminals in the past, and they now have a history of records for what senders to be suspicious of when it comes to digital mail. This is known as IP and domain reputation. Therefore, each time there is an incoming email, the spam filter refers to this database to determine whether or not the sender is reputable, or if the sender has previously been blacklisted. This supplements the spam filter’s decision as to whether or not any incoming emails should be flagged.

On top of this, spam filters often automatically authorize any mail which has been sent from a saved contact. This way, any personal mail from a sender with a known identity, like a fellow coworker, will not be caught by the spam filter.

Why Should I Use Spam Filters?

Well, the alternative of using no spam filter entails that all messages reach their desired destination of your inbox. In this case, it is up to you to manually sift through the clutter in order to identify which emails are wanted, and more importantly, which emails are legitimate. Considering about 48% of all emails sent in 2022 were spam, this may require a significant time commitment, and could hinder your productivity. Therefore, from a productivity standpoint, a spam filter is recommended. If you’re still not convinced, for reference, Google’s Gmail is said to block over 100 million incoming emails every day, to protect its users.

On the security side, things are much different, because from this standpoint a spam filter is considered critical. This is primarily because a significant fraction of spam emails contain malware. A study by the Government of Australia has shown that one in ten spam emails contain malware. Malware, also known as malicious software, is considered any sort of software which is designed to steal sensitive data, to damage physical devices, or, more generally, to be invasive in any way. Typically, malware takes advantage of unpatched software issues. Accordingly, distributing malware in this manner is classified as criminal activity. For the median organization which has experienced malware, 9 out of 10 times it was delivered via email, following a report from Verizon.

Unfortunately, unsuspecting people fall victim to dangerous spam mail everyday. Statistics Canada has reported that one-third of Canadians have encountered a phishing attack. Just like any other software, malware requires authorization before it can use system resources. Uninvited malware only requires one single click as authorization for it to proceed. This is why there is such a high risk associated with poking around suspicious looking emails. What’s more is that spam mail containing malware is commonly disguised as something authentic, such as legitimate messages from reputable senders, so as to trick the admin into interacting with the mail and in turn granting the necessary permission to access system resources which are being requested.

One can lower their chance of being tricked by these fraudulent malware attacks by educating oneself on common spam email characteristics. However, this has become less effective in recent years with the introduction of spear phishing. Spear phishing is when criminals customize their sham emails to look precisely like an email that would be relevant to you in particular. They use the information which is available online to develop a better understanding of how they could trick you, and they may send you an email impersonating a coworker, boss, and so on. Security giant Norton has claimed that 88 percent of organizations experienced spear phishing in 2019. These spear phishing attempts are becoming more and more realistic, and consequently they are less easy to distinguish from real, authentic, mail from the very same people. Thus, a well-educated individual on common phishing tactics is still prone to being tricked, simply because the fraudulent mail can be so convincing. After all, if the email looks the part, and the message it is trying to convey is relevant to you, who is to say you don’t interact with it, thinking it truly was from your boss?

As such, educating oneself on the fraudulent tactics of cyber criminals can only get you so far when it comes to spam mail. In the end, a spam filter is critical in terms of cybersecurity. What you might not catch, the spam filter more than likely will. Whether it is a misplaced letter in their email address which makes you realize you aren’t interacting with who you think you are, or a fraudulent link embedded in an email just waiting to steal your credentials, implementing a spam filter can prevent you from ever being involved in these security dilemmas. After all, everyone makes mistakes, so how can you expect yourself never to fall victim?