Top 7 Email Content Filtering Best Practices
All organizations should take particular care to filter unwanted emails out of employee inboxes.
In this post we discuss what unwanted email looks like, why junk emails are flagged, how anti-spam software works and email content filtering best practices that will help you keep your inboxes clean.
Why should we care about keeping junk mail and malicious emails out of inboxes?
Every organization wants to keep as much unwanted email out of employees’ inboxes as possible to help them focus on their work. They also want to keep them safe from cyber-attacks.
It may be hard to know the difference between harmless spam that’s more of a nuisance and a malicious email that could lead to a cyber-attack. Often, a malicious email disguises itself as a spam email.
Regardless of the type of email you receive, strong email content filtering practices can help prevent unwanted emails from entering your employees' inboxes.
Why are junk and/or malicious emails flagged?
Anti-spam filters pay close attention to the types of emails that come through. Reasons emails may be flagged include:
- Poor email reputation from the sender or the sender’s domain
- Use of specific words that flag anti-spam filters
- The sender simply does not have relevant content that users want to open and interact with
- No opt-in options to direct messages to an interested audience
- The sender not using a reliable bulk emailing service
Committing any of these email faux pas can cause a spam filter to believe an email or its sender is suspicious.
How does anti-spam software work?
Anti-spam software, whether part of your local email client or a third-party anti-spam service to increase effectiveness, identifies potential spam messages and moves them to a spam folder instead of the recipient’s inbox.
The recipient can then review the messages in the spam filter to make sure there isn’t anything they want in there. Some third-party services send a summary message for users to see recent messages marked as spam. The user can then choose to either block the sender or allow the message to be released to their inbox.
Spam filters may not catch everything, but they are always learning new tricks used by email senders to bypass the filters.
7 Email Content Filtering Best Practices
We see statistics used all the time about the importance of a strong cybersecurity strategy. Gartner recently doubled down on previous figures by stating that organizations that implement a strong cybersecurity strategy by 2024 will reduce the financial impact of security incidents by an estimated 90%.
A strong cybersecurity strategy has multiple layers. Some are described on this list, but there are more.
1. Use anti-spam anti-virus software
An anti-spam anti-virus filter is a fundamental layer of protection that’s required by most cyber insurance companies and cybersecurity frameworks.
While most cloud-based email services have a spam folder built into them, adding an additional third-party filter layer helps keep out more spam and decrease the chances of a malicious email making its way into an end user’s inbox.
Many options for a third-party anti-spam software exist, and you should consider the user experience, implementation process and costs when deciding which to use. Invite a managed service provider (MSP) like Loffler to determine the best email spam filter for you.
2. Filter both inbound and outbound emails
You want your spam filtering software to prevent the wrong emails from reaching employees, but you also want to be able to identify whether anything unwanted is being sent to other recipients.
We recommend ensuring your software scans all inbound and outbound email traffic to flag suspect data and messages.
For example, emails can be flagged if an employee’s email account is compromised and sending malicious emails.
3. Educate end users
We can’t emphasize the importance of this best practice enough. End users should be empowered to report, block or delete any unwanted messages, particularly malicious emails.
You want to train your end users about the protection measures in place and how to maximize their effectiveness. Malicious emails can be tricky, and tactics evolve daily to trick people and bypass spam filters.
Consider educating end users by:
- Providing security awareness training
- Reminding employees to never open attachments from unknown senders or enable content in unverified documents
- Telling employees to never send protected data including passwords or personal information into unknown hyperlinked websites or via email
- Encouraging employees to be suspicious of every email that comes into their inbox
- Holding regular trainings to share information and keep people informed of current threats – they should always be aware of what “suspicious” looks like.
If end users are trained to be suspicious of everything, your organizations is more likely to be safe.
4. Take education a step further with phishing tests
A phishing test is a way to test employee awareness without risking an actual cyber-attack.
Phishing tests are run by a vendor working with your IT department or managed service provider. They send unannounced mock phishing emails to your employees – they are very well disguised – and then track who did and did not fall for the phishing attempt. You would be surprised (and concerned) by who falls for them.
Those who do not pass the test are then required to complete more training before they receive another test.
5. Write and enforce password policies
A password policy is a backstop for what happens if a malicious email gets through. Users need to know what to do if an unsolicited email requests them to enter their login credentials. Having good password policies also limits the risk that an attacker could gain access to an email account and use it to send malicious emails to others.
Weak password policies contribute to poor email protection. Passwords that are short, predictable, commonly used and lacking numbers, capitals and special characters can be guessed easily.
Malicious actors don’t manually guess passwords; they use programs to check thousands of potential passwords per minute. A strong password policy can prevent issues with employee emails being compromised.
6. Enable multi-factor authentication
Beyond password policies, multi-factor authentication (MFA) adds another layer of protection. Multi-factor is when you log in with a password, and then confirm via email, app or text that you are the right person accessing the information.
Many of us have gotten used to MFA in our personal accounts, from banking to medical, and they should be commonplace in the workplace as well.
7. Create a list of email domains, addresses or IP addresses that are trusted within your organization
We’ve talked a lot about how to handle unwanted emails, but let’s spend a minute thinking about those emails that we do want to receive.
Let’s say an email you want to read is flagged by your spam filter. Your organization’s IT team can create an “allowlist” for the domain, address or IP address to allow all future correspondence from the sender.
End users can also individually approve an email to tell the filter it’s OK to send future emails from the sender directly to your inbox. This prevents the spam filter from getting in the way of work.
Make sure as part of end-user education that you explain how the approve/deny functionality works, so your employees are empowered to customize what is allowed in their inbox.
We can’t say enough how important it is to have multiple layers of cybersecurity protection to protect your organization.
Loffler works with organizations to help define and refine their cybersecurity practices. Contact us to get started on yours.
Read Next: Cybersecurity: IT Starts with Leadership
Randy is a CISSP and Manager of the Cybersecurity and IT Consulting teams at Loffler Companies. He is currently focused on bringing his 25+ years of IT experience to bear on the development and delivery of new and enhanced security services that provide a practical approach to IT security. He enjoys long walks on the beach and never conducts online banking transactions when connected to public WiFi.