Even as IT threats grow more diverse and sophisticated, administrators and email services are forced to expend significant resources protecting users against classic email spam. For as long as email exists, users (and especially companies) have had to cope with unsolicited messages in the form of junk mail. At best, spam emails can carry aggressive marketing messages about questionable products and services. At worst, they may be tools for phishing or fraud campaigns and other scams.
An evolving challenge for admins
Nearly 320 billion emails are sent and received every day. Of these, up to 50% may be spam. According to one definition by Statista, in July 2021 alone, out of 336.41 billion emails sent, 283 billion were spam. At Synology, an average month will see us mark and filter out up to 50,000 potentially harmful incoming emails to employees, while an additional number is marked as likely unwanted spam. All of this requires substantial IT resources. Luckily, our IT security teams can count on help from our in-house email solution, Synology MailPlus.
If you’ve been using Synology MailPlus as your mail solution, you’re probably aware that users are actively protected against malicious and unwanted spam by an array of built-in technologies. These both help filter out undesirable mailings and use a number of methods to make sure emails really originate from their apparent sender. So how exactly do we make sure that emails are legitimate and wanted? And how does a newly released function help further pre-empt email threats that can impact your network and, ultimately, your business
Defending against malicious actors
First and foremost among email threats are malicious actors looking to infiltrate systems and steal sensitive data. Over the years, the fight against spam and email threats has evolved, and today there are numerous security and encryption technologies in place to protect users. Of these, MailPlus users can employ Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting, Conformance (DMARC), and DNS-based Authentication of Named Entities (DANE) to keep communications safe. But what do these technologies do?
SPF, DKIM, and DMARC are important authentication methods designed to help email recipients verify the authenticity of the sender’s domain and identity. SPF records contain a list of authorized mail servers for a particular domain, while DKIM provides a digital signature that can be used to verify that the email has not been tampered with in transit. DMARC builds on these technologies by allowing domain owners to specify how their messages are handled if they fail authentication checks.
DANE enhances email security by allowing domain owners to publish the public keys for their email servers in DNS records, which can then be used by email servers to verify the authenticity of emails sent between them. This can help prevent phishing attacks and other forms of email-based cybercrime by verifying that emails are being sent from legitimate sources.
Despite these security technologies, spam and email threats can still slip through the cracks. One of the most common ways this happens is through compromised accounts, where spammers gain access to legitimate email accounts and use these to send malicious messages. Another threat is spear phishing, where attackers send targeted emails that appear to be from a legitimate source, tricking recipients into clicking on links or providing sensitive information.
More essential layers of defense
A defense-in-depth approach (as shown in Figure 1) is essential when it comes to protecting against email threats, as no single technology or strategy is foolproof. By using multiple layers of protection, organizations can increase their chances of detecting and blocking email threats before they reach their intended targets. Let’s take a closer look at the different technologies and strategies that can be used to provide a defense-in-depth approach to email security.
In addition to authentication, MailPlus Server will prevent most potential email threats from ever reaching their targets by using global blocklists called DNS-based Blackhole Lists (DNSBL), such as Real-time Blackhole List (RBL) and the Spamhaus Block List (SBL). These contain lists of IP addresses and domains that have been identified as sources of spam, phishing, and other types of malicious email. Any emails from blacklisted sources are automatically rejected.
Figure 1. Mail processing flow with security scan in MailPlus
Training and custom filter settings
Beyond relying on automatic protections, MailPlus also lets admins set up local, manual rules to filter out emails containing specific keywords or patterns that are indicative of spam or digital threats. These rules can be customized to meet the specific needs of an organization, and they can be used to complement the automated technologies and blocklists that are in place.
However, no matter how many layers of protection are in place, the human element remains a critical factor in defeating email threats. That is why it is crucial to teach employees how to recognize and respond to suspicious emails. Valuable training includes how to spot phishing emails, how to avoid clicking on links or downloading attachments from unknown sources, and how to report suspicious emails to the appropriate security team.
New advanced security option
Email protection is always evolving, and for businesses that want to benefit from the latest technologies and insights, specialist providers offer actively managed email security services. Dedicated teams and advanced detection methods ensure filters and blocklists are adjusted as soon as new threats arise, giving users an edge over scammers and spammers. With an update to MailPlus Server this spring, we are making a world-class solution available directly in Synology MailPlus.
Bitdefender is an award-winning provider of email security services trusted by organizations worldwide. With its Antispam service, it delivers a powerful email security solution that uses proprietary technology to detect and block threats. By releasing Bitdefender Antispam as a convenient add-on in MailPlus Server, we are making it easier for businesses of any size to implement an advanced email filtering solution to identify and remove spam, phishing attempts, extortion and malware (malspam), and other email-based threats.
Bitdefender for MailPlus provides businesses with an additional layer of advanced protection that filters out threats before they even reach the inbox using a wide range of blacklists, reputation systems, and content filtering technologies, as well as machine learning models for spam detection and classification. It also helps internal teams save time spent on email management. The service is designed to be “set and forget,” meaning it automatically makes changes to better protect against email threats without requiring regular inputs by IT staff.
TL;DR
Email security remains crucial in an age when spammers and malicious actors continue to look for ways to infiltrate systems and steal sensitive data. Synology MailPlus Server offers several email authentication methods to prevent spam and email threats, including SPF, DKIM, DMARC, and DANE. However, no single technology or strategy is foolproof, which is why a defense-in-depth approach is essential.
This approach includes the use of global blocklists, manual rules, and training employees on how to recognize and respond to suspicious emails. MailPlus now also includes a premium antispam and email filtering option with Bitdefender. This integration gives administrators a powerful automated solution that does not require continuous fine-tuning of rules.