Best Practices Inbound Spam Filtering vs. Outbound Spam Filtering By Ken Simpson | 9 minute read Inbound Spam Filtering Vs. Outbound Spam Filtering What’s the difference between Inbound and Outbound Email Filtering? Inbound Spam Filtering MailChannels Inbound Email Filtering Outbound Spam Filtering MailChannels Outbound Email Filtering MailChannels Transparent Filtering Email Spam Filtering Email spam filtering ensures that our inboxes remain clear of annoying and dangerous email. Email can be filtered before it comes into our inboxes, or before it leaves a system destined for recipients outside of the organization. Here, we look at both kinds of email spam filtering: inbound spam filtering to protect your inbox, and outbound spam filtering to protect the rest of the internet. What’s the difference between Inbound and Outbound Spam Filtering? Inbound and outbound spam filtering both involve analysis of email messages to identify malicious or annoying content. Yet there are two main differences between inbound and outbound spam control: Sender Identity Inbound spam filtering typically identifies the sender by the IP address from which the message originated. In outbound spam filtering, the sender is your own customer or user; senders are identified by the account name, email address, the name of an application, or in some cases an internal system process. Managing and tracking sender identity in an inbound spam control system is relatively easy, because IP addresses are nearly impossible to falsify (in the context of SMTP email). Doing the same for outbound email, where the sender identities are more varied and more likely to be compromised or spoofed, is much more difficult. Impact of false positives When an inbound spam filter makes a mistake, one of your own users fails to receive a message. With outbound spam control, the false positive means someone else’s recipient fails to get the message—or potentially thousands of messages if it’s part of a legitimate bulk email campaign. The impact of false positives is the greatest differentiator between inbound and outbound spam control. There is a huge difference between blocking, for example, a particular newsletter from reaching one of your users, versus blocking EVERY newsletter sent out by one of your users to his or her mailing list of 1,000 recipients. With outbound spam control, blocking the wrong thing can be much more costly than with inbound spam filtering. Zero Hour When filtering inbound spam, we are trying to identify and block content that has been seen by other inbound spam filtering systems on the internet in the recent past. Content may originate from a large number of disparate sources at the same time, as spammers try to limit the possibility that their sending system will be blocked. Each inbound spam filtering system sees only the email that is destined for its users; however, it’s likely that the same spam has already been seen by others who may be sharing data with us. When filtering outbound spam, we are trying to identify and block content that may never have been seen by other email recipients – it’s happening at the so-called “zero hour”. If we don’t effectively stop this outgoing spam from hitting recipients, we risk having our servers blocklisted. Yet by the time inbound spam filtering systems start reporting the telltale signatures of this “zero hour” spam to us, it may be too late to protect our reputation and save our servers from being blocked. What is inbound spam filtering? Inbound email is email that is sent TO your inbox. Inbound spam filtering is the act of filtering email that is sent to your inbox to ensure it is not spam. When spam is attempted to be sent to your inbox, most of the time your email service provider will block it using an inbound spam filter. Given that the number of spam emails sent worldwide every day far exceeds the number of legitimate email sent, inbound spam filtering helps to keep our inboxes safe, secure and manageable. How does inbound spam filtering work? Fundamentally, every spam filter is a classifier that attempts to accurately guess whether email recipients will consider a piece of email to be spam. Modern inbound spam filters combine inputs from a wide variety of machine and human-crafted logic to classify messages. Some systems use a technique called locality-sensitive hashing, which reduces each message down to a simple numerical representation, such that two email messages that are similar will have a similar representation. Others apply a large set of human-crafted rules, or heuristics, which attempt to identify aspects of the message that either increase or decrease the probability that the message will be seen as spam by a recipient. Why does my business need inbound spam filtering? Your email infrastructure is exposed when receiving SMTP connections. Attackers can send volumetric DDoS traffic to overwhelm your services, degrade network performance, or bring down end-user machines individually. Attackers can also take control of end-user resources or steal credentials. Today, inbound spam filtering is more about protecting end users from cybercrime than it is about removing annoying or unwanted messages. MailChannels Inbound Email Filtering MailChannels Inbound Email Filtering is a cloud-based spam filtering service designed to help web hosts protect their clients from malicious email threats. It is a reliable, cost-effective service for businesses of all sizes. With MailChannels, you can offer your clients premium spam filtering. Improve on the filtering accuracy of open source and legacy anti-spam systems by letting users and senders manage false positives themselves. Users can rest assured that good mail will not get lost or dropped. MailChannels Inbound Email Filtering is designed for both small-to-medium businesses and web hosting providers. How does it work? MailChannels Inbound Email Filtering utilises state-of-the-art anti-spam technologies to identify and block spam from entering inboxes. These technologies include locality-sensitive hashing, sender behavior analysis, heuristics, and testing for adherence to email standards such as DMARC. Our innovative DNS-based setup mechanism allows you to deploy thousands of domains without ever touching a server. Our globally distributed footprint and massive scale eliminates the potential for denial of service outage. With MailChannels Inbound Email Filtering, spam management per domain is simple and effective. Each mailbox user has their own login credentials where they can set their own spam policies and manage their whitelist and blocklist. Meanwhile, domain admins can set spam policies across the domain, without having visibility into the private details of individual users’ messages. With our simple, user-friendly interface, a log of emails with a drop down menu displaying viewing options of all email, blocked, flagged, quarantined, queued and failed can be seen. Users can choose to see the emails that have been quarantined by MailChannels IQ™ and whitelist or blocklist the sender. What is outbound spam filtering? Service providers and enterprises need to pay attention to the spam exiting their network in the outbound direction, because if left unchecked, outbound spam will cause the service provider’s network to be blocked by the rest of the internet. In an effort to stop inbound spam from harming users, sophisticated reputation systems track the amount of spam coming from each IP address on the internet. Systems block IP addresses that send too much spam, and rate limit those with questionable sending practices. But what if the IP address you are using to send email becomes blocked because spammers have somehow managed to send spam through it? Outbound spam filtering addresses this challenge. How does outbound spam filtering work? When you apply for a bank loan, the bank typically requests some personal identification, such as your name and social security number. This information uniquely identifies you within the credit reporting system, allowing the bank to view your credit history and to decide whether to give you a loan. In the world of spam prevention, IP addresses are analogous to social security numbers. The IP address is the only reliable identifying information that email receivers can use to identify the responsible sender of each message. When multiple users send email through one mail server, email receivers on the Internet can’t trust anything other than the IP address of the mail server, because spammers can provide fake email addresses or even impersonate legitimate users. However, an outbound spam filter can do a better job. Because the outbound spam filter is installed within your own network, you can program it to identify individual users based on their authentication credentials. For instance, whether they entered the correct password in order to send mail through the server. By tracking individual users, the outbound spam filter can identify spam-like behaviour on a user-by-user basis, and prevent spam from leaking out of the mail server’s IP address. This protects the mail server from becoming blocked by email receivers. What is IP blocklisting? A blocklist is a list of IP addresses or domains that are known sources of spam; often referred to as DNSBLs (Domain Name System Blocklists). The technology was built on top of DNS and most MTAs can be configured to reject or flag messages which have been sent from a blocklisted IP. It’s important to remember that a DNSBL is a medium and not a specific list or policy. Policy in this context refers to the criteria that a DNSBL applies to decide which senders should be blocklisted and which shouldn’t. The policy also includes criteria for being delisted and the process for communicating with blocklisted senders. There are two main types of blocklists; IP-based and domain-based. The IP-based lists include addresses of sending servers that are known spammers. Domain-based URI Blocklists (URI DNSBLs) are lists of domain names that appear within the email body. This blocklist will look for the URLs within the body of the email to see if it contains a domain that has been identified as a source of spam. Find out more about IP blocklisting, why it happens and how you can prevent it here. MailChannels Outbound Email Filtering MailChannels Outbound Filtering is a cloud-based email sending service which identifies and blocks spammers to ensure reliable email delivery. With Outbound Filtering, you can eliminate email delivery problems caused by IP address blocklisting. You can also automatically shut down compromised end user accounts and scripts to improve your security. Unlike conventional email services, MailChannels is the only service that accepts all of your email, including spam. MailChannels Transparent Filtering We also offer a transparent filtering system, designed for telcos, dedicated and VPS hosting providers. MailChannels Transparent Filtering is carrier-grade, on-site software that provides a fully transparent way to block the delivery of spam from your network to the Internet.