The Email Line of Defense

dc - The Email Line of Defense - graphic1Email has long been a favorite target of cyber criminals, with “phishing” being the most common form of attack. 

In fact, out of the estimated 347 billion emails that are sent every day, roughly 3.4 billion of them are malicious. 

As a percentage, that may not seem like a lot, but given the sheer number of bad messages being blasted out on a daily basis, it’s no wonder that more than a third of all data breaches involve email.

Because of this, email scanning and filtering needs to be high on every organization’s list of security measures. Not just to declutter spam from inboxes, but also to protect from much more catastrophic attacks.

How email scanning and filtering works

A robust scanning and filtering system employs a combination of techniques, including:

dc - The Email Line of Defense - icon1Content inspection: Email scanning tools analyze the content of an incoming email, including text, attachments, and embedded links. This content is then compared against known patterns and signatures associated with malware, phishing attempts, and spam.

dc - The Email Line of Defense - icon2
Sender reputation analysis
: When an email arrives, the sender’s domain and IP address is analyzed to ensure the message is from a legitimate source.

dc - The Email Line of Defense - icon3
Machine learning (ML)
: ML algorithms are used to detect anomalies in email content and behavior.

dc - The Email Line of Defense - icon4
URL and attachment analysis
: Scanning tools are used to identify links and attachments that may lead to malicious websites or contain malware.

dc - The Email Line of Defense - icon5
Blacklists and whitelists
: IT administrators maintain lists of trusted senders (whitelists) and known bad actors (blacklists). They then use these lists to customize email filtering rules.


What email scanning and filtering protects you from

As noted above, phishing is the most common type of email attack. What is phishing? We recently published an entire article on the subject where we broke it down like this:

Victims of successful phishing attacks often miss signs that an email they’ve received is fraudulent. Sometimes this can be chalked up to simple inattentiveness on the part of the recipient. But as scams have become more sophisticated, even the most vigilant can be bamboozled.

Here’s how phishing attacks commonly work:

dc - The Email Line of Defense - icon6
An email is sent that appears to be from a well-known entity, such as Amazon, Microsoft, or DocuSign

dc - The Email Line of Defense - icon7
The subject line of the emails appears legit (e.g., spelled correctly) and warns of a potential breach that requires the recipient to reset their password or check that their credentials are correct

dc - The Email Line of Defense - icon8
The body of the email is well-designed, complete with company logo and other graphics


Phishing protection is not, however, the only area where email scanning and filtering benefits businesses. Reasons for a company to scan and filter include the following:

dc - The Email Line of Defense - icon9Protection against malware: Malicious software like viruses and ransomware often find their way into systems via email attachments or links. Scanning and filtering can identify and quarantine these threats before they can infect a device or network.

dc - The Email Line of Defense - icon10Spam reduction: Junk emails can crowd inboxes and waste valuable time. Filtering automatically categorizes and moves spam emails to a separate folder so that users only see legitimate messages.

dc - The Email Line of Defense - icon11Compliance and data protection: Many industries must adhere to strict data protection regulations. Email scanning and filtering ensures compliance by identifying and addressing emails that contain sensitive information or violate security policies.

dc - The Email Line of Defense - icon12
Improved productivity
: By reducing the flood of unwanted emails, scanning and filtering allows people to focus on essential tasks without the distraction of spam and malicious messages.


The role of IT in email scanning and filtering

Email providers like Microsoft and Google have tools baked into their services to flag and reroute bad emails. While these tools are always improving, IT still plays a critical role in keeping inboxes safe.

For example, IT experts are often in the position of evaluating and choosing the most suitable email scanning and filtering tools for their organization’s needs, and are tasked with ensuring these solutions are seamlessly integrated into the existing email infrastructure.

IT administrators also configure email scanning and filtering settings to align with best security practices and user preferences of their organization. This is often a bit of a wire act, since legitimate emails routed to junk folders serve the interests of no one.

Then there’s the act of monitoring and setting up alerts, where IT continuously monitors email traffic — and keeps tabs on the latest scams — and sets up alerts to notify staff of potential threats or system issues.

But perhaps the most important role of IT in ensuring emails are safe is in educating users. People are busy, and given the sheer amount of emails most people receive daily, it can be easy for them to let their guard down. 

By regularly educating employees about the importance of email security — and providing training to recognize and report suspicious messages — IT can go a long way toward stopping the human errors that often lead to damaging attacks.

dc - The Email Line of Defense - graphic2

Scan, filter, and stay safe

As much as we may want it to, email isn’t going away anytime soon. It’s too integral to our personal and professional lives, too entrenched in our digital identities at this point to abandon altogether.

At the same time, criminals are going to continue using email as a means to steal credentials, deliver malware into systems, and kickstart their ransomware attempts.

By implementing best practices for scanning and filtering email messages as they arrive, companies can put in place a strong (although not impenetrable) line of defense against these and other malicious acts.

dc - The Email Line of Defense - cta


Russ is Vice President and CTO of Dynamic Computing. He sets the vision for our technical staff and provides the highest level of support with complex problems. Russ knows Dynamic Computing inside and out, and he’s helped build the company from a handful of clients with simple networks to a thriving, complex managed IT service. He sets the vision for our technical staff and provides the highest level of support for complex installations and any challenging issues that arise. He also relentlessly evaluates new technologies and security best practices and determines how and when to implement improvements for our clients. Russ holds a degree in Business Administration with an Information Systems concentration from the University of Washington. Outside the office, you’re most likely to encounter him skiing, playing sports, or spending time with his family.