Email filtering is a method of email security that involves identifying and sorting emails that are deemed non-productive, spam, or malicious. Email filters will move unwanted emails into a junk folder to avoid a cluttered email inbox. They can also manage outbound email traffic to reduce risk of data leakage.

‍

Email filters work by assessing inbound and outbound email traffic. Emails enter a gateway that scans for a sender’s identity, key words in an email header or content, and attached links. This ensures that all contents of the email are legitimate and do not pose a threat to the user or wider systems.

Reputation based

‍This method of email filtering assigns a reputation score based on known factors such as IP, URL or domain reputations and past sending behavior. Depending on this score an email may be deemed unwanted or malicious and be stopped from entering a user’s inbox.

Blocklists

‍Unlike reputation based email filtering which looks at a broader set of metrics, blocklists (or blacklists) look for senders explicitly connected with malicious or unwanted activities and stop related messages from reaching user’s inboxes.

Content analysis

‍This method of email filtering allows organizations to identify key words or attachments that an email might contain and deny access to a user’s inbox based on pre-defined terms. For example, an email may be blocked if connected to the phrase ‘crypto’.  

Spam filters

Individuals and businesses receive hundreds of spam messages every day. Most email software comes equipped with built-in spam email filters, that can automatically detect and filter out unwanted messages. These messages might contain malicious links, content, or phishing attacks. 

Firewalls

‍This is a system that protects the network from unwanted traffic. Based on what the organization or security operators have identified as unwanted, the firewall system can stop all SMTP or other email traffic that corresponds with these rules.  

Secure Email Gateway (SEG)

A secure email gateway (SEG) or a secure email server (SEC) is a type of email security software that sits between inbound and outbound email communication. Every email that is sent to and from an organization passes through this gateway to ensure that its contents are not malicious or a sign of a data leak. It prevents unwanted emails in user inboxes like spam, phishing emails, emails containing malware, and more. Email gateways often provide the first line of defense for email security. 

‍

In addition to being the primary form of communication for most businesses, emails often contain sensitive information such as financial data or customer information. The quantity of emails sent and received and the contents they contain make email a primary attack path for cyber criminals. Also, a cluttered email inbox can reduce productivity in employees, making email filters important for improving business productivity and continuity.

Cybercriminals are constantly attempting phishing campaigns or using nuanced attacks like social engineering tactics to trick users into giving away valuable information or login credentials. Lack of appropriate training or email filters can lead to compromised email accounts, data breaches, and malware infections.

Darktrace's revolutionary approach to email security doesn't rely on insights gleaned from past data. Instead, it develops in-depth insights into the usage patterns of each setting and user.

By analyzing this information, Darktrace / EMAIL can quickly detect, flag, and address deviations. Our leading AI technology develops a typical usage profile for every user, which includes their relationships, link-sharing patterns, tone and sentiment, content, and more.

Darktrace / EMAIL stops sophisticated security risks to businesses through email fraud, such as generative AI attacks, data loss, supply chain attacks,  account takeovers, BEC, and ransomware, by understanding the human behind email communications instead of just basing strategies on past attacks.

Try our free demo or find out more about Darktrace / EMAIL in our Solution Brief.