What is Email Filtering?

Email filtering definition

Email filtering is a method of email security that involves identifying and sorting emails that are deemed non-productive, spam, or malicious. Email filters will move unwanted emails into a junk folder to avoid a cluttered email inbox. They can also manage outbound email traffic to reduce risk of data leakage.

How does email filtering work?

Email filters work by assessing inbound and outbound email traffic. Emails enter a gateway that scans for a sender’s identity, key words in an email header or content, and attached links. This ensures that all contents of the email are legitimate and do not pose a threat to the user or wider systems.

Types of email filtering

Reputation based

This method of email filtering assigns a reputation score based on known factors such as IP, URL or domain reputations and past sending behavior. Depending on this score an email may be deemed unwanted or malicious and be stopped from entering a user’s inbox.

Blocklists

Unlike reputation based email filtering which looks at a broader set of metrics, blocklists (or blacklists) look for senders explicitly connected with malicious or unwanted activities and stop related messages from reaching user’s inboxes.

Content analysis

This method of email filtering allows organizations to identify key words or attachments that an email might contain and deny access to a user’s inbox based on pre-defined terms. For example, an email may be blocked if connected to the phrase ‘crypto’.  

Types of email filters

Spam filters

Individuals and businesses receive hundreds of spam messages every day. Most email software comes equipped with built-in spam email filters, that can automatically detect and filter out unwanted messages. These messages might contain malicious links, content, or phishing attacks. 

Firewalls

This is a system that protects the network from unwanted traffic. Based on what the organization or security operators have identified as unwanted, the firewall system can stop all SMTP or other email traffic that corresponds with these rules.  

Secure Email Gateway (SEG)

A secure email gateway (SEG) or a secure email server (SEC) is a type of email security software that sits between inbound and outbound email communication. Every email that is sent to and from an organization passes through this gateway to ensure that its contents are not malicious or a sign of a data leak. It prevents unwanted emails in user inboxes like spam, phishing emails, emails containing malware, and more. Email gateways often provide the first line of defense for email security. 

Why is email filtering important?

In addition to being the primary form of communication for most businesses, emails often contain sensitive information such as financial data or customer information. The quantity of emails sent and received and the contents they contain make email a primary attack path for cyber criminals. Also, a cluttered email inbox can reduce productivity in employees, making email filters important for improving business productivity and continuity.

Cybercriminals are constantly attempting phishing campaigns or using nuanced attacks like social engineering tactics to trick users into giving away valuable information or login credentials. Lack of appropriate training or email filters can lead to compromised email accounts, data breaches, and malware infections.

Email Security Vendors: Darktace’s Approach to Email Security

Darktrace's revolutionary approach to email security doesn't rely on insights gleaned from past data. Instead, it develops in-depth insights into the usage patterns of each setting and user.

By analyzing this information, Darktrace / EMAIL can quickly detect, flag, and address deviations. Our leading AI technology develops a typical usage profile for every user, which includes their relationships, link-sharing patterns, tone and sentiment, content, and more.

Darktrace / EMAIL stops sophisticated security risks to businesses through email fraud, such as generative AI attacks, data loss, supply chain attacks,  account takeovers, BEC, and ransomware, by understanding the human behind email communications instead of just basing strategies on past attacks.

Try our free demo or find out more about Darktrace / EMAIL in our Solution Brief.