IT Guide

Understanding Content & Spam Filtering For SMB's

small business employee h

Let's explore the growing problem of spam and malware, and how content and spam filtering solutions can help protect your business.

Picture this. Your client calls to tell you that they did not receive the important email you sent and they were expecting. On a call with your client, you find your email landed in their junk mail. No harm. It happens.

Then, more clients complain. Your emails are in spam or lost in cyber space. When you check on your end, your emails are clearly in your sent items folder, but they are nowhere to be found in the clients’ inbox.

You call IT and ask them to fix your email. What you don't know yet is that everything is working as intended. Your emails are intentionally blocked by spam filters. Why? Well, because your computer is infected with malware that turned it into a spam bot. The fix will actually be far more complex than you expected because your entire domain is blacklisted and marked as a spammer.

But you're not a spammer! You’re one of the good guys! Now what?

A Brief Overview

Let's take a look at content and spam filtering tools, how they work, and the value of implementing them for your business to prevent problems like the scenario outlined above.

Content and spam filtering are two important parts of an overall IT Security framework for every business - small and large. Often, small business owners mistakenly believe that using antivirus software means that they have covered their IT Security needs. Antivirus software ranges in effectiveness. It should be one part of a layered IT Security approach - not a stand-alone solution.

In short, antivirus and spam filters work hand in hand to scan emails and attachments to protect you from viruses, phishing scams and malware. Content filters protect from the same threats but in a different way. They score web pages for threats and block them. Now let’s better understand these tools, and how they work for you.

Spam Filtering Solutions

45% of all emails are spam emails – that's almost half of all emails sent out.

An inbound spam email can infect a computer with a virus or worse. Malware can cause a computer to serve as a spamming bot.

This in turn can render your own domain to be marked as an unsafe domain, added to Real Time Blacklist databases, and have your outgoing emails blocked and rerouted by spam filters. Getting removed from these blacklists is difficult and time consuming.

This is why it is important to invest in the right tools and cyber security awareness training for your team. Preventative cyber security habits, as well as good content and spam filtering tools help protect against these growing threats.

Spam Filtering Tools

Spam filtering tools and providers identify and block unsolicited and risky email. They work by inspecting inbound and outbound email for trust signals that raise or lower a messages spam score based on predefined criteria. That includes inspecting:

  • the email content
  • the email sender (the part before the @)
  • the sender domain (the part after the @)
  • the sending mail server (this can be your web host, or preferably Office 365 or G Suite)

If the email fails the spam filters, it will be classified as spam and either not delivered or sent to a recipient’s junk folder.

How aggressive or relaxed the target spam counter is set as is dependent on the filter provider and how their inspection and classification rules are configured.

Spam Scoring Criteria – or Why is my email being marked as spam?

The type of things that will raise or lower a spam score and mark an email as spam are outlined below.

Message Content

Content is the most heavily weighted scoring mechanism of the lot. If an email message looks like spam, walks like spam and talks like spam, it is marked as spam.

Domain Reputation

Has the domain been on a blacklist in the past? Or is it on one presently?

Has the domain been registered only recently, or has it been around long time? New domains receive a higher spam score.

Does the domain contain the proper DNS records for email transactional trust?
Be sure to use the right domain and email solutions to avoid problems pertaining to your domain and DNS records.

SPF - Sender Policy Framework

SPF is an anti-spam approach whereby the email sender’s domain is scored for threat risk.
For example, when you setup your SPF, you document which servers are authenticated to send mail on your behalf, via your domain and business email addresses at that domain. If a mail server sends an email, and that email server is not part of the SPF record, it is rejected. This protects your domain and others from receiving spam forged to look like it is coming from your organization.

You have likely received a phishing email at some time which appeared to be from one organization, but in fact was a spoofed email from a malicious sender. These emails are utilizing Sender Address Forgery, and this is exactly what a DNS SPF record fights against.

DKIM - Domain Keys Identified Mail

DKIM signatures are used to authenticate emails by adding a predefined header to each email message, which is protected by encryption at the mail server level and verified that the email is authorized by the sending domain. When the email is received, the recipient’s incoming email server checks the DKIM signature to confirm that a message was in fact sent from the authorized domain. DKIM records help improve the deliverability of your outgoing emails by authenticating you and your domain as trusted senders. You can use your Sender Policy Framework, DKIM and DMARC tools in tandem to reduce cyber crime and protect your business from being used to send malicious emails via your domains.

DMARC - Domain-based Message Authentication, Reporting and Conformance

DMARC is an email validation tool that protects your domain and email addresses from being used in email phishing and spoofing campaigns and protecting your domain security.

DMARC builds on SPF and DKIM and adds a reporting functionality to allow you to gain insight into who is sending email on your behalf. Publishing a DMARC record into your DNS record will give you visibility in to and control over your email communications.

This in-depth explanation of DMARC is perfect for more technical readers. For business owners, your key takeaway is to ensure you have domain protection tools such as SPF, DMARC and DKIM in place.

This is by no means an exhaustive list of spam scoring criteria, however it gives you an overview of the common areas every business owner should explore and take control of to protect their valuable domain and email channel.

Content Filtering Solutions

Content filters function similarly to spam scoring and filtering and share many of the same trust level indicators. Additionally, artificial intelligence can crawl and inspect websites to classify the ‘site type’. Once a site is classified (eg. Business, sports, commerce, social, etc). it can be blocked by a content filter.

As a business owner, you can opt to cast a wide net and block all websites of a category (block all social media) or you can block sites more narrowly using rules within your tools.

Eg. if site exists in a specific category and also has a low trust score then block it (e.g. block Facebook on all company owned computers).

You may want to filter web traffic for many reasons. Here are a few.

Employee Productivity

The temptations are great for staff to spend all day on Facebook or Twitter or Reddit. They design these sites specifically to be time sinks and the longer they have your eyeballs, the more advertisements they can show you. These sites rob your business of the productivity of your staff. It is perfectly reasonable to block Facebook from work computers or during work hours to mitigate this time sink.

Business Owner Legal Liability

Did you know that you may be liable for what your employees do on your computers and internet connection? Employees can cause a data or privacy breach that you must report to authorities and clients. Employees can spend their lunch hour watching illegal streaming content, which you may think it is harmless enough, until your Internet Service Provider sends you a cease and desist letter.


Business owners have been given this solid advice so many times that you have either already adopted it or are numb to it. If you have not yet adopted good antimalware/antivirus tools, do it now. Free tools are not adequate as they lack active filtering which catch most threats.

To improve your cyber security, increase your employees' productivity, and reduce legal liability – whitelisting safe websites, blacklisting unsafe content, web filtering and content control are essential. As an SMB, configuring these cyber security tools may be challenging without in house IT staff. Since IT management is complex, hiring comprehensive IT management services to setup, configure and maintain your IT security is recommended.

To learn more about web filtering and IT Security, read our guide on Understanding Endpoint Protection Detection For SMB's.

Using Firewall And Endpoint Software To Blacklist Websites and Filter Spam

There are many defense mechanisms that can be employed to protect you from spam and malicious websites.

At The Source

Your email server will have its own spam filtering capability. If you are using G Suite or Office 365, this is largely pre-configured for you. If you use email from your web host provider, they will often employ spam assassin from Apache foundation which will require a bit of configuration and tuning on your end.

In Front Of The Source

There are many third-party spam filters that deploy a cloud service in front of your mail server and filter out spam before it even gets to your email host. This is typically done by changing your DNS record to route your mail to the spam filter first, who will then reroute it back to your email server. Some leaders in this area are Barracuda, Proofpoint and Ironscales.

At The Network Perimeter

The delineation point that separates the internet from your network is a firewall. A capability of many firewalls is content inspection, classification and blocking. This is a powerful tool in your protection arsenal and shouldn’t be downplayed. While most security focus is (legitimately) placed on the endpoint now, the more that you can filter out at each stage of digital traffic, the more you reduce your risk of being exposed to an infected email/website.

Learn more about perimeter security in this guide.

At The Endpoint

This is your second last line of defense and a fast growing area of IT Security. If spam/phishing or malicious websites have bypassed all your other filtration techniques, software running on the endpoint (computer, tablet) should find and remove whatever is left, depending on the quality of the endpoint protection software.

There are some subpar applications in this department and most of the worst ones are the big names you know. They have great marketing departments but sub par programmers. Work with an IT Consultant to get quality tools in place, such as BitDefender endpoint protection or ESET NOD32. A great endpoint scanner is the built in Windows defender. It has come a long way from its humble roots and is often on-par and sometimes better than the top shelf endpoint protection software.

At The Fingertip

The very last line of defense is with the user’s behaviour.

The Chubb's Third Annual Cyber Report reveals that educating employees on IT security is crucial for SMBs looking to prevent cyberattacks. It's not only the technical aspects of your business that make it susceptible to data breaches – untrained employees and human error cause just as many breaches.

User education is an important layer of your overall cyber security plan. Nothing is better for IT security than developing a culture of security with the people that are the targets of cyber crime – your employees.

Your employees, especially new ones, need to be educated on online cybersecurity best practices to protect themselves and your business against malicious intent. By generating awareness of security threats and how your employees are likely to encounter them, employees new and old will know precisely what procedures to follow when they identify a risk.

There will come a time when something bypasses all the normal layers of protection and the only thing keeping you safe is your staff thinking that a message looks a bit odd or that something is different with the banking site today. That kind of permanent, on-guard attitude needs to be fostered and trained.

Ask your IT Provider to provide phish testing to your team to see who passes and fails, and to use the info to train everybody, or to focus your training efforts.

Choose Your Response To Cyber Crime

As a small business owner, it might be disheartening to hear large corporations fall victim to cyber attacks and data breaches. After all, if the big guys can sometimes let their guard down, you might wonder how your small business can survive these threats.

The answer is adoption. Large corporations can be incredibly slow at making important changes. SMB's are far more agile and responsive. You can choose to respond to the threat landscape by implementing best practices without further delay.

TUCU is a Toronto IT Support Services provider dedicated to providing comprehensive IT management services to SMBs. Let us help you thrive by managing your content and spam filtering and cyber security for your business, or browse our free IT guides to learn more.

Get Small Business IT Experts On Your Side

We Fix Techaches and make people happy. Book your free consult now.