Email filtering is a method of email security that involves identifying and sorting emails that are deemed non-productive, spam, or malicious. Email filters will move unwanted emails into a junk folder to avoid a cluttered email inbox. They can also manage outbound email traffic to reduce risk of data leakage.

‍

Email filters work by assessing inbound and outbound email traffic. Emails enter a gateway that scans for a sender’s identity, key words in an email header or content, and attached links. This ensures that all contents of the email are legitimate and do not pose a threat to the user or wider systems.

Reputation based

‍This method of email filtering assigns a reputation score based on known factors such as IP, URL or domain reputations and past sending behavior. Depending on this score an email may be deemed unwanted or malicious and be stopped from entering a user’s inbox.

Blocklists

‍Unlike reputation based filtering which looks at a broader set of metrics, blocklists (or blacklists) look for senders explicitly connected with malicious or unwanted activities and stop related messages from reaching user’s inboxes.

Content analysis

‍This method of email filtering allows organizations to identify key words or attachments that an email might contain and deny access to a user’s inbox based on pre-defined terms. For example, an email may be blocked if connected to the phrase ‘crypto’.  

Spam filters

Individuals and businesses receive hundreds of spam messages every day. Most email software comes equipped with spam filters that can automatically detect and filter out unwanted messages. These messages might contain malicious links, content, or phishing attacks. 

Firewalls

‍This is a system that protects the network from unwanted traffic. Based on what the organization or security operators have identified as unwanted, the firewall system can stop all SMTP or other email traffic that corresponds with these rules.  

Secure Email Gateway (SEG)

A secure email gateway (SEG) or a secure email server (SEC) is a type of email security software that sits between inbound and outbound email communication. Every email that is sent to and from an organization passes through this gateway to ensure that its contents are not malicious or a sign of a data leak. It prevents unwanted emails in user inboxes like spam, phishing emails, emails containing malware, and more. Email gateways often provide the first line of defense for email security. 

‍

In addition to being the primary form of communication for most businesses, emails often contain sensitive information such as financial data or customer information. The quantity of emails sent and received and the contents they contain make email a primary attack path for cyber criminals. Also, a cluttered email inbox can reduce productivity in employees, making email filters important for improving business productivity and continuity.

Cybercriminals are constantly attempting phishing campaigns or using nuanced attacks like social engineering tactics to trick users into giving away valuable information or login credentials. Lack of appropriate training or email filters can lead to compromised email accounts, data breaches, and malware infections.

Darktrace has developed a fundamentally different approach to email security, one that doesn’t learn what’s dangerous from historical data but forms an in-depth understanding of each organization and its users.

Darktrace / EMAIL focuses on individuals - how each person uses their inbox and what constitutes “normal” for each user - in order to detect what’s not normal. Our AI technology builds profiles for every email user, including their relationships, tone and sentiment, content and link sharing patterns, and thousands of other signals.

Because Darktrace understands the human behind email communications rather than knowledge of past attacks, it can stop the most sophisticated and evolving email security risks like generative AI attacks, BEC, account takeover, supply chain attacks, data loss, and ransomware.  

To learn more about Darktrace / EMAIL read our Solution Brief.