4 Mistakes You’re Making With Your Spam Filter (And How To Fix Them)

By: Bill Walter

Adjusting your spam filter to the right level of sensitivity is one of the most important steps you can take to defend your network from harmful email malware. However, it’s easy to miss an important email if you set your sensitivity too high.

How do you find the right sensitivity level so you aren’t missing out on important messages, while still protecting yourself from a harmful virus?

It starts with whitelisting, and it’s essential to blocking potential viruses from slipping through your inbox.

How Does Whitelisting Work?

Spam filters use various detection methods to prevent malicious emails from reaching your inbox. Unfortunately, these detection methods can sometimes characterize legitimate emails as spam. These false positives can occur because of specific wording, attachments or links within an email.

Whitelisting can help ensure you receive emails from specific senders and domains.

Whitelisting helps make sure your important emails aren’t continuously caught in your spam filter. However, it’s essential to note that once an email address or domain is added to the whitelist, this setting will bypass any spam filter protection and deliver the email to your inbox whether or not there is malicious content in the email. That’s why you need to create a whitelist that passes legitimate emails to your inbox while limiting potentially dangerous emails.

The Best Way To Set Up A Whitelist

Here are some best practices for adding emails to your whitelist:

  1. Limit whitelisting to specific emails instead of domains whenever possible.
  2. Avoid whitelisting generic email addresses like noreply@domain.com and accounts@domainexample.com.
  3. Avoid whitelisting email addresses and domains for email services like banking, shipping, retail, online services, free email services, internet service provider email accounts, or major device manufacturers. This includes companies like Wells Fargo, Bank of America, FedEx, Microsoft, eFax, Aol, Gmail, SharePoint, HP and more. These email domains are highly targeted for spoofing and malicious activity. Valid emails from these sources should pass the spam tests and deliver to your inbox.
  4. Never whitelist email addresses or domains for your own company. The spam filter protects emails sent from external email addresses. Legitimate company emails to and from your company process internally and will not be scanned by the spam filter. Adding your company emails or domains to the whitelist creates a vulnerability where a malicious attacker can spoof company email addresses which bypass the spam filter protection.

Spam protection is evolving with the continuous advancements of malicious activity. However, you should still always use email best security practices when reviewing a sender’s email address, clicking on links and opening attachments. Download our free cyber security guide to get a brief course on cyber security best practices.

The #1 Way To Prevent A Cyber Intruder

Whitelisting is the first step to preventing an email hacker from penetrating your business, but the #1 way to prevent a cyber disaster is to educate your staff on basic cyber security best practices.

There are a few basic rules for identifying a phishing, spear-phishing or spoofing email. While hacking attempts get increasingly sophisticated, there are a few tried-and-true methods to identifying them that remain the same.

For many organizations, it’s not a matter of if you’ll get hacked but when. Be diligent about your backup software to make sure it’s ready in case of a cyber security breach. Disperse an internet usage policy to your staff, invest in cyber security training, and keep your workstations and software updated to avoid a hack. Using those methods in conjunction with your new whitelisting knowledge will help keep hackers at bay.

Need Help?

Do you know how a hacker is most likely to enter your network? Contact us here or schedule a session with our Network Detective to discover the vulnerabilities hiding in your network.

Published June 5, 2019

Cyber Security Wake-Up Call: What’s Putting Your Organization at Risk?

Learn how to lessen your exposure to cyber threats in this free webinar recording.

Cyber Security Wake-Up Call Screen Play

Small Businesses — Be On the Lookout for These Cyber Threats

If you think you’re immune to cyberattacks as a smaller-sized business, you’re wrong. Attackers don’t just pass small...

Threats and Vulnerabilities to Monitor This Cyber Security Awareness Month

Have you ever received an email from an unfamiliar source and wondered, “How did they know that information?” or “How...