Site icon Mailtrap

The Whys and The Hows of Email Spam Filters

This is a cover image for an article that explains how Spam Filters work in emails.

Spam filters keep away most of the spam and phishing emails circulating online. It’s thanks to them that our inboxes don’t get cluttered with emails from wealthy princes promising to donate their whole fortune. 

But how do spam filters identify and stop spam? Read on to find out. 

What are email spam filters, and why should you use them?

Spam filters are just like regular, real-life filters, but instead of your coffee, they filter messages. They act as barriers between you and malicious actors. 

In technical terms, a spam filter is an application or software that analyses incoming emails to detect unsolicited, harmful, ‘spammy’, or malware-infected messages. It then either quarantines, rejects, or places such emails in a junk folder. 

By doing so, it protects users from:

Spam filters can also work the other way around. Outbound email filters won’t allow you to send emails that contain suspicious elements. This could be the lack of a subject line, excessive links, or overuse of spam-triggering words. Either way, such emails will bounce back, and you’ll receive non-delivery reports. 

False positives and negatives 

False positives occur when an email spam filter identifies a perfectly legitimate email as spam. This can happen to organizations sending important transactional emails or businesses sending marketing campaigns. 

In that case, password reset, email verification, or welcome emails will end up in the spam folder. 

False negatives occur when a spam email slips through the filter and reaches the inbox. In that case, the user can mark the email as spam manually so that similar emails are classified as spam in the future. 

What are the types of spam filters? 

We can differentiate between the types of spam filters based on their deployment and the factors they evaluate. 

Types of spam filters based on deployment 

Based on deployment, spam filters can be on-premises, cloud-based, or software-based. 

On-premises or gateway spam filters 

On-premises spam filters are physical devices that operate using specific pre-defined rules. They sieve through inbound emails and, based on configuration, block, quarantine, or delete spam messages. 

Why these are great 

Where they fall short 

Cloud-based, server-side, or hosted spam filters 

Cloud-based spam filters are hosted on the cloud instead of the physical server. The deployment involves modifying the MX records to point to the spam filtering solution. They act as relays that sort through emails before they reach your network. 

Why these are great 

Where they fall short 

Software-based or client-side spam filters 

Software-based spam filters are software and applications that you download on your machine. These are hardware-dependent and should be installed on each computer separately. They can be used alongside email management applications, which provide greater control over unwanted emails.

Why these are great 

Where they fall short 

Types of spam filters based on the factors they analyze

With the deployment out of the way, let’s differentiate between the types of spam filters based on the factors they check. 

Keep in mind that spam filtering technologies are constantly developing. As we speak, researchers are running tests to improve machine learning algorithms and find the most optimal solutions for detecting all sorts of spam emails. The types of filters we cover below are the most common and have proven to be effective.

Content filters 

As you’d guess from the name, content filters analyze the content of the emails to determine their legitimacy. They examine all parts of the message, including the headers, subject line, footer, links, and images. 

The idea behind such filters is that spammers usually use the same words in most emails. They have a specific vocabulary designed to invoke various emotions in the recipient. These could be the sense of urgency, fear, or the desire to grab the best deal. 

As a result, the recipients may get lured into opening emails or clicking suspicious links. 

So, content spam filters will look for the words that spammers usually exploit. 

Why these are great 

Where they fall short 

Header filters 

Header filters check email metadata to find inconsistent and falsified information. They typically check the following factors: 

Why these are great 

Where they fall short 

Blacklist filters 

Blacklist or block list email filters check the sender’s IP address against Domain Name System blocklists (DNSBLs). They immediately block emails coming from senders whose IP addresses appear in any of the well-known blacklists, such as Barracuda, Spamrbl IMP-SPAM, PSBL, and others. 

Why these are great 

Where they fall short 

Machine learning algorithms 

Machine learning (ML) algorithms are commonly used in email spam filtering technologies to classify emails into spam and non-spam. Most of these algorithms are supervised machine-learning methods. 

These models use an existing dataset, which they get trained on. Based on the training data sets, they can make predictions about new emails and successfully classify them into spam and ham (non-spam). 

Common supervised ML algorithms include Naive Bayes, Neural Networks, Decision Trees, and others. While not perfect, the Naive Bayes has proven to be the most effective. 

Filters that operate using the Naive Bayes algorithm are called Bayesian filters. 

Certain words have a higher probability of appearing in spam filters. Based on this notion, Bayesian filters are taught about words with a high spam probability. 

When the email arrives, they analyze word probabilities (or likelihood functions) against all words in the email. If the ratio is high enough, the email will be considered spam. It learns new spam words based on each email the user marks as spam. 

Why these are great 

Where they fall short 

Rule-based filters 

Moving on to the rule-based filters, these bad boys are pretty self-explanatory. They filter messages based on pre-defined rules, such as specific words, senders, or even phrases. Emails meeting one of the set rules will automatically be sent to the spam folder. 

Why these are great 

Where they fall short 

Language and country filters 

Language filters are designed to block emails written in a language different from the recipient’s native language. Since spammers tend to target people worldwide, spam emails written in foreign languages are common. 

Similarly, country filters allow users to block emails coming from foreign countries. 

Why these are great 

Where they fall short 

Source authentication filters 

Source authentication spam filters check the authentication protocols of the sender’s domain. Since spammers change email addresses and domains frequently, they might not have authentication protocols in place, such as SPF, DKIM, and DMARC

Source authentication filters check the MX and A records to determine whether the domain is legitimate or not. If such records don’t exist, they will send emails straight to the spam folder. 

Why these are great 

Where they fall short 

Challenge-response filters 

When the email arrives, challenge-response filters send a reply containing a specific challenge to the sender. If the domain is legitimate, the email is received, and the challenge is solved, the sender is considered legitimate. 

A challenge-response filter is based on two main ideas: 

The challenges may include sending an unaltered reply, completing a CAPTCHA, clicking a link, etc. 

Why these are great 

Where they fall short 

How do spam filters work? 

Typically, none of the email providers or ISPs will use only one type of filter. It’s the combination of various filtering technologies that creates a strong barrier between the recipients and ransomware-filled emails. 

A standard spam filtering scheme is like an onion with layers of filters to ensure email security. And as you peel back each layer, fewer and fewer emails remain on their way to the inbox. 

The emails will first go through the content filters that will conduct keyword analyses to identify spam. Then, the header filters will examine the metadata. Blacklist filters will query DNSBLs to verify if any of the sender IPs were blacklisted. 

At this point, the rule-based filters will come into play. They will apply pre-defined rules set by the user in their email client. The last stage is a challenge-response filter that will conduct verification. 

In terms of supervised ML algorithms, MLs will be fed both ham and spam emails to understand the differences between them. Then, after the implementation, they will use categorical separation to classify incoming new emails into ham and spam.

How do email service providers’ spam filters work? 

Email service providers such as Gmail, Google Workspace, Microsoft 365 (former Office 365), Outlook, Yahoo!, AOL, Hotmail, and others never reveal how they block spam. 

If they did, spammers would be quick to adapt their strategies. Apart from general information and recommendations, we don’t know how their spam filters work. 

Here’s what we do know: 

What triggers spam filters? 

Spam filters will have different triggers based on their type, but, generally, the most common triggers include the following: 

The most popular spam filter software 

You have multiple options if you’re looking for spam filter software. The most popular and reliable spam filters include (but are not limited to):

The choice of spam filter software will hugely depend on the size of your business, technical resources, number of mailboxes, and specific needs. Read our blog post on spam checkers to find more options with detailed reviews. 

Avoiding spam filters when sending emails 

Is it enough to avoid spam trigger words to deliver messages to the inboxes? Not really. A lot goes into achieving high email deliverability rates, especially if you’re sending marketing emails to email lists. 

To prevent emails from ending up in the spam folder, you should: 

For more details and tips, read our dedicated blog post or watch this video

One of the most important steps you can take to avoid spam filters is using a reliable email infrastructure. This includes not only a sending solution but also an email testing tool to reduce the spam score before targeting recipients. 

Mailtrap is an Email Delivery Platform that offers both solutions: Mailtrap Email Testing for debugging emails in staging and Mailtrap Email Sending for sending emails in production. 

Try Mailtrap for Free

Mailtrap Email Testing is an Email Sandbox that captures all the SMTP traffic and allows you to closely inspect their spam score, check HTML elements, troubleshoot sending issues, or view tech info to see SMTP transaction information. 

Email Testing’s Spam Checker feature is particularly useful if you want to prevent emails from going to spam. It verifies the content of your emails using the SpamAssassin filter, assigning a specific score. Anything below 5 is considered optimal, while anything above that threshold will most likely go straight to the spam folder. 

But only a score doesn’t tell you the problems with your emails. So, the Spam Checker also provides information about the rules that gained the highest score. These rules can be missing header data or the presence of an external image. With this information, you can then make the necessary fixes and test your emails again until you lower your score below 5. 

Additionally, Email Testing’s Spam Checker provides a Blacklist Report. It analyzes the most popular blacklists to check if your IP address has been blacklisted in any of them. If you did get blacklisted, you can click the name of the blacklist. The link to their website is hyperlinked, and you can follow their instructions to get delisted. 

And to take things further, you can also inspect HTML Source and HTML Check tabs to find HTML elements that might not be supported by various clients. 

After refining your emails in staging, you can send them to recipients with Mailtrap Email Sending. It’s an email infrastructure with high deliverability rates by design. 

Email Sending provides automatically generated SPF, DKIM, and DMARC records for your sending domain for easy verification. This is the first step in building your reputation as a trustworthy sender. 

Once you send out the emails, you can analyze their performance with actionable analytics offering robust monitoring capabilities. You can control the state of your infrastructure with drill-down reports and helicopter-view dashboards. 

That’s it! Now you know how spam filters work and how to avoid them. Keep an eye on our blog and YouTube channel to learn more about email deliverability.

If you’re curious about the role AI plays in spotting spam, also make sure to give our tutorial a watch:

Exit mobile version