GET A DEMO
See why 9,000+ companies trust Darktrace
Thanks, your request has been received
A member of our team will be in touch with you shortly.
YOU MAY FIND INTERESTING
Five Key Takeaways from Black Hat 2023
Hives & Frankensteins: The Half-Year Threat Report
Oops! Qualcosa è andato storto durante l'invio del modulo.
Darktrace Glossary>Email Filtering

What is Email Filtering?

CONTENTS

Email filtering definition

Email filtering is a method of email security that involves identifying and sorting emails that are deemed non-productive, spam, or malicious. Email filters will move unwanted emails into a junk folder to avoid a cluttered email inbox. They can also manage outbound email traffic to reduce risk of data leakage.

How does email filtering work?

Email filters work by assessing inbound and outbound email traffic. Emails enter a gateway that scans for a sender’s identity, key words in an email header or content, and attached links. This ensures that all contents of the email are legitimate and do not pose a threat to the user or wider systems.

Types of email filtering

Reputation based

This method of email filtering assigns a reputation score based on known factors such as IP, URL or domain reputations and past sending behavior. Depending on this score an email may be deemed unwanted or malicious and be stopped from entering a user’s inbox.

Blocklists

Unlike reputation based filtering which looks at a broader set of metrics, blocklists (or blacklists) look for senders explicitly connected with malicious or unwanted activities and stop related messages from reaching user’s inboxes.

Content analysis

This method of email filtering allows organizations to identify key words or attachments that an email might contain and deny access to a user’s inbox based on pre-defined terms. For example, an email may be blocked if connected to the phrase ‘crypto’.  

Types of email filters

Spam filters

Individuals and businesses receive hundreds of spam messages every day. Most email software comes equipped with spam filters that can automatically detect and filter out unwanted messages. These messages might contain malicious links, content, or phishing attacks. 

Firewalls

This is a system that protects the network from unwanted traffic. Based on what the organization or security operators have identified as unwanted, the firewall system can stop all SMTP or other email traffic that corresponds with these rules.  

Secure Email Gateway (SEG)

A secure email gateway (SEG) or a secure email server (SEC) is a type of email security software that sits between inbound and outbound email communication. Every email that is sent to and from an organization passes through this gateway to ensure that its contents are not malicious or a sign of a data leak. It prevents unwanted emails in user inboxes like spam, phishing emails, emails containing malware, and more. Email gateways often provide the first line of defense for email security. 

Why is email filtering important?

In addition to being the primary form of communication for most businesses, emails often contain sensitive information such as financial data or customer information. The quantity of emails sent and received and the contents they contain make email a primary attack path for cyber criminals. Also, a cluttered email inbox can reduce productivity in employees, making email filters important for improving business productivity and continuity.

Cybercriminals are constantly attempting phishing campaigns or using nuanced attacks like social engineering tactics to trick users into giving away valuable information or login credentials. Lack of appropriate training or email filters can lead to compromised email accounts, data breaches, and malware infections.

Darktrace's approach to email security

Darktrace’s AI email security uses artificial intelligence and machine learning algorithms to prevent, detect, respond to, and heal from email attacks.

Through its unique understanding of you, rather than knowledge of past attacks, Darktrace/Email stops the most sophisticated and evolving email security risks like generative Al attacks, BEC, account takeover, human error, and ransomware.

In a Self-Learning AI model, the AI has the ability to understand the business from the inside out. That way when activity within the business deviates from ‘normal', the AI can identify this behavior and alert the security team. 

AI can also use real-time data to identify and respond to threats quickly, minimizing the potential damage and saving time for security teams who usually have to parse through a high number of flagged emails. 

One of the key benefits of AI email security is that it can detect threats that may go unnoticed by traditional security systems, which often rely on pre-defined rules and patterns to identify threats. With AI, email security can continuously learn and adapt, providing more comprehensive protection against previously unknown email-based attacks.

Related glossary terms

Email Security
Email Data Loss Prevention (DLP)

Featured Resources

View all resources
Scheda tecnica
Perché Darktrace?
Blog
Building for the AI Attack Era
Blog
Using AI to Help Humans Function Better During a Cyber Crisis
Libro bianco
A CISO's Guide to Incident Management