SecureBIT Logo

SPAM FILTERS | WHY CAN’T THEY JUST CAPTURE BAD EMAILS?

Do emails seem never to make it into your inbox? Or maybe you’re receiving too many “junk” emails? This may be due to your spam filters.

Spam is the email equivalent of junk mail. It’s bothersome, time-consuming to wade through, and sometimes, a security risk. In response, most IT providers or internal IT teams recommend that companies use a spam filter to help reduce the number of spam emails that arrive in your inbox.

Unfortunately, spam filters may also capture valid emails alongside unwanted spam. So why does it do this? Is this something that can be corrected? Or is it just an unfortunate mishap? How can your IT provider help?

WEBIT Services created SecureBIT to help businesses simplify security. We are passionate about using education, not fear, to help companies make informed IT Security decisions and investments based on facts and their risk tolerance.

By reading this article, you will learn how spam filters work, how to address email concerns, and how your IT provider can help.

How spam filters work

Spam filters identify spam emails based on specific traits of an email and user habits.

Spam filters are set to grab emails with a high likelihood percentage of being spam. The more spam-like characteristics a message possesses, the greater the likelihood it is spam.

For example, if an email has a 70% chance of being spam based on its characteristics, it will be captured by the spam filter. However, an email with only a 10% likelihood will arrive in the inbox.

Characteristics of spam may include:

  • “Spammy” keywords or phrases in the subject line or body (i.e., “We’ve been trying to reach you about your extended warranty”).
  • A suspicious domain in the sender’s email address.
  • A suspicious email address.
  • An attachment with no email body.
  • Emails you have never interacted with before.
  • Emails from an unusual location.

Why is it so hard to identify spam emails?

Cybercriminals who send spam emails want you to open their messages, and they do this by creating convincing emails. While spam has distinct trends or characteristics, these trends continue evolving as cybercriminals become more resourceful.

AI also makes it easier than ever to craft cleverly disguised spam emails.

As spam grows smarter, spam filters must evolve to keep up with convincing spam. Gone are the days of spotting poorly written and poorly-spelled emails about sketchy products or warnings.

Do spam filters learn?

Spam filters have a limited learning ability. They learn based on how users interact with their emails.

For example, if you have received and replied to a particular email address over the years, this tells the spam filter that this email address is a legitimate user. In addition, moving emails out of your spam folder and into your inbox shows the spam filter that emails from that sender are safe.

On the other hand, flagging emails as spam tells your spam filter that it should catch similar messages or messages from that sender or domain.

Let’s suppose that you are looking for a message from your doctor. The email address is info@mydoctor.com, and your doctor sent your annual test results as an attachment with no email body. Your spam filter would find the email address and message structure suspicious.

In response, it grabs this “spammy” email and puts it in your spam folder.

If you locate this email in your spam folder and move it to your inbox, your spam filter learns that messages from info@mydoctor.com are safe. Therefore, in the future, these messages should arrive directly in your inbox.

However, while spam filters learn from user email interactions, this learning is still limited. As a result, spam filters will not be 100% accurate even with this learning ability. They may get better over time, but users may still need to check their spam folders for emails or flag the occasional message as spam.

Adjusting spam filters

Sometimes, spam filters grab too many emails or not enough. This often leads to user frustration. Usually, these circumstances are caused by the spam filter settings.

Spam filter settings decide what likelihood percentage it will use to capture emails. Essentially, you tell the filter, “Every message at or above this likelihood should be sent to the junk mail folder.”

Spam filter settings are often adjusted on a sliding scale (high sensitivity to low sensitivity), and these settings may vary across different brands of spam filters.

If your spam filter grabs too many authentic emails, its sensitivity setting may be too high. In this circumstance, the filter may capture several “false positives.”

With a high sensitivity setting, your spam filter will catch a mix of spam and valid emails. If you don’t adjust the spam filter settings, you must regularly check your spam folder and release these messages to your inbox.

On the other hand, if your spam filter sensitivity is set too low, many more spam emails will be allowed into your inbox. Of course, authentic emails will all arrive in your inbox, but so will a lot of junk.

To some degree, your spam filter will learn to release or ignore some of these emails based on your email use habits.

How can I fix my spam filter settings?

If your spam filter is causing frustration, talk to your IT provider or internal IT team. Ask them about their procedures for adjusting the spam filter. For example, they can increase or decrease the sensitivity or possibly “whitelist” specific email addresses and domains.

However, due to its nature and limited learning abilities, it’s unlikely that your spam filter will suddenly have 100% accuracy. Therefore, you may still need to check your spam folder for misplaced emails or flag junk messages as spam.

As you adjust your spam filter, ask yourself, “Am I more comfortable with authentic emails going to spam and searching for them? Or would I prefer to flag suspicious emails as they arrive in my inbox? Why?”

For example, a medical office may choose to have a highly sensitive spam filter because they are incredibly cautious of phishing attacks. As a result, this office is more comfortable checking their spam folder for misplaced good emails rather than risking bad emails in their inbox.

On the other hand, a manufacturer may choose to have a spam filter with low sensitivity. They don’t want to miss any messages from existing or potential clients, so they want everything in their inboxes and to flag bad emails as they go.

Over time, the spam filter may learn and catch fewer good emails and more spam with greater accuracy, but it will take time.

What if my emails still aren’t coming through?

Spam filters are not the only factor that can affect email flow. Email flow can be affected by the following:

  • The email provider
  • Spam filters
  • Phishing protection
  • Antivirus or EDR

If you adjusted your spam filter and still have significant email flow issues, talk to your IT provider or internal IT team. They will isolate each tool to test it and see where emails get caught.

To do this well, your provider or team must know a specific email missing from your inbox. Without a particular email address to search for, your IT provider or team cannot trace the message’s journey and diagnose the issue.

For example, a user is frustrated because they aren’t seeing any emails from a particular client. To find where the email flow is affected, the user must tell their IT provider, “I’m missing emails from john@johndoe.com.”

In response, the provider can search for and trace john@johndoe.com to see where these emails are blocked. Once the emails are located, they can analyze and determine possible issues.

Is the problem with the user’s email system and protection, or is something wrong with John Doe’s email address or server? For instance, has he been compromised, and your antivirus or phishing protection is blocking the email?

Spam filters and email filtering is nuanced and complicated with many factors. Talking to your IT provider or internal IT team can help you adjust your email protection systems to better meet your needs.

Next steps for fine-tuning your spam filter

Spam filters are nuanced tools that capture emails based on their likelihood of being spam. This is determined based on the sensitivity level of the spam filter and the “spammy” characteristics of the email message.

To judge whether or not your spam filter is meeting your needs, examine your email inbox. Are there messages that shouldn’t be there? Or are legitimate messages missing? Are you more comfortable releasing messages from your spam folder or flagging messages in your inbox?

Weekly audits of your spam folder help guarantee that good emails arrive in your inbox. It also helps your spam filter learn which emails are safe.

If your spam filter is not performing to your satisfaction, talk to your IT provider or internal IT team to see how they can adjust the filter settings.

While your IT provider or team can adjust the filter to be more or less sensitive, programming a spam filter with 100% accuracy is often impossible. This is due to the spam filter’s attempts to catch up with the ever-evolving habits and characteristics of spam emails.

Your IT provider or internal IT team can also help create helpful email use procedures and practices and fine-tune existing tools or recommend new ones.

WEBIT Services has been identifying and managing risk for small to medium sized businesses for almost 30 years.

If you’re looking for security answers, book a call with our team to see how SecureBIT can help simplify security.

If you aren’t ready to make a commitment but would like to learn more about email risks and security, we recommend the following articles: