Why Do I Still Get Spam if I Have a Spam Folder?

CybersecurityArticle
Written By Adam Evans, CISSP

So, what is a spam filter? A spam filter acts as a filter that looks for specific technical criteria to try to validate the authenticity of an e-mail. A good spam filter will try to analyze the intent of the e-mail with using machine learning to determine whether an e-mail is legitimate or malicious.

So why do things still make it through?

The simple answer is that computers aren't perfect. The bad guys are constantly evolving their tactics. For example, the emails that everyone is used to seeing like the Nigerian Prince who is here to offer you some money, yeah everyone knows about that scam from years ago. However, those aren't quite as common these days.

What we see instead are very low-tech emails from someone using a common email address from a legit email provider like Gmail or Yahoo. These email accounts are easy to make and allow for the bad guys to pretend to be someone important from a specific company. They are asking for the email recipient to do something like go buy some gift cards for an employee bonus program.

These emails look very similar to emails that people send from time to time, so the spam filters have trouble filtering those out because at that point you're now dealing with the balance between business functions and security.

 If you want a spam filter that does not let any spam through at all, it's going to catch a lot of legitimate business emails in that filter. If you go the opposite route and you want more emails to make it past the spam filter you’re inevitably going to get more spam because you opened more windows. So, it is just that balancing act. As the attackers evolve their methods there's a need to keep an eye on stuff and have a service that can learn and improve from there.

Spam filters are great to help cut out a lot of the noise but as the bad guys evolve and their tactics change, stuff will eventually make it through. Therefore, it's important to make sure you're conducting those security awareness campaigns with your staff to make sure they know what to look for so they can identify and add that extra layer of protection when inevitably something makes it through the spam filter.

If you have any questions, please give us a call!

Adam Evans, CISSP

About Adam Evans, CISSP

Adam is a seasoned cybersecurity professional with more than a decade of experience in the MSP industry. He started his career as a helpdesk engineer and worked his way up through various technical roles to specialize in cybersecurity – specifically GRC, security architecture, and defensive operations. 

Adam is passionate about sharing his expertise and insights with the next generation of security professionals. He believes that by working together and sharing knowledge, we can make the world a safer and more secure place for everyone.

Connect with Adam on LinkedIn: https://www.linkedin.com/in/grcadame/

Previous

What are SSL Certificates?
Next

Remote Workers and Cybersecurity