Skip to content

Hit enter to search or ESC to close

Everything you need to know about email security solutions (but were afraid to ask)

It would be an unusual business that wasn’t dependent on emails to some degree. From the smallest solo business to a global enterprise, email makes the communication wheels go around. Because of the widespread use of email and its deep integration into our businesses and lives, email has also become the go-to vector for a cyber-attack.

The statistics show that email continues to be the number one threat with phishing threats increasing by 161% in 2021. Keeping email secure requires an understanding of how emails are at threat by both malicious and non-malicious persons (accidental insiders) and how to protect corporate email against these threats.

This is a guide to the building blocks of an email security solution and how they can help your organization beat email-related cyber-threats.

Did You Know?


SpamTitan's spam catch rate

11 Seconds

a ransomware attack occurs


the average cost to manage spam per person without an email filter


of all email is spam

Do you really need an email security solution?

Email is the perfect communication channel for cybercriminals to exploit. Emails often carry sensitive data, may include proprietary intellectual property of a company, and can be used to socially engineer and manipulate employees. As such, the email provides an ideal mechanism to enter a company and further exploit its resources. But protecting emails is a holistic exercise that requires both inbound and outbound security mechanisms to ensure 360-degree protection.

Some examples of cyber-attacks that originate with an email

Email-based cyber-attacks cover a lot of ground, but some of the most prevalent are:

Spear phishing and ransomware

Spear phishing emails are highly targeted and used in complex scams including BEC (see below). However, they are also the perfect way to infect a company with ransomware. Spear-phishing is so-named because the malicious email focuses on individuals with privileged access to web servers and similar. If an employee falls for the sophisticated series of social engineering tricks inherent in a spear-phishing attack, the result can be ransomware infection. In 2021, 37% of organizations suffered a ransomware attack. According to the US Treasury Department, the average monthly ransomware transaction amount in 2021 was $102.3 million.

Business Email Compromise (BEC)

BEC was described in a recent publication from the FBI as “one of the most financially damaging online crimes.” Figures from the IC3 show that in 2020, cybercriminals exploited over $2 billion from U.S. businesses using BEC techniques.

BEC attackers use emails as the starting point of a complex scam that results in the theft of money, typically via a misdirected wire. The scam usually involves surveillance of emails; this may require an email account of a targeted person, such as a CEO, to be compromised. This is often carried out by sending a spear-phishing email that targets this person. This leads to stolen credentials, which allows hackers access to company accounts. Once that happens, the fraudster will watch the email traffic, looking for billing and invoicing opportunities to take advantage of. BEC fraudsters typically modify an invoice to include their bank details, the monies then being transferred to that bank.

Data theft

Data breaches are still prolific but there is some good news. According to research from RiskBasedSecurity, in the first half of 2021, 18.8 billion records were exposed, which is a 32% decrease compared to H1 2020. However, as the year passed, data records continued to be exposed with 217 million data records breached in December. Data breaches, such as these, have been shown to originate with a phishing email. The 2021 IBM Cost of a Data Breach report, found that stolen login credentials (e.g. passwords) were the most common cause of a data breach. The report highlighted that these credentials are stolen by phishing. Reports consistently show that phishing is predominantly used to steal credentials, one report finding that 74% of phishing emails were used for credential theft.

The spectrum of email-borne cyber-attacks requires a holistic approach to email security in the form of a set of specialized building blocks that make up an email security solution.

Examples of email-borne cybersecurity attacks

There is a multitude of examples of compromised emails leading to cybersecurity attacks. These attacks cover a myriad of attack types and tactics. The common thread through all is that an email is involved at some point.

IKEA and email chain hijacking

Cybercriminals sometimes use existing hacked email accounts to propagate phishing emails to make them look believable, and therefore, circumvent security awareness training. A form of phishing known as “email chain hijacking” uses compromised email accounts from previous phishing expeditions, to then send out legitimate looking phishing emails.

IKEA suffered an email chain hijacking attack that originated from compromised Microsoft Exchange servers. The attackers used IKEA mailboxes to send out malicious phishing emails, with a malware-laden attachment, to employees. IKEA was able to prevent continued damage from the attack using an email security gateway.

Nobelium and IT service providers

Around 14 IT service providers were affected by the Nobelium hacker gang, the group behind the SolarWinds cyber-attack. The SolarWinds SUNBURST attack began with a spear-phishing email that led to compromised Office 365 accounts. The result was that 18,000 companies across the world were infected with malware. In this latest Nobelium attack, resellers and the IT supply chain were targeted in an attempt to propagate malware across their extended customer base. Phishing of people with privileged accounts is the key tactic used by Nobelium to compromise corporate accounts and infiltrate downstream customers.

Puerto Rican Government BEC Scam

In 2020, the Puerto Rican Government found itself a victim of a $4 million BEC fraud attack. This attack involved a hacked email account, used to then send out seemingly legitimate emails, tricking people at some government agencies into sending funds. 

One typical way data is exposed via email is by accidentally sending an email to the wrong recipient. This was found to be a prevalent security problem in healthcare and financial services.

What is an email security solution?

This focus from the cybercriminal community on the very communication lifeblood of the enterprise, the email, means that an organization must have an email security strategy in place. Email threats are insidious and an ever-present threat. The problem is that these threats evolve, and advanced email security is required to tackle them. An email security strategy should cover several areas:


Having visibility is a vital part of understanding the threat landscape of the corporate environment. This should include an analysis of the types of threats your organization is likely to be at risk of, which email accounts are likely to be targeted by spear-phishing, which accounts may be spoofed, and so on.

Threat analysis

An assessment of the likely threats and what form they take is needed. This should extend to phishing, spam emails, adult content, and potential BEC emails. An email security solution should provide the functionality to detect and respond to the various types of email-borne threats.

Changing threats

Your email security strategy should recognize the changing threat landscape of email-borne threats. These threats should not be limited to inbound email threats. Instead, your strategy should encompass changing threats across the entire email lifecycle from email generation to archival.

Data loss prevention

An email security strategy should cover both inbound and outbound email security threats. Data loss potential from outbound emails should also be analyzed to ensure that an effective email security solution can offer data loss prevention capability that does not impact employee productivity.


What kind of protection is offered by an email security solution?

Email security is not achieved by using a point solution. Because email-borne threats are so diverse, they require a similarly diverse but focused response. An email security solution must offer several building blocks to protect against security threats to both inbound and outbound email: each protection mechanism being part of a layered approach to the security of email traffic.


The building blocks of a holistic email security solution

Email protection software is a holistic system that provides detection, prevention, and response to cyber-threats that are email-borne. The building blocks that create an email security solution are:

Protection against phishing: solutions such as SpamTitan, are designed to block email spam and prevent phishing attacks. Anti-spam/anti-phishing protection is the foundation stone of an email security solution. Anti-phishing solutions carry out scans on any inbound emails to detect malware such as ransomware, and to check for malicious links. These scans stop phishing messages and the malicious links and/or malware they contain before they reach an employee's inbox.  A single click on a malicious link can lead to a BEC attack or a ransomware infection, so this first line of defense is a crucial component of an email security solution.

Email encryption: the confidentiality and integrity of an email are protected by using encryption. Email encryption is, again, not a point solution but has several nuanced aspects, discussed later in this article. Comprehensive email security solutions will be able to apply encryption across a variety of email use cases to ensure the best and most optimized fit.

DNS filtering: phishing and spam emails often contain malicious or inappropriate links. DNS filters, prevent employees from navigating to spoof or infected websites by checking the link and preventing access before the nefarious website opens. DNS filtering is part of an email protection solution and adds an important layer of security to stop illegitimate internet access.

Email archiving: email archiving can often be forgotten when considering email security. However, making sure that stored emails are protected is a vital building block of an email security solution. Secure email archiving forms part of a wider email protection system and should be part of your overall security strategy. Secure email archiving provides the means for disaster recovery and business continuity. Archived emails are insurance against accidental data loss during outages and other events.

Hear from our Customers

Flexible, fair, and plenty of control.

What do you like best about SpamTitan Email Security? Ease of use. It was incredibly easy to set up and learning the UI was quick and painless. What problems is SpamTitan Email Security solving and how is that benefiting you? Phishing and spam are sharply increasing, so your product is essential to us.

Logan M.

IT Administrator

Great SPAM Solution

What do you like best about SpamTitan Email Security? Easy to deploy and manage, as well as, very effective in preventing SPAM. Provides for email auth methods, such as, DKIM and SPF verification to validate senders. Easily deployed as a virtual appliance with cluster support. Recommendations to others considering SpamTitan Email Security: Look at the cost and value of what you are receiving. there are a lot of well known names out there, but they do not necessarily deliver a better product, they are just more well known What problems is SpamTitan Email Security solving and how is that benefiting you? Preventing SPAM, viruses and phishing email from entering the network. We make it a point to respond to emails immediately and knowing that the email notification has a high probability of being a business related email and not SPAM makes that job easier.

Tony H.


Great Product and Easy to Use

What do you like best about SpamTitan Email Security? After going through a fairly simple setup, SpamTitan just works. It does a great job of stopping most spam and has a small number of false positives. It is also pretty easy to set up notifications on any blocked emails to ensure that proper capture is occurring. One side feature that I really like is using the web interface to see what emails have been allowed through. Using that information, when a client calls and tells us they sent an email that we didn't get, I can immediately look on SpamTitan to see if the email reached our servers at all. This allows me to very quickly determine if an email that never reached us was blocked on by our servers or prior to reaching us at all.

Dan O.


Great Product and Service

What do you like best about SpamTitan Email Security? Support is always there to answer any questions ive had. The service is very easy to use. What do you dislike about SpamTitan Email Security? So far nothing. It only took a few days to iron out any questions. Recommendations to others considering SpamTitan Email Security: Give it a try at the very least What problems is SpamTitan Email Security solving and how is that benefiting you? Users dont have time or experience to identify dangerous emails. this service stops them and they must allow them through.

Tyson R.

Master Technician

Best decision I’ve made in awhile

What do you like best about SpamTitan Email Security? SpamTitan filters out more of the spam, with less false positives that the product we used to use. It has a better interface which is very easy to use as well. What do you dislike about SpamTitan Email Security? I haven't found anything to dislike yet. What problems is SpamTitan Email Security solving and how is that benefiting you? Before using SpamTitan I basically had to blanket block most countries outside of the US. I also had to deal with frequent complaints for staff on the amount of spam getting through. Now I have only 2 non us domains blocked, and get maybe 1 concerned staffer email a month. I love this product!

Stephen H.

IT Administrator

What sets a great email security solution apart from others?

An email security solution may have all the building blocks shown above. However, it is in the execution and delivery that sets a great email security solution apart.

Email encryption options

Emails can be intercepted, hacked, and accidentally sent to the wrong person, potentially exposing sensitive data. Email encryption helps to prevent all the above, but there are many aspects to encrypting emails effectively. Email encryption is used to maintain the confidentiality and integrity of the body content and attachments within an email. Encryption is used to protect emails during transit and can also be used post-delivery. EncryptTitan delivers email encryption across the email lifecycle:

During transit

EncryptTitan uses TLS (Transport Layer Security) for protection during email transit. TLS is a protocol that allows an email to be sent encrypted when it is transmitted between sender and recipient. TLS prevents Man-in-the-Middle (MitM) attacks and so stops nefarious persons from hijacking emails as they are transmitted. EncryptTitan uses TLS-Verify, which removes any additional steps needed by a recipient to read the encrypted message; this improves the usability of email encryption, reducing human error associated with email encryption use.

End-to-end encryption

TLS is a fundamental protocol layer in secure email transmission. However, end-to-end encryption of emails adds another layer to the protection of extra-sensitive emails. Using end-to-end encryption requires the recipient to authenticate themselves to decrypt the message; this ensures only the correct recipient can read the message.

Keyword-based encryption

Keywords or phrases can be used to trigger automatic email encryption; Email security that offers this method of encryption uses a set of keyword rules defined by a system administrator; if an email contains one or more of these words, the email will be automatically encrypted on clicking send. Email encryption solutions such as EncryptTitan, offer keyword encryption. However, these solutions must allow for the granular application of the rules along with the enforcement of encryption policies. For example, a solution should allow an administrator to set rules that define when an email is encrypted, for example, outgoing emails only.

Anti-phishing options

Fraudsters are continually upping their game to evade email filters. But filters are an important first line of defense against malicious emails. Anti-phishing filters need to be smart enough to allow legitimate emails through, whilst blocking malicious emails. This comes in the form of several increasingly smart layers, each playing a part in the detection and prevention of phishing:

Content or word filters

Filters are used to detect known words found in nefarious emails. Once found, the filter will block or quarantine the email.

List filters

Blacklists or whitelists based on known IP addresses and domains can be used to prevent/allow incoming emails 

Header filters

The header of an email can include spam indicators. These indicators can be included in filter rules. If an email header is recognized by the filtering rule it will be blocked.

Smart filters

The use of machine learning (ML) allows a filter to automatically update tactics to reflect any changes in environments and/or spam methods.

Heuristic filter

Heuristic spam filters use machine learning algorithms to identify spam. Based on a scoring system, incoming emails can be blocked or quarantined. Heuristic filters are reactive and useful in the current threat landscape.

Bayesian filter

This is a type of heuristic filter that creates increasingly effective rules over time: employees can also interact with the filter to help train the filter to increase accuracy.

Data loss prevention (DLP)

Outgoing emails are as important to secure as those that are incoming. Email security solutions such as SpamTitan provide a two-way filter system to secure both inbound and outbound emails. In the case of outbound emails, this helps to stop sensitive data leaks. Protecting outbound emails includes checking corporate emails for spam and viruses to prevent the organization´s IP addresses from being blacklisted by global blacklisting services.

Administration and deployment

All the building blocks of an email security solution would be for nothing if the solution is not easy to use, administer, and deploy. In our cloud-first corporate world, any email security solution should be cloud-based. The centralized management afforded by a cloud solution will make sure that deployment across the expanded corporate network, including remote devices, is simple and fast. Cloud-based email security solutions also ensure that email protection updates are automatically rolled out across all devices and computers. The fast-changing nature of cloud environments and devices that need cloud-enabled deployment and management of an email security platform is essential.

Similarly, administration and management of the various components of a comprehensive email security solution should be easy to perform via a central console. This console should allow administrators to set up and maintain the policies and settings needed to manage email security easily across the enterprise email network.


SpamTitan secures your email

SpamTitan has been designed as a comprehensive, intelligent, and multi-component email security solution. SpamTitan delivers a powerful set of email security building blocks to fit all the various email use cases of the modern enterprise. It is the attention to detail in its design, that means SpamTitan can offer the levels of granularity of choice and seamless integration with existing cloud apps such as Office 365, needed to take into a league of its own in protecting your corporate emails. Whether your emails are outbound containing sensitive data, or malicious and inbound hoping to steal data, SpamTitan will ensure that your company is continuously protected.

To keep your email security at peak fitness, sign up for a trial of SpamTitan.

Susan Morrow

Susan Morrow


Talk to our Team today

Talk to our Team today