Protect Email Systems with Content Filtering
Checks emails for harmful content to keep systems safe.
Plain language
Email content filtering means setting up systems to check incoming and outgoing emails for harmful content, like viruses or phishing attempts, before they can cause damage. This is important because without it, dangerous content could reach your employees and compromise business data, leading to financial and reputational harm.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Email content filtering is implemented to filter potentially harmful content in email bodies and attachments.
Why it matters
Without email content filtering, malicious links and attachments can reach users, leading to malware infection, data loss and business disruption.
Operational notes
Regularly update filtering rules to tackle new threats. Analyse quarantine items to tune filters, minimise false positives and detect emerging malicious campaigns.
Implementation tips
- The IT team should set up email filtering software on the email server. This involves installing and configuring software to automatically scan incoming and outgoing emails for viruses and phishing attempts. Follow the vendor's setup guide to implement the recommended security settings.
- Managers should ensure employees are aware of email filtering. Conduct regular training sessions to explain how email filtering helps protect them and why it might occasionally block legitimate emails. Encourage employees to report suspicious messages that might have slipped through.
- System administrators need to establish rules for the email filter. Define what types of content should be flagged or blocked, such as executable files or suspicious links. Work with the IT security officer to regularly update these rules based on new threats.
- The IT security officer should monitor the email filtering logs weekly. Review the logs to identify any patterns or repeated attempts of attacks. If certain email addresses or types of content are frequently flagged, consider adjusting the filtering rules or alerting the company.
- HR should coordinate with IT to handle quarantined emails. Establish a process for safely reviewing and releasing legitimate emails that have been mistakenly flagged. Ensure this process respects privacy and keeps email security in mind.
Audit / evidence tips
-
Askthe email filtering configuration document
Goodincludes detailed setups that match current best practices and blocking rules for known malicious content
-
Goodis a report showing consistent filtering activity and a low number of missed threats
-
Askdetails of the process for handling quarantined emails
Goodincludes a defined procedure with roles clearly assigned and steps for safely releasing emails
-
Askto speak with the IT security officer about regular filter updates
Goodincludes a routine update schedule and recent changes documented in a log
Cross-framework mappings
How ISM-1234 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.7 | ISM-1234 requires organisations to implement email content filtering to detect and block potentially harmful content in email bodies and ... | |
E8
| Control | Notes | Details |
|---|---|---|
| handshake Supports (2) expand_less | ||
| E8-RM-ML1.2 | ISM-1234 requires email content filtering to reduce delivery of malicious attachments and embedded content | |
| E8-AC-ML2.2 | ISM-1234 requires email content filtering to prevent harmful content in email bodies and attachments from reaching users | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.