Open Access

Development and Implementation of the Mail Security Guardian (MSG) System for Multi-Layer Proactive Email Protection Against Spam, Phishing and Malware

4 SoftLine PJSC, Almaty, Kazakhstan

Abstract

Electronic mail remains the primary delivery mechanism for spam, phishing, business email compromise (BEC), and malware in enterprise environments. Existing Secure Email Gateways (SEGs) based on signature filtering and post-delivery analysis achieve approximately 0.91 F1-score under production conditions – a performance ceiling imposed by their reactive architecture. This paper presents the Mail Security Guardian (MSG), a distributed microservice-based platform implementing pre-delivery multi-layer email protection. MSG integrates five sequential analytical layers: pre-SMTP reputation filtering, protocol authentication (SPF, DKIM, DMARC), content and machine learning analysis, dynamic sandbox execution, and an evidence-aggregating decision engine. Evaluated on a corpus of 3.6 million messages collected over six months from a corporate infrastructure of approximately 2,500 users, the MSG machine learning pipeline achieved Precision of 0.992, Recall of 0.978, F1-score of 0.985, and AUC-ROC of 0.996 – an 7.5 percentage-point improvement over the conventional SEG baseline. Binary confusion matrix analysis confirmed legitimate email detection accuracy of 98.6% and malicious email detection accuracy of 99.3%. Production deployment produced reductions of 89.4% in spam prevalence (18.0% to 1.9%), 92.9% in phishing prevalence (4.2% to 0.3%), and 97.6% in malware prevalence (2.1% to 0.05%). End-to-end analysis latency ranges from 120 to 350 milliseconds, with per-node throughput of 50,000 messages per hour supporting linear horizontal scaling. Future directions include adversarial hardening against large language model (LLM)-generated phishing and federated learning for cross-deployment model updates.

Keywords

References

Ahmed, N., Amin, R., Aldabbas, H., Koundal, D., Alouffi, B., & Shah, T. (2022). Machine learning techniques for spam detection in email and IoT platforms: Analysis and research challenges. Security and Communication Networks, 2022, 1862888. https://doi.org/10.1155/2022/1862888
Aboaoja, F. A., Zainal, A. B., Ali, A. M., Ghaleb, F. A., Alsolami, F. J., & Rassam, M. A. (2023). Dynamic extraction of initial behavior for evasive malware detection. Mathematics, 11(2), 416. https://doi.org/10.3390/math11020416
Adnan, M., Imam, M. O., Javed, M. F., & Murtza, I. (2024). Improving spam email classification accuracy using ensemble techniques: A stacking approach. International Journal of Information Security, 23, 505–517. https://doi.org/10.1007/s10207-023-00756-1
Afianian, A., Niksefat, S., Sadeghiyan, B., & Baptiste, D. (2019). Malware dynamic analysis evasion techniques: A survey. ACM Computing Surveys, 52(6), 126. https://doi.org/10.1145/3365001
Almujahid, N. F., Haq, M. A., & Alshehri, M. (2024). Comparative evaluation of machine learning algorithms for phishing site detection. PeerJ Computer Science, 10, e2131. https://doi.org/10.7717/peerj-cs.2131
Alnemari, S., & Alshammari, M. (2023). Detecting phishing domains using machine learning. Applied Sciences, 13(8), 4649. https://doi.org/10.3390/app13084649
Altwaijry, N., Al-Turaiki, I., Alotaibi, R., & Alakeel, F. (2024). Advancing phishing email detection: A comparative study of deep learning models. Sensors, 24(7), 2077. https://doi.org/10.3390/s24072077
Anti-Phishing Working Group. (2023). Phishing activity trends report: 4th quarter 2023. APWG. https://docs.apwg.org/reports/apwg_trends_report_q4_2023.pdf
Atlam, H. F., & Oluwatimilehin, O. (2023). Business email compromise phishing detection based on machine learning: A systematic literature review. Electronics, 12(1), 42. https://doi.org/10.3390/electronics12010042
Azeem, M., Khan, D., Iftikhar, S., Bawazeer, S., & Alzahrani, M. (2023). Analyzing and comparing the effectiveness of malware detection: A study of machine learning approaches. Heliyon, 9(1), e23574. https://doi.org/10.1016/j.heliyon.2023.e23574
Doshi, J., Parmar, K., Sanghavi, R., & Shekokar, N. M. (2023). A comprehensive dual-layer architecture for phishing and spam email detection. Computers & Security, 133, 103378. https://doi.org/10.1016/j.cose.2023.103378
Gambo, L., & Almulhem, A. (2025). Zero trust architecture: A systematic literature review. Journal of Network and Systems Management. https://doi.org/10.1007/s10922-025-09998-x
Gholampour, P. M., & Verma, R. M. (2023). Adversarial robustness of phishing email detection models. In Proceedings of the 9th ACM International Workshop on Security and Privacy Analytics (IWSPA '23) (pp. 67–76). ACM. https://doi.org/10.1145/3579987.3586567
Han, X., & Zhang, T. (2022). Text adversarial attacks and defenses: Issues, taxonomy, and perspectives. Security and Communication Networks, 2022, 6458488. https://doi.org/10.1155/2022/6458488
Hao, W., Tran, V., Rideout, V., Wang, Z., Dasbach-Prisk, A., Afifi, M. H., Yang, J., Katz-Bassett, E., Ho, G., & Cidon, A. (2025). Do spammers dream of electric sheep? Characterizing the prevalence of LLM-generated malicious emails. In Proceedings of the 2025 ACM Internet Measurement Conference (IMC '25) (pp. 192–203). ACM. https://doi.org/10.1145/3730567.3732922
Hazell, J. (2023). Spear phishing with large language models. arXiv preprint arXiv:2305.06972. https://doi.org/10.48550/arXiv.2305.06972
Hureau, O., Bayer, J., Duda, A., & Korczyński, M. (2024). Spoofed emails: An analysis of the issues hindering a larger deployment of DMARC. In Passive and Active Measurement (PAM 2024), Lecture Notes in Computer Science (Vol. 14537, pp. 232–261). Springer. https://doi.org/10.1007/978-3-031-56249-5_10
Innab, N., Osman, A. A. F., Ataelfadiel, M. A. M., Abu-Zanona, M., Elzaghmouri, B. M., Zawaideh, F. H., & Alawneh, M. F. (2024). Phishing attacks detection using ensemble machine learning algorithms. Computers, Materials & Continua, 80(1), 1325–1345. https://doi.org/10.32604/cmc.2024.051778
Jáñez-Martino, F., Alaiz-Rodríguez, R., González-Castro, V., Fidalgo, E., & Alegre, E. (2022). A review of spam email detection: Analysis of spammer strategies and the dataset shift problem. Artificial Intelligence Review. https://doi.org/10.1007/s10462-022-10195-4
Jamal, S., Wimmer, H., & Sarker, I. H. (2024). An improved transformer-based model for detecting phishing, spam, and ham emails: A large language model approach. Security and Privacy, 7(3), e402. https://doi.org/10.1002/spy2.402
Kang, H., Liu, G., Wang, Q., Meng, L., & Liu, J. (2023). Theory and application of zero trust security: A brief survey. Entropy, 25(12), 1595. https://doi.org/10.3390/e25121595
Kumar, P., Antony, K., Banga, D., & Sohal, A. S. (2024). PhishNet: A phishing website detection tool using XGBoost. arXiv preprint arXiv:2407.04732. https://doi.org/10.48550/arXiv.2407.04732
Liu, S., Feng, P., Wang, S., Sun, K., & Cao, J. (2022). Enhancing malware analysis sandboxes with emulated user behavior. Computers & Security, 115, 102613. https://doi.org/10.1016/j.cose.2022.102613
Otieno, D. O., Namin, A. S., & Jones, K. S. (2023). The application of the BERT transformer model for phishing email classification. In Proceedings of the 2023 IEEE 47th Annual Computers, Software, and Applications Conference (COMPSAC) (pp. 1303–1308). https://doi.org/10.1109/COMPSAC57700.2023.00198
Ragheb, M., Elmedany, W., & Sharif, M. (2023). The effectiveness of DKIM and SPF in strengthening email security. In Proceedings of the 10th International Conference on Future Internet of Things and Cloud (FiCloud 2023) (pp. 422–426). https://doi.org/10.1109/FiCloud58648.2023.00068
Roy, S. S., Thota, P., Naragam, K. V., & Nilizadeh, S. (2024). From chatbots to phishbots? Phishing scam generation in commercial large language models. In Proceedings of the 2024 IEEE Symposium on Security and Privacy (SP) (pp. 36–54). https://doi.org/10.1109/SP54263.2024.00182
Salloum, S. A., Gaber, T., Vadera, S., & Shaalan, K. (2022). A systematic literature review on phishing email detection using natural language processing techniques. IEEE Access, 10, 65703–65727. https://doi.org/10.1109/ACCESS.2022.3183083
Syed, N. F., Shah, S. W., Shaghaghi, A., Anwar, A., Baig, Z. A., & Doss, R. R. M. (2022). Zero trust architecture (ZTA): A comprehensive survey. IEEE Access, 10, 57143–57179. https://doi.org/10.1109/ACCESS.2022.3174679

Similar Articles

31-40 of 65

You may also start an advanced similarity search for this article.