Categories
Information Security

Spam Email – Stop it before your users click on it

It doesn’t matter if you’ve trained them or yelled at them or had to fix their infected computers in front of them (or all of the above) ……..they’re still going to open that suspicious email, aren’t they?
Because who can resist the attachment that promises funny cat pictures, and who doesn’t have a slight panic attack when faced with a fraud alert from their bank?
Protecting your corporate network from malicious email is a never-ending battle and there’s no simple, one-size-fixes-all method to do so, either. There are three modes of defense, though, that are remarkably effective but we’ve recently realized that most small to mid-size companies are only using one or two of those methods.

  1. The first and most effective defense is simply user training. Every company, no matter the size, should inform and educate users as to the dangers of fraudulent emails. Provide examples, show warnings, and do it on a regular basis. Don’t numb them to the dangers but find a balance between over-lecturing and educating your users.
  2. The second most effective defense is desktop antivirus and anti-malware software. These programs won’t stop a zero-day exposure but they’ll prevent about 98% of anything that makes it as far as the desktop. They won’t prevent someone from entering their banking credentials on a fake website but they do a moderately decent job of preventing older malware from infecting your network.
  3. The third defense, and the one you may not be using, is a block list on your mail server. These block lists do exist and contain real-time updated lists of spam websites and domains. The most popular of these is the Spamhaus Project. In their own words: “The Spamhaus Block List (“SBL”) Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail. The SBL is queriable in realtime by mail systems thoughout the Internet, allowing mail server administrators to identify, tag or block incoming connections from IP addresses which Spamhaus deems to be involved in the sending, hosting or origination of Unsolicited Bulk Email (aka “Spam”). The SBL database is maintained by a dedicated team of investigators and forensics specialists located in 10 countries, working 24 hours a day to list new confirmed spam issues and – just as importantly – to delist resolved issues.”

Simply put, by taking advantage of the Spamhaus DNS block lists, you can set most modern mail servers to prevent many of those fraudulent emails from ever reaching your users. There are some limits on free usage of their offering but larger, heavier users can still pay for the service.
You can find more information about Spamhaus at the following url: https://www.spamhaus.org/