The Problem: Email Spoofing

Email spoofing is the practice of forging a false email header to mislead the recipient into believing the email came from a different, trusted source.

This type of attack can be used to steal private information, which can then be used to further damage an organization.

Extortion, IP theft, and malware infection are just some of the risks a spoofing email attack can present. With so much on the line, a strong email security position is critical to corporate success.

This can occur by spoofing via display name, lookalike domains, impersonating key staff, and other methods.

PremierePC clients receive an additional layer of inbound filtering to help mitigate these risks. Enter Message Review.

Good mail in, bad mail out

Inbound filtering stops the junk and lets the good email through. Messages containing offensive, harmful, or policy violating content are held for user review, while good messages continue on their way.

Fully loaded message review

Many email users report that they receive a high amount of spam on a regular basis. And even worse, they don’t always know where their filtered messages go. Big problems can result from false-positive handling when a good message your email provider thinks is spam goes missing.

Get more accurate email filtering

Inbound email filtering handles messages more intelligently so there are less false-positives. When questionable messages are held, users get a notification that lets you preview, deliver the message, and whitelist the sender, so potentially important messages are no longer buried.

Improve quarantine visibility

Inbound Filter gives a big upgrade to standard email spam filtering, giving every user detailed visibility into what messages were held with insightful analytics and filtering statistics. Now it’s possible for email users to see easy to read and understand details about the security of a message, so you can be 100% sure it’s safe to release to their inbox.

Customizable notification schedule

Users get message review notifications at the interval that works for you. Whether you want them every hour, never, or anything in between… the choice is yours.

Preview content in a safe environment

Inbound Filter lets users preview the HTML content of a message (images optional) so you can determine whether or not it’s a message you wish to receive in your inbox without risking a malware infection or phishing attack.

Clear explanations of email scoring

Each message has an analytics section which shows data related to the reasons a message was held, where it came from, and even a map showing the point of geographic origin.

Message delivery timeline

There’s also a timeline section, so it’s clear to see the path of a message during it’s lifetime and quickly identify areas where delivery was delayed or interrupted.

Easy Access to Message Review Portal

Click the link in the most recent Message Review email to access the portal.

Navigate to emailservice.io and request a link for access.

Click here to learn what actions to take inside Message Review.

emailservice.io

Email Scoring

Scoring range = 0-600

Spam tolerance – aggressive 140 – 200

Under 140, deliver as normal
140-200 – tag subject as [possible spam]
Over 200 goes to message review

Promotions – 90
Advertisements, newsletters, and other types of marketing email that isn’t necessarily spam.
SPF soft fail – 70
Messages that came from an IP not designated by the SPF record for the sender domain. Messages with an SPF soft fail (“~all”) should be treated as spam or suspicious.
SPF hard fail – 70
Messages that came from an IP not designated by the SPF record for the sender domain. Messages with an SPF hard fail (“-all”) should be discarded.
From address SPF soft fail – 70
Messages that came from an IP not designated by the SPF record for the From address domain. Messages with an SPF soft fail (“~all”) should be treated as spam or suspicious.
From address SPF hard fail – 70
Messages that came from an IP not designated by the SPF record for the From address domain. Messages with an SPF hard fail (“-all”) should be discarded.
Reply-To address SPF soft fail – 70
Messages that came from an IP not designated by the SPF record for the Reply-To address domain. Messages with an SPF soft fail (“~all”) should be treated as spam or suspicious.
Reply-To address SPF hard fail – 70
Messages that came from an IP not designated by the SPF record for the Reply-To address domain. Messages with an SPF hard fail (“-all”) should be discarded.
Multiple From/Reply To addresses – 100
Messages that come from a different addresses in the From or Reply-To headers. This is a common attribute for phishing messages but is also common to newsletters and other bulk mailings. Use with caution as it may cause some false positives.
DKIM Signature Failed Verification – 200
Messages that contain a DKIM signature that failed verification. DomainKeys Identified Mail (DKIM) is an email authentication protocol designed to prevent message modification in transit, a method often used in phishing and email scams. This result indicates that the message signature is either spoofed or the message has been modified in transit.
Attachment with a macro – 400
Messages that contain a Microsoft Office file with a macro. Macros are a powerful way to automate common tasks in Microsoft Office and can make people more productive. However, macro malware uses this functionality to infect your device.
Potentially Unwanted Applications – 600
Messages that contain an attachment that is a Potentially Unwanted Application (PUA). Potentially unwanted applications are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted. Potentially unwanted applications are not considered viruses, malware, or other types of threats, but they might perform actions on endpoints which adversely affect endpoint performance or use.
Encrypted Zip File – 600
Messages that contain an encrypted archive file (zip or rar). Encrypting an archive file can be used to avoid detection of a threatening file contained in the archive.
Encrypted PDF File – 400

Messages that contain an encrypted PDF. Encrypting a PDF file can be used to avoid detection of a threat.

In addition, we added Foreign/Uncommon Top-Level Domain rules.

At PremierePC, your security is our number 1 priority. 

Share This Post