Filter Emails based on Country of Origin
The Detail view of an email permalink contains a field named Client Geo IP Lookup, which contains the Country of origin for the sending IP address of that message.
If you are receiving an unwarranted amount of emails from a specific country that you know you do not do business with, then it is possible to quarantine messages from said country.
It is even possible to quarantine all messages except for those from a specific country.
For steps on how to implement this, see the following article: https://excelmicro.kayako.com/en-us/article/942
Filter Phishing Emails that Spoof CEO/VP
Bad actors will sometimes target smaller businesses with phishing attacks aimed at End Users. These threats often spoof a CEO, Executive or VP in the “From” Header of the email to trick the user into sending money to an external account.
These threats are often hard to detect because they contain next-to-no malicious content, and the “From” Header being different to the Envelope Sender is a common practice and not necessarily indicative of spam.
Luckily, you can set up a custom filter to quarantine these messages while allowing messages from the CEO’s genuine external email addresses. The following article details the creation of this Filter:- https://excelmicro.kayako.com/en-us/article/549
DLP Filters
There are two main tools that can be utilized within Custom Filters to prevent the loss of sensitive data, these are:
- Smart Identifier Scan: pre-defined regular expressions are used to match with specific content in an email, such as Credit Card Numbers.
- Dictionary Scan: pre-defined regular terms such as Credit Card Terms like “Visa Debit” are used to locate emails containing this information.
To reduce the number of DLP false positives, and to simplify the identification of which terms are causing emails to flag incorrectly, there are two practices that we suggest:
- Use Smart Identifier Terms in combination with Dictionary Terms, reducing the risk of false flagging.
-
Create Multiple DLP Filters with a smaller number of terms instead of one Filter will all DLP terms, for example:
- Credit Card Filter: looks for Credit Card Numbers & Terms
- Driver License Filter: looks for Drivers License Numbers & Terms
Additional DLP Resources:
https://excelmicro.kayako.com/en-us/article/399
https://excelmicro.kayako.com/en-us/article/467
https://excelmicro.kayako.com/en-us/article/464
Combining Filter Criteria for Authentication
Support will often advise to be as explicit as possible when adding an entry to the safe sender list (for example, IP address is preferred to *@domain.com). This advice also applies to filters and using a combination of criteria is much more secure than just allowing all messages from a domain. For example, the following logic can be used if you know:
- The sender’s address
- The IP address of the sending server
Carlos Rios
Comments