One of the most common requests I get regarding anti-spam protection (from customers) is surrounding phishing. What do you guys do to protect my organization from phishing?
I never go into this too deeply with customers but the issue is deeper than they realize. When people are asking about phishing, they usually are worried about two things:
It’s not a simple matter of a good mail filtering solution. Protection against compromised machines requires more than a good spam filter. In the case of RSA, the phishing message was deposited into the user’s spam folder and they went in, fished it out, opened it and got infected. This demonstrates that even if your filter is good enough to catch phishing, your user base can defeat your technology.
A company has to do multiple things to stay protected:
That’s what I want to tell users when they ask me about our filtering strategy. We work hard to keep our filters up-to-date, but you are doing your part too, right? Email is not the only entry point into and out of the organization. Modern security requires multiple lines of defenses, and securing the email story is one of them. Granted, it’s an important one because tons of traffic enters and exits a user’s company… but don’t forget about the rest of the story.
Because that story is an important one, too.
Well, IFF vulnerable companies publish an SPF FAIL policy, which just means "please reject anything else claiming to be from us, because it is not from us", and IFF folks like you in fact reject FAILing mails instead of letting them in to obscure spam folders, then that would force the bad guys to get an inside account on the vulnerable company for their phishing activities, or it would force them to use "paypa1" instead of "paypal" (just an example). So far it is as simple as 1-2-3, but admittedly I should work on my expired SPF-EAI draft again to get ready for e-mail address i18n.