Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

Are You Blocking Your Own Email?

Spam Blocking: How can you Prevent Against False Positives in Your Organization?

Spam Blocking: How can you Prevent Against False Positives in Your Organization?

Several industries rely on a network of external independent agents to do business. These include: insurance, mortgages, real estate, and private wealth management. This has significant impact on the way a firm designs its email infrastructure, permits use of the mail system, sets acceptable use policy, and deploys Internet gateway security. In week’s column, I’ve outlined specific steps that will help mitigate the impact of the agent’s computer and that will help prevent against false positives.

SPAM Blocking False PositivesWhen a firm utilizes the services of external agents, there is a distinct risk that they will block legitimate email from those agents as spam. The risk is created as follows:

1. Agents are usually using their own computers email clients, email accounts, and ISPs to send email.

2. The firm exercises no control over the email practices of the agents, when not doing work on behalf of the firm.

3. The agents are frequently ignorant of sender best practices, for example, as set by the Mail Anti-Abuse Working Group (MAAWG), an industry trade organization dedicated to fostering the development of technologies and polices for combating abuse of the Internet email system.

4. The agents abuse the Internet email system out of ignorance.

For example, an independent agent sends bulk email on behalf of a third party that is not your firm. That email does not comply with CAN-SPAM and Internet sender best practices. It is determined to be spam by receivers and lands the personal information in the email, such as phone numbers and URLs in email signature content, in anti-spam engines. Now, whenever that agent sends an email with the same contact information, the email will be blocked. The worst-case scenario is now realized. Inbound email to your firm containing important communications related to revenue or customer service will now be blocked by your own anti-spam software.

There are strategies to mitigate this risk, and there are technological solutions. On the business process side you need to establish acceptable use policies for agents and conduct training to agents on proper use of email. MAAWG has resources that may be used to develop that training. On the technical side you need to provide email infrastructure that agents use when working on behalf of the firm.

The provided email infrastructure could amount to providing email accounts and computers that are to be used only on behalf of the firm, providing email accounts and VPN access to the firm’s email systems, and providing authentication credentials that permit relay on the firm’s Internet gateway. When the credentials are presented, you can rest assured that email sender is who that sender claims to be and can create a policy bypass around the spam filter to avoid the business impact of the false positives created by their own behavior. Alternatively, the same authentication could be achieved with the deployment to the agents of encryption keys that are used to sign the mail. The signature would be verified at the Internet gateway and the policy bypass invoked. Were the email encrypted as well as signed, the email is confidential in transit.

Without these steps, you will be fighting a losing battle against false positives. The false positives as they come in can be contested with the anti-spam vendor, but as bad sending practices continue, those senders will continue to be blocked.

An added benefit of taking these steps is that it mitigates the impact of the agent’s computer, unbeknownst to the agent, being infected and becoming a node in a bot-net, sending spam, that will cause the agent’s machine itself from being blocked at the IP address level. You will still be able to receive email from that agent with a policy bypass when the email is authenticated.

Read More of Greg’s Email Security Columns Here

Written By

Click to comment

Expert Insights

Related Content

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

UK-based email security and brand protection solutions provider Red Sift on Thursday announced raising $54 million in a Series B funding round that brings...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Computer maker Lenovo has started pushing security patches to address three vulnerabilities impacting the UEFI firmware of more than 110 laptop models.