Category: TechCorner

Strobe Technologies – Technical Magazine

Greylisting Relevant or Dead

What is Greylisting?

For email security professionals they will know about greylisting and how this is similar to a blacklist. But unlike a black or whitelist this is a temporary listing making the sender send the message again to prove they are real.

How does Greylisting work?

Greylisting is a extremely clear and basic way of stopping spam coming into your business. I say this is a simple protection method as it works on the sending address and the sending server address only.

If a sender sends you an email for the first time this message will be bounced back with a temporary email error message to the sending server only, that server will be informed to try again in X minutes. Once the same server tries to send the message again the system will see this attempt and give it the all clear and allow receipt of the message.

As mentioned above, this is not just the senders address, but also the senders server address that is looked at. So if a company has two different sending servers for email then the message has to come from the same server else it will be bounced again.

Once the Greylist has been accepted this is added to a temp database for a period meaning emails from that combination will no longer be greylisted until the period has expired.

The reason this works so well is spammers generally do not use servers to email, they use scripts and other methods. As these methods do not store information and do not have the ability to retry once greylisting happens the message never gets through.

What’s the problem?

The issue is actually down to progression of email systems and trying to make them accessible 24/7. Most companies and online services like Microsoft’s Office 365 or Google’s GSuite have multiple outgoing servers to get around blacklists, server outages etc.

Having these multiple outgoing servers resolves many issues, but with greylisting this could delay emails by days as it bounced from one sending server to the other.

Conclusion

Greylisting is a wonderful idea which stops a vast amount of spam with not much overhead to spam systems. The problem is, with new services and the need for email now; this technology is showing it’s age.

Personally I would like to see this technology rise like the phoenix and once again help fight spam, but for the moment this technology is not used by us.

July 2018 Email Secuity Enhancements

Security improvements via spam filtering (SpamSnake)

What is this about?

As technology improves, we like to improve our systems and setups too. We do this has we look to provide the best services possible, but to also beat the bad guys.

The improvements we have coming throughout July are all email based, and for customers who have our spam filtering service.

 

What improvements are being made?

DKIM

Domain Keys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing. It allows the receiver to check that an email claimed to have come from a specific domain was indeed sent by the owner of that domain. It is intended to prevent forged sender addresses in emails, a technique often used in phishing and email spam. In technical terms, DKIM lets a domain associate its name with an email message by affixing a digital signature to it.

Throughout July we will be adding these signatures to outgoing emails, and as part of that we might ask you to contact your web hosting provider (if not us) to update the DNS records for this.

Once done recipients of your emails will be able to validate your messages using their filtering systems improving email protection.

Unfortunately if the recipient does not use any email filtering/protection this will not help you.

 

DMARC

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

Once again  if the recipient does not use any email filtering/protection this will not help you.

 

Routing Rules and Security

To improve security between our spam filtering platform (SpamSnake) and your email servers, we will be introducing rules to lock down transport between both systems.

 

Spam Reporting

To aid in reporting spam emails, or even ham emails (wanted but incorrectly caught). We have been working on an add-in for Microsoft Outlook for simple buttons to report it to us for analysis.

We will use the samples of these supplied emails via the buttons to improve the detection of spam, in turn creating a safer & cleaner inbox.

June 2018 Email Data Loss Prevention

Data Loss/Leak Prevention

What is Data Loss Prevention (DLP)?

Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network.

 

How can we stop data loss?

To start with, identifying the type of data you have  using GDPR guidelines is a good start. Once you have identified the data, we need to look at the ways the data could be lost or leaked from the business.

This blog is all about losing the data via email. This could be an employee sending the data or a virus transmitting it over email for instance.

To stop such data loss via email get in touch with one of our team to get your emails protected now.

How do Strobe IT protection emails again data loss?

As of the 28/06/2018, we have upgraded our spam filtering offering called “SpamSnake”. This system now has a DLP module in it to scan outgoing emails.

The system works on rules and patterns we create, and using these rules emails are then stopped and quarantined if they match. Once an email is quarantined we will be alerted to the issue so we can approach you about it.

Currently we have rules that cover the following types of data: –

  • Credit card number
  • Driving license
  • National insurance
  • Passport
  • etc…

We shall be adding to these all the time, but if you have a data requirement contact us letting us know so we can look at adding these for you too.

Past TechCorner Article Re-Post

Dear Readers,

as we have moved website we are just re-posting our older releases so they can still be viewed with the aim of making more soon.

 

TechCorner Articles