These days, it seems that a new nationwide email security threat emerges every week. Consider some of the biggest schemes that have made headlines so far this year:
In March, Wells Fargo fell victim to a phishing scam in which customers received an email asking them to confirm recent changes to their account. If a customer clicked on the email link, they were taken to a phishing page that asked them to enter their account information.
Also in March, a new malware program was discovered that has been used to target the energy sector. The Trojan was being spread to employees in the oil and gas industries through email messages with Excel attachments. Once the Excel document was opened, an exploit code was executed and a virus began collecting information from the user’s computer.
In July, a number of Skype users reported spoofing issues due to a so-far unresolved security issue. Several said their contact lists were hacked, and they received spoofed messages, supposedly sent from their contacts, which contained suspicious links and requests for information.
As the variety and sheer number of email security threats have continued to increase exponentially, whitelisting has become a common tool to help businesses protect against malware, phishing and other schemes. Combatting a rising tide of viruses and similar threats, IT departments can’t keep up with all the new virus signatures. So instead of telling the network what you don’t want in, it becomes more effective to whitelist those senders who you trust.
Today, whitelisting is used by the vast majority of email security providers to safeguard their customers from malicious messages, while also making sure that important emails get where they’re supposed to go. But the way whitelisting works poses a problem.
How Whitelisting Works
Whitelisting programs compare each incoming email against a list of approved senders. Every message sent from a known email address, domain or IP address is always allowed through. But as any savvy email user understands, malicious emails and phishing schemes can easily come from someone you know and trust. Unfortunately, once the email is approved, it’s routed straight to your inbox—even if your email security solution uses other layers of defense.
When Whitelisting Fails
As phishing, spear-phishing and email hacking in general become more common, whitelisting is not enough to keep your company’s email secure. It takes only one malicious email to slip through to give hackers access to your network and its sensitive data.
Simply listing those IP addresses that are trusted or not trusted is not enough. Today’s businesses need several layers of protection that will provide comprehensive protection from phishing, malware and viruses by scanning every email—not just those that didn’t make the whitelist cut.
Alternatives to Whitelisting
So what is the alternative to whitelisting? To move beyond whitelisting, today’s businesses need a more sophisticated filtering process that includes the following:
IP reputation checks. Beyond simply doing a one-to-one comparison, this filter uses pattern-matching technology to proactively identify malicious senders. This type of continuous reputation checking is especially helpful against zombie and botnet attacks.
By looking for common spammer automation behaviors, this layer helps detect malware—even if it’s sent by a known contact who has had their account hijacked.
Spoofing attacks can easily trick whitelisting systems by changing the source address of an incoming email to make it look like it’s coming from a trusted source. But new anti-spoofing technology helps prevent identity theft and other phishing schemes by identifying and dropping packets that have a false source address.
As new viruses are introduced, businesses need email security that constantly updates virus signatures for both the email content and attachments.
The email users in your business want to know that their inboxes are secure; but they also need a bit of flexibility to ensure that they will still receive the messages that they want to receive. Today’s email security should allow each user to create an email “community” of approved senders—even if that includes senders that other filters might flag as spam.
In addition, businesses can benefit by using email security that proactively checks for approved senders in a more intelligent way. For example, a silverlisting technique tracks source IP address for all email senders, 24/7. When a message comes in from a new IP address, the email is deferred in the SMTP transaction. When the message is retried—which the vast majority of spammers will avoid—the message is accepted and goes through the system’s other security filters. Once a given IP address has successfully gone through this “handshake” process, it is considered approved for the next 30 days.
After recognizing that email security is more than just whitelisting, Sendio developed Email Security Gateway™ and Opt-Inbox™, which use the techniques above to intelligently secure email. Learn More about a layered approach protects your business from today’s growing email security threats.