How to fine-tune email protection

How to protect your company from mail bombs and other unwanted correspondence using personal content filtering

When it comes to spam, we usually think of completely unrelated advertising letters, which anti-spam engines filter out without any problems. However, it’s far from the most unpleasant thing that can land in your mailbox. Spam is sometimes used to launch a DDoS attack on corporate email addresses, and the victim is bombarded with completely legitimate emails unsuspecting standard anti-spam engines.

Registration confirmations attack

To launch a mail bomb attack, attackers can take advantage of registration procedures on web resources of completely unrelated companies. Using automation tools, they register on thousands of services from different countries using the victim’s email address. As a result, a large number of confirmations, links to activate your account, and similar messages end up in your mailbox. Furthermore, since they are sent by legitimate mail servers with a good reputation, the anti-spam engine considers them legitimate and does not block them.

As a target, attackers typically choose an address that is critical to the company’s operations—something that is used to communicate with clients or partners. For example, the sales department mailbox, technical support, or bank address to which mortgage loan applications are sent. An attack can last for days, and the sheer volume of emails simply overloads the victim’s mail server and paralyzes the attacker’s department.

To successfully protect a mailbox from such an attack, a more sophisticated tool is required. As one of the methods of protection against mail bombs, we recommend using the personal content filtering module built into our updated Kaspersky Secure Mail Gateway, in particular, attacks through the registration mechanism. In the above example, the operator can block letters based on presence. The word “registration” in different languages in the subject field (Registrace | Registracija | Registration | Registración | Regisztráció). As a result, emails will be automatically sent to quarantine without reaching the inbox and overloading the mail server.

Personalized mail filter settings

Depending on the size of the letter;
by attachment types and names;
From Sender — You can specify a specific sender address or a regular expression.
by recipients (including anonymous persons);
by the presence of some text in the body of the letter (keywords and regular expressions may be included in the dictionary);
By the presence of text in the body of the letter – by keywords, using masks and regular expressions, indicating specific senders;
By X header.

Flexible filtering of business mailings

The new capabilities of our solution can be used not only to protect against email bomb attacks. They can be used, for example, for flexible configuration of B2B mail out filtering. Not all employees understand all types of business mailings the same way: for some it makes sense to look for offers to purchase electronic parts. For others, such advertisements simply clog their inboxes, while they value various invitations to attend conferences or hold seminars.

Therefore, blocking legitimate business mail out completely is not an option. But on the other hand, it is not even worth allowing their uncontrolled transmission: someone will always be dissatisfied.

Leave a Comment