Email firewalls
Discussion
I work for a large media organisation whose IT Department are super-keen on cyber security. As a result of this a lot of emails that have been sent to me have been "intercepted" and the first I've heard of it is when the sender contacts me a few weeks later and asks if I've seen their invoice /tender/ documentation/ bank accounts. The problem is that, working in Finance, i receive a lot of emails with encrypted attachments and links.
Anyway my question is this - is it not possible for IT to set up some kind of firewall rule which emails the recipient to tell them that an email has been blocked and to email them if it needs to be released? Im sure Ive seen this in other organisations where I've worked but the IT Dept where I currently work seems to be staffed by incompetents.
Anyway my question is this - is it not possible for IT to set up some kind of firewall rule which emails the recipient to tell them that an email has been blocked and to email them if it needs to be released? Im sure Ive seen this in other organisations where I've worked but the IT Dept where I currently work seems to be staffed by incompetents.
somouk said:
Depends on what service they are using for their email filtering.
Most offer the service you need where you are notified of block and can then release it if it is expected. They likely just haven't enabled it or are using software that doesn't have that feature.
We use Outlook 365 and something called Mimecast. I think it's more likely they don't know how to enable it but cba looking into it.Most offer the service you need where you are notified of block and can then release it if it is expected. They likely just haven't enabled it or are using software that doesn't have that feature.
We've recently changed IT support provider (financial services company too) and now have an email filter called Barracuda which is absolutely awful. It's too sensitive and puts many perfectly safe domains and emails behind a block list, even from the IT support company themselves! Their answer is that we'll need to compile a list of all the domains we want to allow through the filter.
Right, that won't take long then!
Right, that won't take long then!
Normally, these services like Mimecast, Barracuda, Proofpoint, Postini, ..... can be deployed in learning patterns and can offer used a method by which they release their quarantined emails to be delivered to their mailboxes.
They are not crap per say, they only suffer crap implementations.
Anyway, the OPs emails are being quarantined because they contain unscannable content due to password protection. The OP should ask his IT provider for support as PH probably does not have admin access to his tenant and tooling
They are not crap per say, they only suffer crap implementations.
Anyway, the OPs emails are being quarantined because they contain unscannable content due to password protection. The OP should ask his IT provider for support as PH probably does not have admin access to his tenant and tooling
Koyaanisqatsi said:
We've recently changed IT support provider (financial services company too) and now have an email filter called Barracuda which is absolutely awful. It's too sensitive and puts many perfectly safe domains and emails behind a block list, even from the IT support company themselves! Their answer is that we'll need to compile a list of all the domains we want to allow through the filter.
Right, that won't take long then!
That's another thing. When I ask IT if an email from So-and-so has been blocked they'll ask me what the sending email address was. I have to explain to them that I have no idea because I've never received an email from them. I can take a guess and give them the name of the sender but the email could be almost anything.Right, that won't take long then!
eeLee said:
Normally, these services like Mimecast, Barracuda, Proofpoint, Postini, ..... can be deployed in learning patterns and can offer used a method by which they release their quarantined emails to be delivered to their mailboxes.
They are not crap per say, they only suffer crap implementations.
Anyway, the OPs emails are being quarantined because they contain unscannable content due to password protection. The OP should ask his IT provider for support as PH probably does not have admin access to his tenant and tooling
Pretty much this.^They are not crap per say, they only suffer crap implementations.
Anyway, the OPs emails are being quarantined because they contain unscannable content due to password protection. The OP should ask his IT provider for support as PH probably does not have admin access to his tenant and tooling
I sell Mimecast, Proofpoint and Barracuda amongst others and they all require a little bit of tweaking and learning in the earlier days. We use Proofpoint internally here and we get a digest of what's been blocked twice a day and can approve our own blocked emails for release; however, as a company that sells this stuff we're a little more attuned to the risks of allowing random quarantined emails through although vigilance is always required!
Sounds like Countdown's in a tricky position as a passworded zip from potentially unknown source raises red flags..!
Koyaanisqatsi said:
We've recently changed IT support provider (financial services company too) and now have an email filter called Barracuda which is absolutely awful. It's too sensitive and puts many perfectly safe domains and emails behind a block list, even from the IT support company themselves! Their answer is that we'll need to compile a list of all the domains we want to allow through the filter.
Right, that won't take long then!
I don't get this; just because you know a domain doesn't mean that all email coming from it can be trusted! That's poor advice from your IT provider; it's akin to locking the door and then leaving the key under the mat.Right, that won't take long then!
Countdown said:
That's another thing. When I ask IT if an email from So-and-so has been blocked they'll ask me what the sending email address was. I have to explain to them that I have no idea because I've never received an email from them. I can take a guess and give them the name of the sender but the email could be almost anything.
Get the person whose email you haven't had to send you a follow up but without the attachment. Even if they're using some sort of system to send invoices etc then you should be able to see the From: address.It could be that the From: address and the real sender don't match - that alone can be enough to cause the email to be put into Junk or even quarantined as it looks lke a spoofed sender.
Funk said:
I don't get this; just because you know a domain doesn't mean that all email coming from it can be trusted! That's poor advice from your IT provider; it's akin to locking the door and then leaving the key under the mat.
Yes - we've been getting loads of phishing email from NHS machines. Apparently it's known thing - some ISPs have been blocking all NHS email.Sheepshanks said:
Funk said:
I don't get this; just because you know a domain doesn't mean that all email coming from it can be trusted! That's poor advice from your IT provider; it's akin to locking the door and then leaving the key under the mat.
Yes - we've been getting loads of phishing email from NHS machines. Apparently it's known thing - some ISPs have been blocking all NHS email.The other major consideration here is that Finance are often a specific target for phishing/malware mainly due to the fact that they are the ones in a position to be conned/duped into sending large amounts of money to the wrong place etc.
Edited by Funk on Thursday 27th October 14:51
Working for one of the "mail filtering" companies I can confirm that the system can indeed be configured to whilelist your senders domain.
IF the system is set-up correctly you can get daily emails for emails that have been held, and the option to release them. It sounds like the domain of your sender has been blacklisted and marked as malicous/spam so IT doesnt see the blocked email.
On a well configured system you SHOULD be able to specify which domains to you, you will accept email from. If not the system needs configuring!
IF the system is set-up correctly you can get daily emails for emails that have been held, and the option to release them. It sounds like the domain of your sender has been blacklisted and marked as malicous/spam so IT doesnt see the blocked email.
On a well configured system you SHOULD be able to specify which domains to you, you will accept email from. If not the system needs configuring!
@Countdown - this might be an obvious question, but do you check your 'Junk'* folder on a regular basis?
Microsoft's 'smart filters' are not really that smart unfortunately.
- might be called 'Junk email'
Microsoft's 'smart filters' are not really that smart unfortunately.
TonyRPH said:
@Countdown - this might be an obvious question, but do you check your 'Junk'* folder on a regular basis?
Microsoft's 'smart filters' are not really that smart unfortunately.
It's a very good point. I didn't use to but I do now because that's the first thing IT tell me - might be called 'Junk email'
Microsoft's 'smart filters' are not really that smart unfortunately.
TonyRPH said:
@Countdown - this might be an obvious question, but do you check your 'Junk'* folder on a regular basis?
Microsoft's 'smart filters' are not really that smart unfortunately.
Depending on the verson of 365 they can be heavily tweaked. We use the default settings and I'd say they're pretty good but they err on the side of not putting stuff into junk. I'll maybe get one genuine email a month in Junk - if anything, it's a problem that it's so few as I don't think to routinely look in the Junk folder.- might be called 'Junk email'
Microsoft's 'smart filters' are not really that smart unfortunately.
Craig f said:
Working for one of the "mail filtering" companies I can confirm that the system can indeed be configured to whilelist your senders domain.
IF the system is set-up correctly you can get daily emails for emails that have been held, and the option to release them. It sounds like the domain of your sender has been blacklisted and marked as malicous/spam so IT doesnt see the blocked email.
On a well configured system you SHOULD be able to specify which domains to you, you will accept email from. If not the system needs configuring!
That's what we've got -- a daily email with 20/30/40+ emails that we have to manually allow or block. Those daily Barracuda summary emails ironically go into the Junk box, it's becoming rather tedious for us all.IF the system is set-up correctly you can get daily emails for emails that have been held, and the option to release them. It sounds like the domain of your sender has been blacklisted and marked as malicous/spam so IT doesnt see the blocked email.
On a well configured system you SHOULD be able to specify which domains to you, you will accept email from. If not the system needs configuring!
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff