Whack a mole: Dealing with Spam/Phishing
-
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
I believe that using the email providers spam and fraud detection has the potential to be better than any external gateway.
I am of that opinion as well. And SO much easier. I have no idea why people choose these external, and expensive, and generally flaky, tools. We deal with some of these all the time, and I know Trend Micro specifically is useless crap.
-
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
In Zoho for example, I believe that when users mark email as spam/fraud, it automatically trains Zoho's detection algorithms. After a while it will have learned how to detect those emails.
It does. We use that and it's not the best, but it's good. Certainly worlds better than Trend Micro and SO much cheaper.
-
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
I don't think that's possible when the email filtering solution never will get the users feedback.
It would be plausible, but super convoluted for the end users to do. They'd have to do a submission process. No one will do that.
-
I have my email account set as the catchall for our domain on Zoho so I get absolutely every stupid random spam crap that there could be and surprisingly, it's very little. It's a few a day, and gmail tends to get through the most. but because they send to fake accounts, I know instantly 100% that it is SPAM and mark it as such. Takes almost no effort, it's only a few a day, and does a lot to make our SPAM detection that much better before the team gets hit with it.
-
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
@gjacobse said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
@gjacobse said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
The problem is the process... why would someone be reporting spam and why is someone blocking it? That doesn't make sense. Get a good spam filter, configure, train people how to delete, done
"But this is the way we (they) have always done it... "
You mean they are "reporting" as in actually reporting it to someone? And not by marking it as spam in the email client?
Yeah, that doesn't make any sense. Far too time consuming.
Outlook Toolbar.. Reporting
OK, but that just ends up sending an alert email to the designated phishing mail contact, which is IT right?
It would have made more sense if those emails had been forwarded to Trend Micro automatically and their adaptive algorithm would have learned how to detect them.
Right now Trend Micro doesn't have a clue what emails their user are classifying as spam or phishing attempts. Because that happens way after the email has passed through their gateway.
That's interesting.
With Appriver - we forward emails to [email protected] and appriver deals with it. Other than constantly reminding people that's where the report needs to go - I don't really deal with it.
Thought as Scott mentioned - so much spam is a once and done situation - so reporting it is often pointless.
-
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
I believe that using the email providers spam and fraud detection has the potential to be better than any external gateway.
I am of that opinion as well. And SO much easier. I have no idea why people choose these external, and expensive, and generally flaky, tools. We deal with some of these all the time, and I know Trend Micro specifically is useless crap.
I recently tried to get rid of ours - sadly our insurance provider required a third party spam/virus filter that is not our email provider to qualify for the coverage.
No, I wasn't given the chance to tell them to look at other insurance where they don't have dumb rules like that. -
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
I don't think that's possible when the email filtering solution never will get the users feedback.
It would be plausible, but super convoluted for the end users to do. They'd have to do a submission process. No one will do that.
My users do.
-
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
I have my email account set as the catchall for our domain on Zoho so I get absolutely every stupid random spam crap that there could be and surprisingly, it's very little. It's a few a day, and gmail tends to get through the most. but because they send to fake accounts, I know instantly 100% that it is SPAM and mark it as such. Takes almost no effort, it's only a few a day, and does a lot to make our SPAM detection that much better before the team gets hit with it.
is there so few because their filter is already catching so much of it? or you're domain just happens to not get much?
-
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
I don't think that's possible when the email filtering solution never will get the users feedback.
It would be plausible, but super convoluted for the end users to do. They'd have to do a submission process. No one will do that.
My users do.
They submit to a third party portal to report spam?
-
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
I have my email account set as the catchall for our domain on Zoho so I get absolutely every stupid random spam crap that there could be and surprisingly, it's very little. It's a few a day, and gmail tends to get through the most. but because they send to fake accounts, I know instantly 100% that it is SPAM and mark it as such. Takes almost no effort, it's only a few a day, and does a lot to make our SPAM detection that much better before the team gets hit with it.
is there so few because their filter is already catching so much of it? or you're domain just happens to not get much?
We used to get a lot more, but we moved to Zoho and that reduced it a lot.
-
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
@gjacobse said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
@gjacobse said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
The problem is the process... why would someone be reporting spam and why is someone blocking it? That doesn't make sense. Get a good spam filter, configure, train people how to delete, done
"But this is the way we (they) have always done it... "
You mean they are "reporting" as in actually reporting it to someone? And not by marking it as spam in the email client?
Yeah, that doesn't make any sense. Far too time consuming.
Outlook Toolbar.. Reporting
OK, but that just ends up sending an alert email to the designated phishing mail contact, which is IT right?
It would have made more sense if those emails had been forwarded to Trend Micro automatically and their adaptive algorithm would have learned how to detect them.
Right now Trend Micro doesn't have a clue what emails their user are classifying as spam or phishing attempts. Because that happens way after the email has passed through their gateway.
That's interesting.
With Appriver - we forward emails to [email protected] and appriver deals with it. Other than constantly reminding people that's where the report needs to go - I don't really deal with it.
Thought as Scott mentioned - so much spam is a once and done situation - so reporting it is often pointless.
That's not a bad process. But still a bit more than just "mark as spam" which is really simple.
-
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
I don't think that's possible when the email filtering solution never will get the users feedback.
It would be plausible, but super convoluted for the end users to do. They'd have to do a submission process. No one will do that.
My users do.
They submit to a third party portal to report spam?
they forward the email to [email protected] then they delete it.
-
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
@gjacobse said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
@gjacobse said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
The problem is the process... why would someone be reporting spam and why is someone blocking it? That doesn't make sense. Get a good spam filter, configure, train people how to delete, done
"But this is the way we (they) have always done it... "
You mean they are "reporting" as in actually reporting it to someone? And not by marking it as spam in the email client?
Yeah, that doesn't make any sense. Far too time consuming.
Outlook Toolbar.. Reporting
OK, but that just ends up sending an alert email to the designated phishing mail contact, which is IT right?
It would have made more sense if those emails had been forwarded to Trend Micro automatically and their adaptive algorithm would have learned how to detect them.
Right now Trend Micro doesn't have a clue what emails their user are classifying as spam or phishing attempts. Because that happens way after the email has passed through their gateway.
That's interesting.
With Appriver - we forward emails to [email protected] and appriver deals with it. Other than constantly reminding people that's where the report needs to go - I don't really deal with it.
Thought as Scott mentioned - so much spam is a once and done situation - so reporting it is often pointless.
That's not a bad process. But still a bit more than just "mark as spam" which is really simple.
oh, that most definitely is. and it's an option we have in O365.... but we now have two layers of spam filtering - appriver and MS...
-
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
@gjacobse said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
@gjacobse said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
The problem is the process... why would someone be reporting spam and why is someone blocking it? That doesn't make sense. Get a good spam filter, configure, train people how to delete, done
"But this is the way we (they) have always done it... "
You mean they are "reporting" as in actually reporting it to someone? And not by marking it as spam in the email client?
Yeah, that doesn't make any sense. Far too time consuming.
Outlook Toolbar.. Reporting
OK, but that just ends up sending an alert email to the designated phishing mail contact, which is IT right?
It would have made more sense if those emails had been forwarded to Trend Micro automatically and their adaptive algorithm would have learned how to detect them.
Right now Trend Micro doesn't have a clue what emails their user are classifying as spam or phishing attempts. Because that happens way after the email has passed through their gateway.
That's interesting.
With Appriver - we forward emails to [email protected] and appriver deals with it. Other than constantly reminding people that's where the report needs to go - I don't really deal with it.
Thought as Scott mentioned - so much spam is a once and done situation - so reporting it is often pointless.
That's not a bad process. But still a bit more than just "mark as spam" which is really simple.
oh, that most definitely is. and it's an option we have in O365.... but we now have two layers of spam filtering - appriver and MS...
So people have to report to O365 AND AppRIver? Do they really catch enough different to justify filtering twice?
-
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
@gjacobse said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
@gjacobse said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
The problem is the process... why would someone be reporting spam and why is someone blocking it? That doesn't make sense. Get a good spam filter, configure, train people how to delete, done
"But this is the way we (they) have always done it... "
You mean they are "reporting" as in actually reporting it to someone? And not by marking it as spam in the email client?
Yeah, that doesn't make any sense. Far too time consuming.
Outlook Toolbar.. Reporting
OK, but that just ends up sending an alert email to the designated phishing mail contact, which is IT right?
It would have made more sense if those emails had been forwarded to Trend Micro automatically and their adaptive algorithm would have learned how to detect them.
Right now Trend Micro doesn't have a clue what emails their user are classifying as spam or phishing attempts. Because that happens way after the email has passed through their gateway.
That's interesting.
With Appriver - we forward emails to [email protected] and appriver deals with it. Other than constantly reminding people that's where the report needs to go - I don't really deal with it.
Thought as Scott mentioned - so much spam is a once and done situation - so reporting it is often pointless.
That's not a bad process. But still a bit more than just "mark as spam" which is really simple.
oh, that most definitely is. and it's an option we have in O365.... but we now have two layers of spam filtering - appriver and MS...
So people have to report to O365 AND AppRIver? Do they really catch enough different to justify filtering twice?
no, they don't - and likely they aren't. I've shown nearly no one how to report to MS - so that's the one that's skipped. Everyone has been told about forwarding email to spam@appriver - and yes, it's more work than just right click - mark as spam, but not so much so that people don't do it.
-
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
@gjacobse said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
@gjacobse said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
The problem is the process... why would someone be reporting spam and why is someone blocking it? That doesn't make sense. Get a good spam filter, configure, train people how to delete, done
"But this is the way we (they) have always done it... "
You mean they are "reporting" as in actually reporting it to someone? And not by marking it as spam in the email client?
Yeah, that doesn't make any sense. Far too time consuming.
Outlook Toolbar.. Reporting
OK, but that just ends up sending an alert email to the designated phishing mail contact, which is IT right?
It would have made more sense if those emails had been forwarded to Trend Micro automatically and their adaptive algorithm would have learned how to detect them.
Right now Trend Micro doesn't have a clue what emails their user are classifying as spam or phishing attempts. Because that happens way after the email has passed through their gateway.
That's interesting.
With Appriver - we forward emails to [email protected] and appriver deals with it. Other than constantly reminding people that's where the report needs to go - I don't really deal with it.
Thought as Scott mentioned - so much spam is a once and done situation - so reporting it is often pointless.
That's not a bad process. But still a bit more than just "mark as spam" which is really simple.
oh, that most definitely is. and it's an option we have in O365.... but we now have two layers of spam filtering - appriver and MS...
So people have to report to O365 AND AppRIver? Do they really catch enough different to justify filtering twice?
no, they don't - and likely they aren't. I've shown nearly no one how to report to MS - so that's the one that's skipped. Everyone has been told about forwarding email to spam@appriver - and yes, it's more work than just right click - mark as spam, but not so much so that people don't do it.
Why report to that one when O365 is the important one and the one that's like 10x more likely to be permanent instead of being clearly in the "should be removed" category? Less work, better results, less long term risk.
-
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
@dashrender said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
@gjacobse said in Whack a mole: Dealing with Spam/Phishing:
@pete-s said in Whack a mole: Dealing with Spam/Phishing:
@gjacobse said in Whack a mole: Dealing with Spam/Phishing:
@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:
The problem is the process... why would someone be reporting spam and why is someone blocking it? That doesn't make sense. Get a good spam filter, configure, train people how to delete, done
"But this is the way we (they) have always done it... "
You mean they are "reporting" as in actually reporting it to someone? And not by marking it as spam in the email client?
Yeah, that doesn't make any sense. Far too time consuming.
Outlook Toolbar.. Reporting
OK, but that just ends up sending an alert email to the designated phishing mail contact, which is IT right?
It would have made more sense if those emails had been forwarded to Trend Micro automatically and their adaptive algorithm would have learned how to detect them.
Right now Trend Micro doesn't have a clue what emails their user are classifying as spam or phishing attempts. Because that happens way after the email has passed through their gateway.
That's interesting.
With Appriver - we forward emails to [email protected] and appriver deals with it. Other than constantly reminding people that's where the report needs to go - I don't really deal with it.
Thought as Scott mentioned - so much spam is a once and done situation - so reporting it is often pointless.
That's not a bad process. But still a bit more than just "mark as spam" which is really simple.
oh, that most definitely is. and it's an option we have in O365.... but we now have two layers of spam filtering - appriver and MS...
So people have to report to O365 AND AppRIver? Do they really catch enough different to justify filtering twice?
no, they don't - and likely they aren't. I've shown nearly no one how to report to MS - so that's the one that's skipped. Everyone has been told about forwarding email to spam@appriver - and yes, it's more work than just right click - mark as spam, but not so much so that people don't do it.
Why report to that one when O365 is the important one and the one that's like 10x more likely to be permanent instead of being clearly in the "should be removed" category? Less work, better results, less long term risk.
Time, the old process is already in place. It's just a matter of informing people at this point - it just hasn't happened yet.