Tuesday, June 26, 2012

Outbound Spam Blocking

Here's a new twist on the Spam problem.

What if one of your users falls prey to a phishing scam and enters their username/password into a hacker's website?

The hacker then logs into that user's email account and sends spam with your corporate return address.

AOL, Yahoo, Comcast and other commercial email providers blacklist your domain so no email flows to commercial addresses.

In our case, this happened briefly.

We first contacted all the major commercial email providers to inform them that we are a legitimate business and not a spammer.

We checked blacklist sites to ensure we were not flagged as a spammer (or contacted those services/companies which had marked us as such)

To prevent the problem from recurring, we enhanced our Proofpoint email appliance as follows:

If a message is sent that has a spam score of 100 and has more than 25 recipients take the following actions, we
1.       Quarantine the message
2.       Send an alert to the user to contact the IS Support center to make sure there account has not been compromised
3.       Alert the messaging team of the quarantined message for remediation

Who would have thought that a single user, falling prey to phishing scheme, could result in the blocking of commercial email flow?

The internet can be a swamp of malware and malcontents!


Anonymous said...

Thank you! I knew if anyone could figure this out it would be you!

Anonymous said...

I have run into this same problem. Getting off all the blacklists was not fun. Plus we had to reinstall everything (no image)