Why You Shouldn't Whitelist
Email is one of the most important forms of communication for people, and especially businesses. Due to how important emails are, and the kind of information that is normally exchanged, emails need layers of security to protect its contents. For the most part, emails are fairly secure and prevent your data from being exposed. However, the biggest danger of sending emails is not because of security flaws, but rather human error. Thieves and scammers have learned that it is much easier to trick email users to give in their information than it is to steal it. This is done in several methods that we have covered in the past, in the form of phishing emails and of the like.
For this reason, many companies have implemented email filters that are designed to catch the majority of spam and scam emails. However, it is impossible to correctly identify and block every spam email, especially those of a certain type.
Email filters were engineered to efficiently spot and filter out any a suspicious mail from the bulk of your inbox. The way it does this is by searching for key words and combination of characters to make an educated guess whether to allow it through or not. One problem with this form of spam detection is it prone to false positives and negatives, allowing spam mail to get delivered and sometimes blocking non malicious mail.
This can be annoying, especially when you awaiting important mail from a known person or business partner because their email contains a phrase or word, maybe even a document, that the filter will process as spam. To get around this, email filters have the capabilities to allow mail from specific senders or domains to go through, regardless of the contents. This process is called whitelisting; whitelisting essentially shoots the emails through, into the intended mailbox, without checking the contents.
Whitelisting is a powerful tool, especially to those who work in an environment that receive confidential and personal information. An email with people’s personal information is sure to get held up in any email filter. In fact, here at Firestorm, we have had customers get their emails bounced back for much less; in some cases, any string of random numbers and letters that could represent a phone number has been flagged because the filter thinks it is credit card information. In the case that an email gets flagged by a web filter, there are a few ways to release the email.
The first method, to get those emails delivered, is by releasing the email from the web filter or quarantine. Doing this basically releases the email from the net that it was caught in manually. This is useful when you notice that you are missing a single email from a person, or client, because you have to manually go in and release the emails. If you were to need to release multiple emails from the sender or senders, releasing an email at a time can be a hassle and some will opt to whitelist an entire user or domain; this can be rather risky and could open up your inbox to a variety of threats.
With a variety of partners that a company has, you would think that it is a good idea to whitelist the domains of those partners. It would allow for seamless communication without risking that the emails get blocked. However, this opens up the mailboxes to a variety of threats that could result in data theft. Scammers have learned to take advantage of email filters and how whitelisting works. They do this by tricking the email filters into thinking that the email is from a known and trusted source.
Trusted sources are mainly correlated with whitelisted addresses and domains. Scammers will do something called spoofing. In essence, spoofing is like using a fake identity, tricking the software to think that the contents are safe and no need to scan and confirm that the contents are not malicious. Scammers can even spoof your own organization’s email addresses and make workers think that their boss is asking for information or favors.
There are a few ways in which these white listing dangers can be prevented. For one, avoid whitelisting entire domains. By white listing an entire domain, you enable the filter to allow anyone with that domain to enter inboxes regardless of the contents of if it is a valid email address. For example: if you were to whitelist the domain: firestormcyber.com, anyone with the firestormcyber.com mail address will be allowed through your filter, even if it is not a valid email address from us.
The next precaution you may take to prevent attacks via whitelisting dangers is by not whitelisting popular and well-known companies. Scammers like to take advantage of well-known companies and use fake email addresses from them as well because it is usually credible to receive and email from them. For example, over the past couple of years, it is becoming more common to see spoofed email from bank companies asking them to send their card information of social security information via email. Most of these emails will be caught by spam filters, unless the domain is whitelisted, meaning that the email will not be scanned for malicious intent.
The last way to further protect yourself and company from potential scam threats, like the ones described above, is to engage an MSSP to handle cyber threats. MSSPs, like Firestorm Cyber, do a variety of services including endpoint protection and email filtering and management to take care of all the threats and best practices so you don’t have to. We also provide optional email spam training, for staff to learn to distinguish differences between credible emails and those that are not. We do this by pushing fake spam emails that replicates the real ones. If the emails are opened, the staff is notified in the email if they would’ve been the next victim.