The Phishing Email problem
Email Headers show that the message did not come from the claimed sender
The best solutions to filter out phishing email messages
1. Email Rules
- Create a rule on the client's side
- Create a server-side rule
2. Email Header Scanner
Email header scanner logic can include Sender Domain, Sender Email address, Sender Reply Address, Email delivery domains and IP's and SPF records.
For example, the SPF record at one of our client's server looks like this.
We setup a transactional email service that is using Amazon infrastructure and authenticated it in DNS Zone records. Server DNS record resolves to amazonses.com - the true and TRUSTED sender A Record and IP addresses (pools).
3. Email Body and Attachment Scanners
Email body scanner can include hyperlink analysis (see where the hyperlink leads), and word analysis for unusual misspellings.
Email attachment scanner can scan for javascripts, macros, .exe (executables), Windows .cab (cabinet) files and Windows Help files... even if they are ZIP'd, 7Z'd or RAR'd.