In a continuing effort to increase the cybersecurity posture of our customers, AXICOM is implementing some advanced email security measures to prevent scammers from spoofing your domain to deliver phishing emails to your employees. One example of a domain spoofed email is scammers will send a targeted email to users which will appear to come from the company president, CFO or IT manager.
Phishing attacks attempt to lure even the most scrutinizing user into clicking links or opening attachments that will download ransomware or take you to password-stealing websites. AXICOM is deploying a multi-layered defense system to help prevent these kinds of phishing attacks.
Enabling SPF, DKIM and DMARC
These three technologies are configured in the DNS of your email domain.
- SPF (Sender Protection Framework) is allowed sender list of 3rd party cloud services that are permitted to send email on your behalf so it appears to come from your domain (mycompany.com).
- DKIM (Domain Keys Identified Mail) uses signature keys so Internet mail servers can verify the authenticity of your email server or service (e.g., Office 365, Exchange).
- DMARC (Domain-based Message Authentication Reporting & Conformance) is an email security protocol that tells internet mail servers how to handle email that fails the SPF and DKIM validation tests and can send you reports.
Adding Allowed Senders to Your SPF Record
AXICOM will configure your SPF record to allow only authorized 3rd party cloud services to send messages from your domain. So, we need to know all the 3rd party cloud services that send email from your domain. These services may include email marketing (e.g., ConstantContact), CRM (e.g., SalesForce, ZOHO), ticketing systems (e.g., ZenDesk), practice management (e.g., Clio), billing/invoicing, web orders, and mail processing services (e.g., SendGrid).
Enabling AxiBlock Advanced Threat Features
The newest version of our AxiBlock email security service includes some additional features such as blocking email threats from foreign countries, dangerous attachments, fraudulent impersonation attempts, and links taking you to malicious websites.
Blocking Foreign Countries
AxiBlock will allow email sent using servers in the USA, UK, Canada, and Mexico. In addition, we will allow email from Netherlands Finland, France, Germany, which are countries that host Microsoft, Google, Yahoo mail servers. Email originating from other countries will be blocked including Iran, Russian Federation, Venezuela, North Korea, Hong Kong, China and others.
If you do business with countries not on our allowed list, let us know so we can add them to the allowed country list or, preferably, we will whitelist specific email domains.
Website links in email message will be scanned to help prevent phishing. The normal email message link will be modified to include https://link.edgepilot.com which is the safe link scanning website, followed by the normal link. There will be a brief scan (1-3 seconds) before the intended website appears (if it is deemed safe, of course).
Normal link: https://www.axicom.net
AxiBlock modified safe link: https://link.edgepilot.com/s/ac77e6c2/TTzFdTOb9EOtu3PGyR24iw?u=https://www.axicom.net/
AxiBlock already blocks dangerous attachment such as EXE, COM and BAT files. We have seen an increase in phishing email send using with HTM and HTML file attachments so these file times will be added to our blocked attachment list.
Anther clever trick used by phishing scammer is to impersonate C-level executives, owners and company names by using letter combinations like 'rn' instead of 'm' or l (lower case L) for I (capital i). We will add C-Level employees and your domain(s) names to the impersonation filter.
Document Scanners and Other Devices
Copiers and MFP printers that send PDFs via email, or devices that send alerts via email traditionally use mail relays, which have been a source of exploitation by phishing scammers. So, we will need to modify these devices so they send messages by logging into an Exchange mailbox instead.
These new email security settings will likely result in some legitimate email being caught in your spam quarantine. You and your staff will need to review your daily AxiBlock Quarantined Message Report for legitimate message which you can request to be released from quarantine. The Quarantined Message Report is automatically emailed daily but you can request a current report and view the quarantine anytime by clicking on the appropriate links in the Quarantine Message Report email. When you release a legitimate email from quarantine, AXICOM will review it and tune the email security system.
There is no additional monthly fee to set up these advanced email security safeguards with the exception of an Exchange mailbox for PDF scan-to-email and alerts. But this project is outside the scope of the regular maintenance and support and will incur a one-time project fee. We will contact you with an estimate of the cost.
With these new email security settings, you will enjoy a reduced the amount of phishing email scams getting to your inbox. But nothing is 100% effective and users will need to remain vigilant, examine messages carefully for signs of phishing like fake sender email addresses, suspicious looking links, and unrequested attachments