Re: [fw-wiz] Securing email by inhibiting urls



Perhaps it may be worth looking at it from the other angle.

If you have URL's being accessed from your environment (from emails or
other sources) these can be channeled via a proxy on the client end.
You could then control the URL categorization and/or blocking via that
method. Many proxy services get updates of known bad domains and block
these automatically (similar to AV updates). This is not directly tied
to the mail system, but should give you an option to still control the
outbound requests to attack URL's.

Just a thought.
--
Regards,
Mathew Want

On 2 August 2011 04:46, Chris <chughes@xxxxxxx> wrote:
A company I work for has been having great difficulty in securing against
email attacks.  So far we have disabled access to webmail, implemented
rules and processes to block freemail services like hotmail etc until the
sender registers the address and of course a spam filter (BrightMail).
Attachment filtering is pretty strict as well.



The threat that presents the biggest challenge is url links in emails.  The
common method of attack is an email from somedomain.com where they change
one character or otherwise make the address look valid (ie:
joe@xxxxxxxxxxxxxx or j0e@xxxxxxxxxxxxxx etc).



I was looking for a way to spot and block hyperlinks but it looks like the
only option I have is to filter on these and send them to a spam bin.  I’d
rather yank the offending hyperlink and replace it with a message of some
sort.  Unfortunately BrightMail doesn’t offer that capability.



Any products that do this or ideas on a solution?



Thanks

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards





--
"Some things are eternal by nature,
others by consequence"
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [fw-wiz] Securing email by inhibiting urls
    ... email attacks. ... sender registers the address and of course a spam filter. ... I was looking for a way to spot and block hyperlinks but it looks like the ...
    (Firewall-Wizards)
  • [fw-wiz] Securing email by inhibiting urls
    ... email attacks. ... sender registers the address and of course a spam filter. ... I was looking for a way to spot and block hyperlinks but it looks like the ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Securing email by inhibiting urls
    ... rules and processes to block freemail services like hotmail etc until the ... sender registers the address and of course a spam filter. ... I was looking for a way to spot and block hyperlinks but it looks like the ...
    (Firewall-Wizards)
  • Re: NASTY SPAM ATTACK
    ... I think the term for this sort of attack is "sporge". ... found this on another newsgroup being bugged by this. ... Perhaps DIG can filter out this attack, for now anyways, using what I saw ... DIG is tempormental. ...
    (talk.origins)
  • Re: Everything is just fine in a.s.d.
    ... of strangers to clog up the newsgroup then there is no sabotaging ... despicable that they had to filter them out. ... have to say and then attack it. ... Too bad you don't know how to spell ...
    (alt.support.diabetes)