4 Mistakes You’re Making With Your Spam Filter (And How To Fix Them)
Adjusting your spam filter to the right level of sensitivity is one of the most important steps you can take to defend your network from harmful email malware. However, it’s easy to miss an important email if you set your sensitivity too high.
How do you find the right sensitivity level so you aren’t missing out on important messages, while still protecting yourself from a harmful virus?
It starts with whitelisting, and it’s essential to blocking potential viruses from slipping through your inbox.
How Does Whitelisting Work?
Spam filters use various detection methods to prevent malicious emails from reaching your inbox. Unfortunately, these detection methods can sometimes characterize legitimate emails as spam. These false positives can occur because of specific wording, attachments or links within an email.
Whitelisting can help ensure you receive emails from specific senders and domains.
Whitelisting helps make sure your important emails aren’t continuously caught in your spam filter. However, it’s essential to note that once an email address or domain is added to the whitelist, this setting will bypass any spam filter protection and deliver the email to your inbox whether or not there is malicious content in the email. That’s why you need to create a whitelist that passes legitimate emails to your inbox while limiting potentially dangerous emails.
The Best Way To Set Up A Whitelist
Here are some best practices for adding emails to your whitelist:
- Limit whitelisting to specific emails instead of domains whenever possible.
- Avoid whitelisting generic email addresses like firstname.lastname@example.org and email@example.com.
- Avoid whitelisting email addresses and domains for email services like banking, shipping, retail, online services, free email services, internet service provider email accounts, or major device manufacturers. This includes companies like Wells Fargo, Bank of America, FedEx, Microsoft, eFax, Aol, Gmail, SharePoint, HP and more. These email domains are highly targeted for spoofing and malicious activity. Valid emails from these sources should pass the spam tests and deliver to your inbox.
- Never whitelist email addresses or domains for your own company. The spam filter protects emails sent from external email addresses. Legitimate company emails to and from your company process internally and will not be scanned by the spam filter. Adding your company emails or domains to the whitelist creates a vulnerability where a malicious attacker can spoof company email addresses which bypass the spam filter protection.
Spam protection is evolving with the continuous advancements of malicious activity. However, you should still always use email best security practices when reviewing a sender’s email address, clicking on links and opening attachments. Download our free cyber security guide to get a brief course on cyber security best practices.
The #1 Way To Prevent A Cyber Intruder
Whitelisting is the first step to preventing an email hacker from penetrating your business, but the #1 way to prevent a cyber disaster is to educate your staff on basic cyber security best practices.
There are a few basic rules for identifying a phishing, spear-phishing, or spoofing email. While hacking attempts get increasingly sophisticated, there are a few tried-and-true methods to identifying them that remain the same.
For many organizations, it’s not a matter of if you’ll get hacked but when. Be diligent about your backup software to make sure it’s ready in case of a cyber security breach. Disperse an internet usage policy to your staff, invest in cyber security training, and keep your workstations and software updated to avoid a hack. Using those methods in conjunction with your new whitelisting knowledge will help keep hackers at bay.
About Bill Walter
Bill, our lead networking guru, loves showing clients how technology can be worked into their existing processes to improve efficiency and security. His expertise includes cyber security, high level planning for internal and external networks, , and hands-on installation and configuration of networks. He helps organizations of all types and sizes implement cyber security best practices to protect sensitive data. Normally a pretty easygoing guy, Bill thinks there should be a law against wearing a Bluetooth headset when it’s not in use.