Clever Protection Against Malicious Email Attachments

Clever Protection Against Malicious Email Attachments

The modular secure mail gateway solution NoSpamProxy is now available in version 12. In addition to minor additions and performance improvements, the new version of the Secure Mail Gateway brings two new function modules. With the reputation system, the senders of e-mails are subjected to a total of nine different checks in order to classify their trustworthiness. The new attachment management allows a kind of X-ray view of e-mail attachments.

Clever protection against malicious email attachments

In the race against increasingly professional and perfidious attack methods, established technologies for detecting malware and fraud attempts à la CEO Fraud are falling further and further behind.

For example, well-crafted malware attacks now recognize – analogous to diesel on the test bench – that they are in a sandbox and behave accordingly harmlessly until the test is over. The time windows until the usual mechanisms take effect, and thus security gaps, are thus becoming larger rather than smaller.

Sender reputation, instead of constant cat-and-mouse game

In the newest version, NoSpamProxy brings more security in the form of a multi-level system for the determination of the sender’s reputation. For this purpose, NoSpamProxy combines a total of nine different checks. The most important of these are SPF, DKIM, and DMARC checks, which can be used to determine beyond doubt whether a mail actually originates from the sender it claims to.

READ:  What is Open Source Intelligence (OSINT)?

Net at Work has been working with these technologies for some time and is now one of the first providers to use the DMARC entry in NoSpamProxy for checking purposes. With a DMARC record, the sending domain can specify which quality criteria a mail from it must have. NoSpamProxy evaluates this information accordingly.

These new procedures are combined with NoSpamProxy’s level-of-trust approach, which is based on self-learning, automatic whitelisting.

“The best possible evaluation of sender reputation creates an extra level of security because it is effective immediately. If a sender’s reputation is not positive, rules with tighter checks and measures can take effect immediately,” says Stefan Cink, an email security expert at Net at Work.

X-ray view of e-mail attachments

Another important potential for combating malware lies in the handling of e-mail attachments. For this purpose, NoSpamProxy version 12 brings a new function with which attachments in Word or Excel format can be converted into non-critical PDF files on a rule-based and automated basis. Potentially existing malicious code is left out of the process.

The e-mail recipient is thus sent an attachment that is guaranteed to be harmless. The PDF document contains a preview page with individual notes on the reason for the conversion and – if desired – a link to the original document, which is in a special quarantine. This way, the user can first get an overview of what the content of the sent attachments is.

READ:  VPN Encryption is Not Useful For All Scenarios!

This eliminates the risk that he might decide to download a potentially contaminated Word or Excel file onto his computer “out of curiosity about the content”.

What is particularly interesting about this feature, which of course also works with attachments in ZIP files, is that the decision to convert the attachments can again be based on the sender’s reputation or level of trust.

For example, only attachments from unknown senders can be converted. This function can also be used when using Large Files Transfer to exchange large amounts of data, thus ensuring greater security in this case as well.

“This is where the conceptual strength of NoSpamProxy becomes apparent. All protection mechanisms interlock seamlessly and the sender’s reputation or the level-of-trust determined by us can be used for fine-tuned control of the protection functions. This allows mail security policies to be implemented that take into account the practical requirements of the user,” continues Cink.

In addition to these two new features, NoSpamProxy version 12 brings a whole range of other improvements in detail. These include, for example, an improved service for determining IP reputation, a new OData interface for message tracking, which significantly expands external reporting and analysis options.

A particularly interesting feature allows external communication partners to send encrypted e-mails to a recipient via a web portal, even if the sender itself does not have encryption capabilities.