5.7. Phishing and spam
Anti-phishing
Classifications
The following classifications are applied to (potential) phishing emails:
-
Phishing
-
Possible phishing
-
Anti-phishing failure
For details see 5.11. Email classifications.
Handling of phishing emails
Based on the configuration, Email Gateway Security can handle (potential) phishing emails in the following ways:
-
Reject,
-
Delete,
-
Quarantine or
-
Deliver.
For details see the Anti-phishing and anti-spam section under 4.4. Policy.
Dynamic anti-phishing
OPSWAT’s dynamic anti-phishing is a time-of-click analysis solution of URLs in email bodies.
If Enable Dynamic Anti-phishing is turned on under Security Rules > rule / ANTI-PHISHING, all links in the email body will be redirected through MetaDefender.com Safe URL redirect service for URL reputation check.
If the URL turns out to be safe, then the browser is redirected to it immediately without any disruption of the browsing experience.
If the URL is detected as potentially malicious, then a warning screen calls the attention of the user to the possible risk:
Converting HTML emails to text-only
Hyperlinks and other, rich HTML features can be exploited to commit phishing, and other malicious attacks against the recipients of emails with HTML body.
As a counter-measure, Email Gateway Security supports converting emails with HTML body to text only emails.
To enforce the HTML body conversion to text only, the Deep CDR engine in MetaDefender Core needs to be configured to convert HTML to text.
Deep CDR is required
To use the HTML email to text-only conversion, the Deep CDR engine must be licensed, and the MetaDefender Core side Workflow rule – that is in use in the Email Gateway Security side Security Rule – must have Deep CDR enabled.
For details see 4.4. Policy and 4.6. Server profiles.
Anti-spam
Classifications
The following classifications are applied to (potential) phishing emails:
-
Spam
-
Possible spam
-
Anti-spam failure
For details see 5.11. Email classifications.
Handling of spam emails
Based on the configuration, Email Gateway Security can handle (potential) spam emails in the following ways:
-
Reject,
-
Delete,
-
Quarantine or
-
Deliver.
For details see the Anti-phishing and anti-spam section under 4.4. Policy.