We have made recent changes to our email filtering policies and continue to tweak and make improvements. While security is never convenient, we are trying to address some of the inconveniences and find the appropriate balance for the company. Email is very complicated and there is a lot that goes on behind the scenes. Please understand email filtering policies are somewhat autonomous. The IT department does not deliberately "block" anything unless we know it to be malicious or illegitimate. There are multiple email policies and layers that could affect your email delivery. Supplying us detailed information will help resolve deliverability issues.
We have several layers of protections in place. We also partner with a Security Operations team, Xent IT, to help log, monitor, and mitigate security issues. The SOC team has access to our filtering and other security platforms and monitors 24x7.
- Level 1 - Trend Micro Email Security Gateway
This is our primary means of filtering email. It is our first line of defense for our email service. We catch and block about 500k bad email messages per month. The majority of bad email gets filtered and caught in this level. This is a cloud service that protects our Microsoft Office 365 Enterprise email accounts.
- Level 2 - Native Microsoft Office 365 Defender Basic Protection
This is your basic entry-level email protection that comes native on personal email services like, Gmail, Yahoo, etc. It offers basic protection, but it is not sophisticated enough to catch some illegitimate emails. It does a great job of filtering SPAM, viruses, and malware. It lacks the coverage to effectively filter, phishing attempts, business email compromises, spoofing, and other hard-to-catch crafty emails.
- Level 3 - Trend Micro Cloud App Security
This is a cloud service that protects some of our cloud applications. This is an extra layer of protection for Email, OneDrive, SharePoint, and Teams.
- Level 4 - MFA (Multi-Factor Authentication)
This is our cloud authentication service used to authenticate users for VPN access, email access, and other cloud applications. We have this enabled for external access to Email. An attacker would need to have your username and password in addition to a token generated from you smartphone or hardware token in order to gain access to your email. We have not had a sing email hijack since enabling this.
Email Filtering Policies
Email in this category is usually annoying, but not harmful. This includes a mixture of bulk email lists, marketing, and other email most do not want. it can be equated to junk mail you receive in your mailbox offering you a sweepstakes, to purchase a new car, or the weekly sales paper for your local grocery store. We do not block any of this email. You can find this email in you "Junk" folder. Items here should be reviewed on occasion to see if legitimate mail goes there. If you can't find an email you expect to receive, check here first. If you find legitimate email here, you can easily have it delivered to your inbox in the future by marking it as "Not Junk" following the instructions below.
IP Reputation / Blacklists
Many emails systems evaluate email traffic and add "bad" servers to blacklists automatically based on email behavior and end-user reports. If an email server ends up on a blacklist, it's usually because it is sending malicious content to users or is hosting compromised email accounts being used to send malicious content to multiple users. Rarely does legitimate email end up getting blocked for these lists. We block this type of email and return a message to the sender stating the reason it was blocked from delivery. It is up to the user to consult with their email provider and work to get them removed from the IP blacklist. Our users do not have the ability to override or release these emails.
Malicious Content (Risky Attachments, Malware, Ransomware, Viruses)
We quarantine all of these emails for obvious reasons. They usually contain malicious content that can corrupt your computer or install malware or ransomware. They will not be delivered to your email. They must be released and reviewed manually.
Malicious Intent (Phishing, Fraud, BEC, Spoofing)
Some email content is an attempt to harvest your user credentials or gain access to a system. These can also include fraudulent attempts for users to send money or complete wire transfers. It's best practice to not perform any wire transfers via email. You should always contact the person to verify legitimacy of these requests. BEC (Business email compromise) is an attempt pretend to be a corporate user. These attackers have often gained access to a corporate mail account and have found sent messages and recrafted them to request another user do something fraudulent or malicious. Spoofing is when a user pretends to be from @dktire.com and send email messages claiming to be from our @dktire.com domain. For obvious reasons we block and quarantine these messages. These have to be released and reviewed manually.
If you are not receiving an email that you expect, please complete a helpdesk support request by navigating to https://support.dktire.com. Please include the following information:
- Sender email address (Sender domain if sender email is unknown)
- Timeframe when email was sent
- Recipient Email Address (Who the email was sent to)
- General content or nature of the email
We block 100's of thousands of emails weekly. We can not review all "blocked" emails and identify legitimate emails without your help. Please help us be completing a helpdesk request with as much detail as possible to reduce time to resolution. Many times we get support requests that say something like, "Didn't receive email". This requires us to follow-up several times before we can begin to look at the issue.
Please refrain from asking "why" something was blocked. It takes a lot of extra time to explain this to multiple users and doesn't address the issue at hand. The "why" is very technical in nature and difficult for most to understand. Simply let us know you are not receiving an email, and let us spend our time working to identify the issue and get it resolved. Please understand email systems are somewhat autonomous and that we don't deliberately block anything unless we know it to be malicious.
Please don't request that we blanket "whitelist" and entire email domain for everything. This opens us up to risk and tells the email system to ignore any malicious intent sent from users of that domain. Also, in order to do this, we have to whitelist in multiple areas and policies. We prefer to let the email system do it's job and whitelist user email addresses for specific policies that are violated. Also, don't ask us to whitelist a user when you are actively getting messages. It's almost impossible to do and may not be necessary. In order to whitelist, we need to confirm your message was actually blocked so we can adjust the email policy appropriately.