Nothing is quite as it seems. Over the past few months, the experts at Retarus have been closely examining the origin of phishing emails within our Email Security service. And here’s what they’ve discovered: 98 percent of the emails classified as malicious, and which from a technical perspective indicate that they originate from Russia (Geo-IP), are not using the official, top-level domain of the country (.ru) in the sender name.
Due to the current political situation, many companies have already taken the preventive security measure of generally blocking all emails coming from .ru addresses, or at least placing them in quarantine – irrespective of the content or virus filter results. The Retarus analysis now clearly shows that simply looking at the sender domain alone is insufficient in concrete cases. That’s why Retarus urgently recommends systematically investigating the Geo-IP. This can be achieved with technologies such as Retarus Predelivery Logic. Already at the gateway level, this service analyses emails according to specific rule sets and blocks them before they can reach the recipient company’s infrastructure and cause damage there. Depending on how the service has been configured, the offending message could, for instance, also initially be isolated in the user’s quarantine area.
You can find out more about this issue in our recent press alert.