Member-only story
Catching Phishing/Spam Emails without Having Access to their Content
Most of existing phishing/spam filters out there rely on email content (i.e. body) to flag phishing/spam emails. Can we still detect them in a content-agnostic manner? Read on to find out.
Unwanted emails (phishing/spam emails) are an inbox-clogging nuisance, and often result in damages to users. In fact, the majority of phishing and malware attacks originates from emails. Hence, protecting enterprise users from such emails is quite important by either flagging and/or blocking.
When an email is sent from an external party (i.e. the domain of the email is different from the domain of the enterprise), from the sender’s mail server, it reaches the enterprise’s firewall and then goes through a security appliance before reaching the email exchange server and then eventually to the recipient inbox. The security appliance (e.g. Apache SpamAssassin, Cisco IronPort) typically intercepts and analyzes the email and flag it is phishing/spam or not.
Existing filtering technologies rely heavily on content to detect unwanted emails. However, we see the increasing adoption of end to end encrypted email messaging (e.g. Protonmail, Tutanota, etc.) where the content of the emails are not available to the security appliance. In the absence of the content, current filtering technologies perform…
