{"id":51056,"date":"2024-04-23T08:38:17","date_gmt":"2024-04-23T12:38:17","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=51056"},"modified":"2024-04-24T07:58:11","modified_gmt":"2024-04-24T11:58:11","slug":"ksmg-content-filtering","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/ksmg-content-filtering\/51056\/","title":{"rendered":"How to fine-tune email protection"},"content":{"rendered":"

When it comes to spam, we usually think of a bunch of absolutely irrelevant advertising letters, which antispam engines filter out with no trouble at all. However, this is far from the most unpleasant thing that can fall into your mailbox. Sometimes spam is used to carry out a DDoS attack on corporate email addresses, and the victim gets bombarded with completely legitimate emails that don\u2019t raise any suspicion of a standard antispam engine.<\/p>\n

Registration confirmations attack<\/h2>\n

In order to perform a mail bomb attack, attackers can exploit the registration mechanisms on the web resources of totally unrelated companies. Using automation tools, they register on thousands of services from different countries using the victim\u2019s email address. As a result, a huge number of confirmations, links to activate your account, and similar letters end up in your mailbox. Moreover, since they\u2019re sent by legitimate mail servers with a good reputation, the antispam engine considers them legal and doesn\u2019t block them.<\/p>\n

\"Examples<\/a>

Examples of registration confirmation emails used for DDoS attacks on corporate email addresses<\/p><\/div>\n

As a target the attackers usually choose an address that\u2019s crucial for the company\u2019s work \u2014 something that\u2019s used to communicate with clients or partners; for example, a mailbox of the sales department, technical support, or a bank\u2019s address to which applications for mortgage loans are sent. An attack can last for days, and the plethora of emails \u00a0simply overload the victim\u2019s mail server and paralyze the work of the attacked department.<\/p>\n

To successfully protect a mailbox from such an attack, a more sophisticated tool is required. As one of the approaches to protection against mail bombs, we propose using the personalized content filtering module built into our updated Kaspersky Secure Mail Gateway<\/a> In particular, in the above example of an attack through registration mechanisms, the operator can block letters based on the presence of the word \u201cregistration\u201d in various languages in the Subject field (Registrace | Registracija | Registration | Registrierung | Regisztr\u00e1ci\u00f3). As a result, emails will be automatically sent to quarantine without reaching the inbox and overloading the mail server.<\/p>\n

Personalized mail filter settings<\/h2>\n

In Kaspersky Secure Mail Gateway version 2.1 we\u2019ve added the following options for filtering incoming and outgoing mail:<\/p>\n