v1 – 8/19/21 – support@avaren.com
Summary
Background
How spam filtering typically works
A Note on Phishing Emails
Unsubscribing
Microsoft Teams
Identifying Your Spam Filter Provider
Blocking Mail in a Spam Filter
Proactive Whitelisting
Policy Based Email Blocking
Blocking Telephone Numbers with a Conventional (or VoIP) Phone System
Auto Attendants & Robo-Calls
Troubleshooting
Let Us Know If You Need Help
Summary
If not already aware, it is possible to block (from receiving and thus having to process again in future) email addresses, entire email domains (URLs), as well as the phone numbers of those calling into your organization’s phone system. We are finding that engaging in this effort over a period of months is eliminating distractions and improving focus.
This information will not apply to all users; and may only apply to people in the following situations:
- Have had e-mail address(es) for a long time or have multiple email addresses.
- Have e-mail addresses that are publicly known or displayed on websites.
- Purchasing, Reception, and Sales staff.
- Others who routinely answer incoming calls blindly.
Background
Because all the above describes me (and going through junk email each day is a considerable time waster), about a year ago I began making a concerted effort to block every spammer (or solicitor I did not wish to hear from again) that came into my work email or office telephone. I did this by compiling and blocking (in batches) a list of email addresses, domain names, and telephone numbers over the course of many months. Initially there were members of my own team that assumed it would be a waste of time, but after a few months the practice produced enough cumulative benefit to begin changing minds.
How spam filtering typically works:
- Signature based filtering, often somewhat like anti-virus. A score is assigned to each incoming email. Bulk mail = 1 point, content suspicious = 1 point. Known bad address = 1 point. Other points for other variables. If an incoming e-mail gets enough points, the mail is considered spam.
- Many spam filtering companies will employ “Honey Traps”. These firms will leak email addresses associated with the honey trap, and then assume anything that hits the trap is spam. The IP addresses and other info from the received mail can be used to inform the protection signatures.
- There is also a human element. People adding entries to their whitelists and blacklists can also affect protection signatures.
A Note on Phishing Emails
Phishing emails are where a spammer impersonates a vendor or other reputable company with look-alike-emails & login pages intended to capture our credentials. In a newer form of the tactic (often referred to as “spear-fishing”, the spammer impersonates an executive of the firm while asking staff via email (ex. accounting staff) to hastily transfer funds to a third party. It is, of course, imperative that everyone in the organization be trained not to click links in unsolicited e-mails (including unsubscribe links) and to separately verify all requests for transfers of funds.
“Mousing” over a link in bogus emails (without clicking it) is the best way to see the actual URL the spammer would really be sending us to. Mousing over links is often not possible on mobile devices, so it usually makes sense to wait until we are back at our office computers before performing this step. If you believe there may be validity to the message but are still suspicious, go directly to the vendor website through your web browser rather than clicking the link in a suspicious email.
Unsubscribing
Unsubscribing is an excellent choice when the sender is legitimate and will honor the request. If the sender is not trustworthy, don’t use the unsubscribe function. Instead identify what information needs to be included in your next batch of blacklist entries.
Microsoft Teams
Our team is now using Microsoft Teams (on top of its other beneficial functions) as a temporary repository for blacklist entries until the next time a team member has a chance to enter them into the associated system as a batch. If you don’t already have Microsoft Teams, your firm will undoubtedly be getting it soon as it is becoming a “staple” application. We now use Teams for non-urgent & project related chats, video conferencing, screen sharing, and more. We have finished our testing of most of Microsoft’s new cloud offerings, and they are stellar. If you don’t already have MS Team (or other cloud-based app) and feel that you are ready, let us know.
Partial screen grab from Microsoft Teams
In this MS Teams “Block List”, anyone on our team can add a quick note about addresses or phone numbers they would like to see added to a block list the next time someone is “batching” them in. Most of the entries are obvious in terms of how to process them, but if special instructions are needed (ex. “Add to the Web Form Filter”), they can include these details with the entry. As the entries are processed, they are removed from the queue. Little by little via this method the nuisance calls and emails begin to vanish. Any method for collecting these text entries could be used; as MS Teams is not a requirement.
Identifying Your Spam Filter Provider
Your spam filter provider may not be the same system as your mailboxes/hosting. If you need help identifying which spam filter your firm uses or have other questions, let us know.
Blocking Mail in a Spam Filter
Although users often make changes to their own specific user white/blacklist settings, it is also possible to block email addresses and domains for the entire organization with a single addition to the filter. We can either set you up with this power or do it for you, depending on the nature of the system in question.
Partial example of an email “deny” list.
Email addresses hosted at sites like Gmail (ex. Fredsmith1@gmail.com), Yahoo, or Outlook.com cannot have their entire domain (or URL) blocked in the spam filter. Addresses using these common URLs must be added to the spam filter one complete address at a time. On the other hand, if the URL is unique (ex. specialdomain.com), one can often get away with blocking these domains for all staff. When in doubt, one can research the URL further or ask technical staff for an opinion. The distinction detailed above is crucial, as mistakes could cause email delivery issues for other staff.
If one is only using the spam filter built into Microsoft Office 365, right clicking on an email displays some options for handling addresses and URLs within one’s individual settings.
Proactive Whitelisting
It may make sense to proactively whitelist (in your spam filter) the domains of important customers and vendors. Typically, the anti-virus module in a spam filter will still function in case of a whitelisted domain.
Policy Based Email Blocking
While much less common than the signature-based spam filtering described above, it is also possible to create email blocking rules for unique scenarios. Occasionally you may find that a particular spammer continues to penetrate your attempts at blocking them; this is where policy-based blocking can shine. We (AVAREN) now have several policy-based text filtering rules in place to block incoming mail.
- A phrase/text filter for messages being delivered only to the Support mailbox.
- A phrase/text filter for messages coming from the contact form on our website (spammers have scripts that can send junk email to us through the form on our website). These messages come from one of our own email addresses and thus we cannot block the “from” address in this example; but we can block phrases such as “.xxx”, “bitcoin”, “dog harness”, URLS the spammers include in their messages, etc.
- A global phrase/text filter. – One must be careful with phrase filters as a poorly thought-out addition to a block list could create “false positives” for everyone in the organization. These types of rules generally must be specific and carved out as narrowly as possible. Some examples I found in our global phrase filter (Notice how specific these examples are, and how unlikely they would be to create false positives):
- “55 22 99788 1694”
- “www.acens.com”
- “corbettsoftware”
Example “B” – 7 points is the spam threshold. A mail from our website’s contact form with correct subject line will at once receive 6 points. Beyond this, any added hit on this “phrase filter” will cause an incoming email to exceed the threshold.
Blocking Telephone Numbers with a Conventional (or VoIP) Phone System
It is usually possible to set up number based filtering rules with phone systems. Everyone is aware of how to block numbers on our mobile phones, but many don’t know that it is also possible to do this with our work phone systems as well. We (AVAREN) do this often with our VoIP phone system. We can simply log into a web portal and add new numbers to a list whereby future calls made from blocked numbers will be met with a busy signal. Blocking numbers on an in-house (or older) PBX system can be more difficult. Every system is a little different and the process may need to be investigated on a case-by-case basis.
Example of sending specific inbound callers to a “Busy” tone.
In what was DFW’s old Southwestern Bell territory (South Side of Metroplex), we didn’t feel comfortable recommending many VoIP phone providers to customers until the last two-three years as there were call quality issues due to poor internet performance. These issues are finally being alleviated now that internet circuit speeds are sufficiently rapid. Blocking phone numbers on a cloud-based VoIP system can be really easy (depending on the system). If you wish to explore using a VoIP phone system, let us know. We work with multiple vendors and can ask them to provide you with quotations.
Auto Attendants & Robo-Calls
The term Auto Attendant (AA) refers to the function on a phone system where when calling into it you are presented with a recording and a series of options (Press “1” for sales, etc.). Many people do not implement these as they prefer the phone answered by a human. An auto attendant, however, is the best way to eliminate the distraction of robot calls as most robot callers aren’t sophisticated enough to navigate the choices presented by the dozens of different makes and models of phone system available.
Troubleshooting
Occasionally one may find it is necessary to remove an entry from a blacklist. It is rare but it does happen. Human errors are made, IP addresses and phone numbers change, etc. Thus, any individual designated to this task should be aware of this possibility. Mistakes are occasionally made with proactive whitelisting as well. The whitelist may be too broad in scope or is found that a spammer is using that domain as an outbound address. One would not, for example, wish to whitelist gmail.com, yahoo.com, or similar.
Let Us Know If You Need Help
If you require assistance with:
- Access to your personal black/whitelist function
- Help with companywide black/whitelist function
- Help with policy-based filtering rules such as a “phrase filter” (ex. “Buy Cheap Viagra”)
- Help with functions within your in-house phone system (PBX) or VoIP phone system
- Figuring out how to block other types of nuisances
Simply let us know and we can set you up as needed. It may not make sense for users to directly access some systems. In these situations, it may make more sense to have our team (or a designated team member) enter the data in batches. These answers will depend on the build/software of the system in question.
It can take weeks to get into the swing of these processes and to begin blocking with fervor. It would appear from our experience, however, that if one sticks with it, it can make a significant difference in one’s quality of life at work. With the use of a system like Microsoft Teams, the processes associated with this activity can be engaged in collectively and as a matter of routine.
Please let us know if we can answer questions. ML & DW