Email security services have continued to improve their defenses to protect their customers from the ever-evolving advanced threats that appear in users’ inbox. These defenses have grown to include threat intelligence, machine learning, impersonation detection, and more.
While companies employing these services are safer than ever, many organizations are unaware of how the actions of their users can leave them vulnerable, even with a security service in place. A major example of this comes into play with whitelists.
Whitelisting is the process of putting a sender address or domain onto an approved/trustworthy list that enables email sent from that sender/domain to bypass certain email security filtering layers. Ideally, whitelists allow users to ensure senders/domains they know are legitimate to make it into their inbox instead of their quarantine/spam folder. However, whitelisting can lead to many issues if companies are unaware of how easy spoofing domains and email addresses can be, and begin to whitelist their own domain.
“Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is possible because the Simple Mail Transfer Protocol (SMTP) does not provide a mechanism for address authentication.”
When an organization whitelists their own domain, they are unknowingly allowing spoofers to bypass layers of their email security service, giving them not only access to the user’s inbox but trusted access, since it appears to be an internal message. This can lead to users falling for phishing emails, compromising sensitive information, costing organizations major financial losses, or infecting corporate systems.
As mentioned above, organizations that whitelist their own domain are leaving themselves open to attacks and infiltration.
So, what should companies do to ensure they are safe as well as ensuring all their internal emails are being delivered without disruption?
It is actually not necessary for organizations to whitelist their own domain, email sent internally should be delivered without issue. However, users can run into issues when trying to send internal emails from outside the company’s IP address and you may need to contact your email security provider to work around that.
If you’d like to know more about The Email Laundry, Email Filtering, or how we protect our customers from spoofing and impersonation attacks, please visit our Full Stack Email Security page here.