Using sender identity to stop phishing and trust your email again
When it comes to defense against the dark arts of phishing, Valimail thinks a little differently than everyone else.
Our contrarian point of view is that it’s better to create a definitive list of friends than try to guess who might be a foe. After all, how do you host a party? Do you open your door to all comers, and then conduct an on-the-spot evaluation of everyone who wants to come in? Or do you draw up a guest list and then let those people — and only those people — in the front door?
When it comes to anti-phishing defense, our approach means treating your inbox more like a private party rather than a public park. In other words, we don’t allow just anyone into your inbox.
With our new product, Valimail Defend, we’re bringing this contrarian approach to enterprise email. Defend builds on our success with email authentication, with Valimail Enforce. With Defend, we are bringing the concept of authorization to email coming into your inbox.
In this post we’ll talk about a core component of Valimail Defend, the Trusted Domain Clearinghouse, which plays an important role in our new authorization-based approach to stopping phishing attacks.
In short, Valimail Defend enables your organization to accept email traffic from only trusted, known domains.
The Problem: Phish Keep Getting Through
If you’re a CIO, CISO, IT person, or security person, you’re invested in products that typically stand at the mail gateway: The virtual front door to your company’s email inboxes. You have a Secure Email Gateway (SEG) that provides content filtering, link inspection, sandboxing, and more to protect your end-users against bad email.
Despite this filtering, phishing attacks still get through. That’s because phishers are getting extremely good at crafting messages whose content is free of malware — and indeed, may be virtually indistinguishable from legitimate messages.
The key to many of these messages is that they’re sent from domains that look almost exactly like real, trusted domains. There’s even a domain-generation algorithm designed to help phishers craft tricky new domain names. Filtering-based solutions aren’t effective against this kind of identity-based attack.
But what if you could trust your email again and, instead of filtering against foes, check for friends and let only trusted, known traffic through to your users?
Meet the Trusted Domain Clearinghouse
The Valimail Trusted Domain Clearinghouse, a key part of Valimail Defend, protects enterprise customers from lookalike-domain, cousin-domain, and other attacks that exploit the recipient’s misidentification of the sending email domain.
We have consolidated data from hundreds of sources and many billions of email messages, applying our proprietary heuristics to produce a conclusive, comprehensive, dynamic, ever-expanding list of legitimate domains.
Unlike existing systems that take a simple blacklist approach, the Valimail Trusted Domain Clearinghouse builds a comprehensive, global view of the domain ecosystem. Newly seen domains are processed in near-real time.
As a result, the customer always remains protected without blocking legitimate email.
The key to our approach is that we think it’s much better and more effective to establish a global whitelist of all trusted emailing domains on the Internet, rather than trying to catalogue all the bad senders.
The Trusted Domain Clearinghouse contains our accumulated knowledge about tens of millions of trustworthy domains, so only sources with known bona-fides are allowed.
No more leaving your email gateway wide open to literally everyone on the Internet. No more guessing as to a sender’s legitimacy based on machine learning models based on the contents of email messages. That’s the approach based on trying to guess who might be a foe, and it fails too often — with lots of false positives.
Authoritative Anti-Phishing Protection
We think it’s more effective to allow only trusted domains access to the inbox, and exclude everyone else by default. This approach provides authoritative protection against phish, not just probabilities.
We believe that there are some things you can know with certainty, such as who is permitted to send email to your employees, just as you can know with certainty which third-party services should be allowed to send email “as” you.
With Valimail Defend, you gain the power to govern who is allowed to reach the inboxes of your employees.