To protect users from malicious emails, GCIS implements numerous features.
Antivirus – All email is scanned for viruses. If detected the email is not delivered. The antivirus signature database is updated several times a day.
Content filtering- by FILE TYPES.
Some files types are generally not allowed. When an email with a dis-allowed attachment is detected, the attachment is quarantined and a message is sent to the recipient. If the recipient wants the file, it can be provided by GCIS.
Some disallowed file types. – files with .exe extensions. Generally executable files/programs are blocked. This prevents a user from just “opening” the attachement without knowing it is a program.
Files with double extensions such as myfile.jpg.exe or greatpictures.zip.bat. Some versions of Windows explorer and others often show a icon for the first extension but in reality the file could be something else…. like a program. So if a user clicks on it, thinking its a picture, it would then be executed. To prevent false positives, NEVER name your files you attach to an email with double extensions... or what appears to be a double extension. For example, a common problem is a client may receive a Excel file named greatspreadsheet.may.xls note the “.may.xls” portion could be interpreted as double extensions.
Simply rename the file to send it.
Content filtering– by Message content.
Sometimes it is possible to determine if an email is spam by what it contains. Certain phrases, links embedded and many other factors. Our system utilizes a scoring system. Certain items are scored and when summed that score becomes a spam-score. If the spam score exceeds thresholds it can be delivered, sent to a spam folder or simply discarded. Users can “train” individually their scoring system to assist the spam filter in learning what is truly spam, or what is “ham” (not spam). This is done in the webmail interface simply by flagging an email as spam, or not spam. Users can also whitelist (allow) emails from specific email addresses, or blacklist (block) them. Note that email from a real time blacklisted server will still get blocked. GCIS can whitelist said server if necessary.
Real time blacklists. If an email comes from a server that is “blacklisted” our servers will refuse it. These blacklists are updated in real time, and known spam sources are placed on them. This is very effective is shutting down spam “outbreaks”.
Phishing Attempts. Our system will flag any embedded links in emails that are different than what the text for the link my say. For example a link may appear as colored text like “www.mybank.com” but may actually be a link to goes to “badguys.com” . All flagged links are not necessarily bad, just take note of it and be cautious before following any flagged links.
GCIS fully implements DKIM/SPF/DMARC on all outgoing emails, and uses these to validate incoming emails. Your outgoing email is digitally signed, allowed the recipient to verify that it came from a trusted mailserver (ours). Our servers will reject a digitally signed email that fails verification (i.e fake signature). Not only that..but if someone sends an email apparently “from” one of our clients that isnt sent through our mailserver, it wont be signed correctly. This will let the receiver determine whether or not to accept it. By default our policy is to tell them to reject an invalid signature.
What is DMARC– from dmarc.org
DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols.
DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. We hope this will encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate.
Why is DMARC Important?
With the rise of the social internet and the ubiquity of e-commerce, spammers and phishers have a tremendous financial incentive to compromise user accounts, enabling theft of passwords, bank accounts, credit cards, and more. Email is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply inserting the logo of a well known brand into an email gives it instant legitimacy with many users.
Users can’t tell a real message from a fake one, and large mailbox providers have to make very difficult (and frequently incorrect) choices about which messages to deliver and which ones might harm users. Senders remain largely unaware of problems with their authentication practices because there’s no scalable way for them to indicate they want feedback and where it should be sent. Those attempting new SPF and DKIM deployment proceed very slowly and cautiously because the lack of feedback also means they have no good way to monitor progress and debug problems.
DMARC addresses these issues, helping email senders and receivers work together to better secure emails, protecting users and brands from painfully costly abuse.
Your personal Spam Filter
Every email user’s email is filtered for spam. However, you can tell your filter what is spam, and what isn’t spam. Without this “training” the spam filter is not as effective. Its good, but it can be better if you train it.
If you are using the webmail interface, Simply drag or move messages you believe are spam into the “Junk” folder. Or right click on the bad email, select under Mark Messages… flag as spam.. OR…flag it as NOT spam if you know its not spam.
This will help train your filter.
If you are using a mail client such as outlook or thunderbird and with the IMAP protocol, you should have a Junk folder. You can simply move the bad email to the Junk Folder. Twice a day emails located in Junk folders are flagged as spam.