Email filtering

  • 18 April 2016
  • 6 replies

Userlevel 3
As I understand it WSA does not scan incoming emails relying instead on providing protection at the point of the email / attachment being clicked.
With the proliferation of ransomware would it not be much better to have email scanning to prevent entry to the system in the first place. I appreciate the WSA protect at point of activation philosophy but if for any reason protection was off at the time then the infection could activate.
it seems to me that it is increasing risk to allow infected emails into the system at all

6 replies

Userlevel 7
Badge +56
We used to have an email scanning product, but we ended it a few years back.

Not sure that email would help as we'd be using the same engine to detect it at the point of attachment that we would at the point of execution. Does that make sense?
Userlevel 3
Hi Nic and thanks for the reply . I take your point - if it's not detected at execution it wouldn't have been detected at entry. Nevertheless it seems like  "two bites at the cherry " are offered but we don't bother with the first. Or two police checkpoints where the guys at the first checkpoint wave everything through on the basis that the second inner checkpoint will detect any miscreants. 
Userlevel 7
Badge +56
I would recommend using someone else's email filtering service though. With the deviousness of ransomware right now, you need layers of security to be really safe. No AV software can guarantee 100% protection and we're no different. Having different layers made by different companies gives you the best protection possible. And of course good, tested backups!
Userlevel 3
Are you thinking an external email filtering service like e.g. spamexperts ( only one I have looked at) or a second AV ? Is a second AV really feasible ?
Userlevel 7
Badge +56
Yeah I was thinking about a filtering service as being the easiest option - don't most of them combine both spam and malware filtering?

The reason you'll want two independent protection methods is that if each is 99% effective, then assuming they're not vulnerable in exactly the same places, combining them together gives you an effectiveness of 99.99%
Userlevel 4
Hi all,
We are the Scandinavian distributor of Webroot SecureAnywhere in Scandinavia. Most of the people from the Webroot Stockholm office (that was closed in 2011) are now working in WeCloud.
Along with the Webroot product we're also offering a global cloud based email security service. With WeCloud Email Security, you can provide the highest level of security, reduce spam & virus and set customizable rules for specific domains or users - for anyone, anywhere and on any device. More details on 
We offer 30 day free trials - please send me a PM or contact to get a free trial.