Tuesday, July 3, 2018We'd like to inform you of a few enhancements we're making to our Webmail client. The purpose of these enhancements is to improve our ability to protect end users by warning them about messages that seem "suspicious", and provide them with some new warnings and useful information to encourage them to think twice before trusting messages in their mailbox. These new enhancements will be live to all customers next week. Please read on to learn more about these enhancements, and let us know if you have any questions about how it works.
DNS based rules to better determine suspicious emails
First, we are introducing the concept of a "Suspicious" email. It's based on specific patterns of failure in SPF, DKIM, and DMARC validation, but do not trigger a policy failure. Messages deemed suspicious are decorated with a warning in the message preview and pop-out window. If the Suspicious designation is due to a configuration problem with the sender, but the sender is legitimate, users can choose to trust the sender and suppress future warnings.
Suppressing interactions with suspicious emails
Second, we've added functionality to protect users from accidentally triggering malicious content from messages in the spam folder. They can view the basic content, but images, links, and attachments are not accessible while the message is in the spam folder. This forces users to drag the message out of the spam folder to interact with it. It re-enforces the stance that messages in the Spam folder are potentially dangerous, and care should be taken interacting with them.
Dragging and dropping an email from the Spam folder to the Inbox
If you need to interact with links or images in a email, you will have to mark it as Not Spam or drag the email into the inbox or another folder.
Spoof email detection warnings
Finally, we're making some updates to how we display sender discrepancy information. A common sign of phishing/spoofing messages is when the Friendly From email address (what users see as the message sender) does not match the Return-Path address (where the message came from). We've added information to the "From" field that shows when the primary domains of these two sender addresses do not match. Also, to help end users, we added a mouse-over help bubble to explain what "sent from" means.