How do you protect your home / small business from email-based threats?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

thiggins

Mr. Easy
Staff member
The title pretty much says it. How are you doing it and how effective are your methods?
 

ColinTaylor

Part of the Furniture
Depends what kind of threat I suppose.

For my home devices, simply anti-virus software + user education. For the latter, there's only three of us and we're all security-aware (e.g. we never click on links, or believe the unsolicited emails). For the former I used to use third party anti-virus but since Windows 10 I find that MS Defender is good enough. Additionally, my ISP is pretty good at blocking spam/phishing/ransomware before if ever gets to me.

Or course I wouldn't rely on this approach for a business, or in an uncontrolled environment.
 
Last edited:

dave14305

Part of the Furniture
I rely on Quad9 DNS to hopefully detect threatening domain names clicked in emails or websites. I don’t trust ad-block lists to handle this.

It’s not a thorough defense, but it’s better than nothing.
 

OzarkEdge

Part of the Furniture
No magic bullet here:

o Email accounts are with gmail (primary) and outlook... the first line of defense.

o We counsel to practice safe computing... suspect all message content; *permanently delete* suspicious/unsolicited messages (very little of that these days); hover and inspect link urls; have no tolerance for Internet trivia (skip it, don't go there); ...

o We use a PC email client (Outlook Express, Windows Live Mail, and now eM Client) to aggregate email accounts. I use POP email and download all and periodically log into webmail to purge Sent items (Google is very sticky); my wife uses MAPI so she can also use gmail on Android. PC email clients are set to plain text with option to toggle HTML viewing, if needed... seldom is. Trusted attachments are saved to disk first, then opened.

o PCs have only run MS Essentials AV since Win7 (skipped Vista and Win8) and now only run MS Defender on Win10. Before that, used F-Prot AV since DOS. Other AV on new machines is either removed immediately or allowed to expire and then removed. We used Norton AV some early on when bundled with Quicken, but it got too bloated.

o No AV on mobile devices. Only load trusted and necessary apps... not very many. We avoid IoT clients and their apps, with very few exceptions... life's too short for most of that nonsense.

o I maintain our regular shortcuts (to many different local and remote 'objects') in a shared Windows folder structure toolbar (Links), plus urls in a locally shared password safe (KeePass). Regular PC browsing starts there, not links in email or by typing them. We do not use browser favorites.

o QUAD9 DNS is used on the router. Guests use an Internet-access-only guest WLAN.

o Daily automatic PC backups (Cobian Backup11) to local disk and periodic manual backups to offline/offsite disk. No cloud backup.

If I recall more, I'll post it.

How effective is this... my family (kids are on their own for 10 years) has not been compromised. We've stopped a handful of malware but I have not seen specific malware since mid-Win7 use.

Main concern now is ransomware, so maintain offline backups.

OE
 
Last edited:

L&LD

Part of the Furniture
1998 was the last time I used 3rd party AV. That is also the last time I've had a virus infect a computer too. Windows Security on Windows 11 is working as well or better than any 3rd party AV for the online habits I've honed.

Like others above, don't click it if you didn't ask for it. Curiosity killed the cat, account, and Windows install for many.

The web is 99.99% useless noise. I only use want I need to, the rest, I use leg power to go in person to do.
 

dave14305

Part of the Furniture
Email accounts are with gmail (primary) and outlook... the first line of defense.
Good point. My primary email is Outlook.com and all links have that “safe links protection” for embedded URLs in email.
 

thiggins

Mr. Easy
Staff member
I rely on Quad9 DNS to hopefully detect threatening domain names clicked in emails or websites.
How does this protect you? (I'm not disagreeing. Just want to know the mechanism.)
 

dave14305

Part of the Furniture
How does this protect you? (I'm not disagreeing. Just want to know the mechanism.)
They incorporate threat intelligence feeds into their DNS replies, hopefully blocking (NXDOMAIN) any threatening domain lookups.
 

thiggins

Mr. Easy
Staff member
So the protection prevents link clicks to "bad" websites, i.e. the email still comes through, but the bad links are dead.
 

RMerlin

Asuswrt-Merlin dev
Google Apps is doing a pretty good job at filtering my mail. My email address is over 20 years old (so it's probably on a lot of email databases at this point), and I can't remember the last phishing email that managed to sneak into my inbox, they always end up in my Junk Mail folder.

Microsoft seems to do a decent job with Office 365 email filtering as well, tho they have a slightly higher rate of false positive (legitimate email ending up in my Junk Mail folder). But again, I can't remember the last malicious email that ended up in my Inbox.

So I'd say the big mail providers are doing a very good job at filtering email. That leaves people with on-premises mail server (it's 2021, time to move that mail server to the cloud IMHO), their own mail server (cpanel users for example) or their ISPs (never a good idea, as you become their hostage). A third party spam filtering service will generally also do a pretty good job at blocking malicious content. I have a customer here who uses Zerospam (a local mail filtering service provider). It allows to get mail filtering services regardless of your mail hosting provider.

In the past, I've had good success with Trend Micro's Worry Free Advanced suite for my customers to protect both their Exchange Server as well as endpoints. Trend Micro's Web Reputation Service does a fairly good job at blocking access to malicious hyperlinks. That leaves the issue of malicious file attachments. Pretty universal best practice these days is to filter out executable attachment at the mail server level.

User/employee education remains a critical point, regardless of which security measure you implement within your infrastructure. Any signature-based solution will be reactionary, and may lag behind what's currently in the wild.

EDIT: for endpoints where there is no Microsoft Server to use Trend Micro Worry-Free, I rely on Eset NOD32, both at home and for my customers. Their malicious website blocking seems to be fairly good, though as all signature-based solutions, they aren't perfect.
 

dave14305

Part of the Furniture
So the protection prevents link clicks to "bad" websites, i.e. the email still comes through, but the bad links are dead.
Yes, a malicious email would need to get through:
  1. Email provider’s spam filters
  2. Email provider’s embedded URL safety features (if any)
  3. Quad9 DNS threat filtering
  4. Local device protections
 

thiggins

Mr. Easy
Staff member
I have a customer here who uses Zerospam (a local mail filtering service provider). It allows to get mail filtering services regardless of your mail hosting provider.
I've had a good experience with SpamHero. I'd never have or will host anything on a local server and have hosted my email domains on my host provider's servers since I've been on the tubes.

I virtually never check my ISP or gmail accounts and use them even less. :)
 

OzarkEdge

Part of the Furniture
So the protection prevents link clicks to "bad" websites, i.e. the email still comes through, but the bad links are dead.

The bad links (in email or elsewhere) remain a threat to anyone who follows them without the benefit of some anti-malware intervention such as Quad9's DNS blocking... so not exactly dead.

OE
 

RMerlin

Asuswrt-Merlin dev
Main concern now is ransomware, so maintain offline backups.
Quite a few years ago, one of my customer got hit by a ransomware. They were running Trend Micro Worry-Free on their network. The ransomware managed to encrypt a few folders, at which point the Trend Micro suite detected it, and neutralized it. So we only needed to restore a few folders from their backup.

The latest trend however is for these to directly target NAS. I had quite a few customers hit by that QNAP ransomware this spring. Most affected customers had proper backups. One didn't, and through sheer luck he only lost old archived documents...

We (IT professionals) can never stress enough how critical it is to have a WORKING backup solution in place. Too many small businesses still don't care enough.
 

RMerlin

Asuswrt-Merlin dev
I've had a good experience with SpamHero.
Never heard of them, but it looks fairly similar to Zerospam.

It might not always be obvious to people who never used these types of services, but these service providers have evolved to become critical security service providers, not just junk mail filters. They are definitely very good options when looking at securing your network entry points.
 

AndreiV

Very Senior Member
I run email on a personal domain with IONOS (1+1) that comes with excellent spam and antivirus controls and 8 years down the line nothing has yet slipped through.

Anything from bank or Paypal etc. is deleted and a check made direct on the relevant online account . Any unsolicited mail gets deleted without opening.

Any sign up to a new site/company is done with disposable email , if they become trusted I can move them to a permanent email address later.

Computers and phones are protected by Kaspersky Internet Security ( coz I get a 10 device 2 year licence for free )
 

AndreiV

Very Senior Member
I rely on Quad9 DNS to hopefully detect threatening domain names clicked in emails or websites. I don’t trust ad-block lists to handle this.

But Quad9's filter system is basically a bad domain list .....
 
Last edited:

dave14305

Part of the Furniture
But Quad9 is basically a bad domain list .....
I assume it is updated closer to real-time than ad-block tools that usually update the local copy daily. I could be wrong, but I accept the risk.
 

itpp20

Regular Contributor
Sandbox everything that connects to the internet, yes its a pain to move stuff in/out a sandbox but it stops anything from automatically going through, refresh your sandbox daily. Use online multi tenant scanners for whatever you download.
Zero trust is better then running anything under your own account, sandbox it.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top