Many of us are familiar with sender blocking. Blocking an email sender, and adding them to our sender blacklist, is one of the ways that spam and phishing email filtering works. Modern spam filters also analyze content and subject lines for keywords that might indicate the email is more likely to be spam. Some systems will analyze and block attachments and embedded web links as well.
The problem with blocking a specific sender, or a specific SMTP (sending) email server, is that senders are often innocent victims with hijacked email accounts, and the SMTP server that is being used to send spam or phishing attacks may be hijacked as well. Since these accounts and servers are frequently changed by the attacker, blocking or blacklisting is often only temporarily valuable. Subscribing to an email filtering service that provides updated email blacklisting is the most effective way to manage this threat.
Sender blocking offers no defense against the tough to detect impersonation email exploit. This is when an email is sent to you from the legitimate, but hijacked account of someone known to you, such as a boss, coworker, client, or friend. Since the sender is known to you, and the email account is recognized, and even possibly whitelisted in your email filtering system, these attacks sail right through into your inbox. The only defense at this point is vigilance and skepticism. Watch for changes in syntax or word choice that would be unusual for your contact. Sender blocking works well against many email exploits, but not this one.
This is also known as web filtering. A quite effective security tool is to run all of your inbound and outbound Internet traffic through a proxy service. Traffic coming to computers on your network is analyzed, and any malicious content is blocked. Traffic leaving your network is analyzed for connection requests to sites that may be malicious, or just not suitable for the workplace. It can include blocking social media sites such as Facebook in an attempt to limit employee time-wasting. (Good luck with that by the way, your employees all have smartphones they can use for time-wasting)
For individuals, domain blocking can sometimes be accomplished through web browser security settings. For Windows computers using Microsoft browsers, this can be set in the Control Panel applet called Internet Options. Blacklisting is sometimes available on endpoint anti-malware software products (anti-virus). If you are setting up domain blocking manually, add your domains using this syntax: domainexample.com rather than www.domainexample.com. This way you will block all the subdomains of a site as well (i.e. scam.domainexample.com)
For more detail, check out the links below.
- Wordfence – IP Blocking
- Wikipedia – Geo-blocking
- Microsoft Outlook – Sender Blocking
- Google G Suite – Sender Blocking
- OpenDNS – Domain Blocking/Web Filtering