27
Find and Delete Malicious Emails
Idea shared by Scott Forsythe - 3/3/2021 at 1:38 PM
Under Consideration
We had a few cases where a SmarterMail domain was targeted with a phishing message. In some cases hundreds of users receive the phishing message. After the phishing message is reported, we check the logs to find out who received the message and then use the impersonate feature to manually delete the messages.

An investigation tool to delete all the messages at once would be a great add. See Google Workspace's feature: https://support.google.com/a/answer/7581662

17 Replies

Reply to Thread
5
Emily Ward Replied
Employee Post
Hi Scott,

Thanks for the great feature request! I'm going to get a ticket started so I can get your request over to our development team for consideration.
Emily Ward
Customer Relations and Partner Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
3
+1 Yes, this would be a really useful feature to help protect users from phishing messages that make it through the spam & virus filters.

Thanks, Emily!
3
Emily Ward Replied
Employee Post
You're very welcome, kevind!
Emily Ward
Customer Relations and Partner Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
3
+1
2
+1
6
+1
and add to that, possibly a way to delete every email from the same IP address too, across all mailboxes.

www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. in 2018, in just one year, we gave away 1,000 Free Computers !

4
Under the Security page in Server Admin Settings/ SMTP Blocks. It would be great if when you add a domain or email address to block on this list, that the system would give an option to delete from domain inboxes or delete from all domains inboxes.

J. Sebastian Lee Service2Client LLC 6333 E Mockingbird Ste 147 Dallas, TX 75214 - 877.251.3273

2
Would be great also if we could have Content Filtering at the server level, as opposed to just the user, so we could block all future phishing emails, such as the current "This account has been hacked! Change your password right now!" emails, too. Not sure how these are making it through all the anti-spam I have on my box.

Additionally, when a user is reviewing an email, allow them to report it to SM as spam, which would alert the system admin (me) to potentially add it to this server-level Content Filter.
Mik MullerMontague WebWorks
9
Yes. I agree the "Mark As Spam" should be brought back. Please see and vote for this thread:
5
Could have really used this "find and delete" feature yesterday.  Had a phishing email sent to around 300 users with a link to login and upgrade their email.  Fortunately, most people are getting wise to this, but the support team took over 50 inquiries asking questions.  Not sure how many people actually clicked.

With 19 votes, it looks like everyone could use this feature. Please prioritize. Thank you.
1
I have two of those emails hitting pretty much every user on my box. Yes, search and destroy, but also review the IP numbers and if consistent, block them. If distributed, then just Content Filter. And allow for sharing rules with other SM servers, either through ST as a hub, or some sort of simple text-based definition packet that can be posted to a forum thread, copied, and imported by those who want to participate in that thread.

It's pretty embarrassing that we are unable to stop these from reaching our users.
Mik MullerMontague WebWorks
9
Matt Petty Replied
Employee Post
+1 
Finding related (or same) message across multiple users and deleting them I could see being very powerful. We could use things like message-id, IP, sender, subject, etc paired with our index/searching to create a tool to remove "like" messages from all the users in a domain or server. 
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
5
Nice after the fact.

However, more powerful is before the fact.

"Mark as Spam" button can mitigate these big waves.

User feedback is important.

Ron
3
Here's a long-shot additional thought: Database the subject of all incoming emails. If a particular subject, ie; "This account has been hacked! Change your password right now!" reaches a threshold of, say, 25 in a day, flag it as spam. If they continue to come in, send them to trash.
Mik MullerMontague WebWorks
1
Problem with matching just by Subject is it would catch items like newsletters, twitter, linkedin updates and banking announcements that have the same subject line and are legitimately sent to many of our users.

I think Matt Petty is definately on the right track. 
2
True. I have an event that emails me whenever an IDS rule is triggered, though. If this new feature were to work within that system, we could be alerted once an email with the same subject were to hit, say, 50 users on the box. Log in to the server, and if it's legitimate newsletter emails just leave it. If it's spam, block it.
Mik MullerMontague WebWorks
2
+1

Reply to Thread