Email SPAM / ransomware protection ?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • pitter
    Junior Member
    • Oct 2024
    • 5

    Email SPAM / ransomware protection ?

    Hi,
    i miss a feature in espoCRM, wich protect me effective against spam and ransomware:
    An incoming email will show only as plain text unless is declared as "trusted" or was found in contact list. So far, no external links will called (like pictures in html mail), no content will loaded from external or appendings are able to open event it is a "known" sender.

    I didnt found such function in espo. Any ideas ?
    regards, Gero
  • emillod
    Active Community Member
    • Apr 2017
    • 1405

    #2
    pitter i think that's a feature which should be on server, not on a client side.
    EspoCRM is only a client. We're using microsoft exchange in out company and we can enable such protection on their side.

    Comment

    • pitter
      Junior Member
      • Oct 2024
      • 5

      #3
      thx emillod for your notes, i think, the EMail Client decides if the html content or plan text content is to show. After switching the sender to "trusted" the client may show the html content. its a client part i think so,
      i'm curios: how do you safe your espocrm clients with exchange ?
      Last edited by pitter; 10-30-2024, 02:08 PM.

      Comment

      • emillod
        Active Community Member
        • Apr 2017
        • 1405

        #4
        Email server scans all emails and they only passing emails which meet our safety requirements. If you would apply protection on client side, it would only protect you in EspoCRM, but you can also have emails downloaded on your mobile phone. That's why it's important to use protection on server side. Thanks to this all email clients are protected.

        Comment

        • victor
          Active Community Member
          • Aug 2022
          • 727

          #5
          pitter,

          I hope email filters on the EspoCRM side can partially solve your problem https://www.espocrm.com/tips/email-filters/.
          However, emillod is correct that basic security should be installed on the server's side.

          Comment

          • yuri
            Member
            • Mar 2014
            • 8440

            #6
            I believe that not loading remote content unless 'trusted' is more of a privacy concern issue rather than the security one.

            Could you provide some examples how it's implemented in other systems?

            I also think that such a feature may require quite an effort to implement.
            If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

            Comment

            • pitter
              Junior Member
              • Oct 2024
              • 5

              #7
              victor the most user trap for dowload ransomware or other problems are clicking at links on really orignal fake-emails. They are from kidnapped user computer and send with original addresses, no spam filter even on server side noticed them. So the user get a EMail what sounds like it is waiting for, the detail view open it in html and:
              1. external pictures are loaded, the sender is noticed about opening the email - first problem !
              2. the user is able to open external links and attachments without any security question - very easy to click the wrong link !

              Imaging: usually the user communicate with known contacts - all emails are shown in html and every think is fine. But emails from UNKNOW senders are at first time just to open in plain text even no attachments are possible to open. The user have to assign the email to any contact and in future the emails from them are save and can open in html. Just one click for security ! User have to use their brain before opening a wrong attachment.

              possible its an effort to implement, im not aphp developer. Maybe at first show email content per default as plain text, no external content loading (like thunderbird). If its possible to check on opening email if sender is registrated on an contact you can decide if plain text or html is the right way. One extra button over the email text: "trust" and die sender goes to a white list for future.
              I know that feature from amtangee - and its very helpfull.

              Comment

              • emillod
                Active Community Member
                • Apr 2017
                • 1405

                #8
                pitter
                our exchange server marks email with contacts which are contacting us for the first time and this is passed to note under specific ticket. Images pasted inline are removed and visible only if we open full view of the email. But still, whole protection should be done on server side. Unfortunately, most of them doesn't have even viruses scanning program.
                Click image for larger version

Name:	image.png
Views:	57
Size:	34.7 KB
ID:	111952

                Comment

                • pitter
                  Junior Member
                  • Oct 2024
                  • 5

                  #9
                  Hi emillod, thx for the explanation, never to late to learn. But not all customer are able to hold en exchange server, most of my customers using po3/imap. So it would be helpfull.
                  But this is an other discussion.

                  Comment

                  • pitter
                    Junior Member
                    • Oct 2024
                    • 5

                    #10
                    victor doing with filters are a good idea - maybe its possible to extend filters ? for eample with an criterium like "HasContact" ...?

                    Comment


                    • victor
                      victor commented
                      Editing a comment
                      There is no need for this, as you can immediately include a specific email address in the filter. The "From" field is responsible for this.
                  Working...