Phishing can be a considerable security hazard for businesses. Hackers are becoming increasingly sophisticated in how they use this method of attack, and are continuously finding better ways to trick users into following links and disclosing information.

The situation is made more complex because there are so many different vectors an attacker can use to carry out a phishing attack – and email is one of the most common methods to do so. Despite this, anti-phishing protection is not generally offered as a standalone product for email servers. Instead, it is offered as one of the many features in a server-based anti-spam solution.

However, it is important to note that anti-spam and anti-phishing solutions are not exactly the same thing. Protecting your system from phishing attacks requires slightly different technology than that which is used to stop spam.

To clarify this point, I will look at the three most important anti-spam technologies that provide an optimum level of anti-phishing protection.
There are two types of phishing attacks: regular phishing and spear phishing.

Spear phishing targets a specific organization and has a number of advantages over a regular phishing attack. A spear phishing attack is often tailored in such a way that any communication appears to be legitimate to users in that particular organization; with different techniques used to bypass some features in anti-spam solutions, thus increasing their effectiveness.

So which three technologies would you want your anti-spam solution to have in order to effectively deal with phishing attacks, and why do these technologies help so much?

SPF (Sender Policy Framework):
SPF works on the concept that some emails spoof their origin email address. This is especially true for phishing emails that are attempting to look legitimate, for example using the corporate identify of a well-known company. SPF catches these attacks by comparing the host of the email received, against a list of email servers that are authorized to send emails on behalf of that domain. This method is actually very effective at stopping both regular phishing emails and spear phishing emails.

DNSBL (DNS blacklist):
DNS blacklist is a technology where third-party projects use various techniques to monitor for hosts that send spam emails. They catalogue these spam hosts in a database that is then made available through the DNS system. Server anti-spam products can query these databases to ensure that the email server sending you an email is not blacklisted. While regular phishing emails are likely to be sent from such blacklisted sources (since they are generally sent through regular spam channels) spear phishing attacks can circumvent this by specifically using a clean source that hasn’t previously been associated with spam.

Anti-Phishing Database:
Some server anti-spam solutions have their own databases that are designed to combat phishing. Such databases contain finger print information that detects various elements found in phishing emails. Such a module is very effective against regular phishing emails, but is often less effective against tailored spear phishing emails.

While these three anti-spam technologies should provide the biggest value when it comes to fighting off phishing attacks, they are not the only technologies you can find in a server-based anti-spam solution. Technologies such as greylisting and Bayesian analysis can also help to block such attacks. Whatever solution you decide to buy, choose a solution that has the specific features and strengths to fight off phishing attacks. Remember, a good upfront investment can save you time and money later on.

This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about what the right server anti-spam solution for your company should include.

All product and company names herein may be trademarks of their respective owners.