search cancel

Phishing Assessment tests and Email Security.cloud

book

Article ID: 172699

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

Using an external service for phishing assessments, emails get blocked by Email Security.cloud or click-actions do not get performed by the recipient user.

Cause

All emails that are sent through the Email Security.cloud platform are subjected to normal scanning practices and phishing assessment emails are no exception. As a result, these types of emails may get stopped by either the Anti-Spam or Anti-Malware scanners.

Part of the Anti-Malware scanning process is a feature known as "Link Following" which checks for anything potentially malicious waiting behind a link. This check may result in link recording a "click" action.

Unlike Anti-Spam scanning, it is not possible to exclude a sender from Anti-Malware scanning.

Resolution

Sending phishing assessment tests through the Email Security.cloud infrastructure is not recommended. Instead, send tests directly to the receiving mail server which bypasses the Email Security.cloud platform. Many phishing assessment services provide a method for delivering their emails by a static mail route. This route can be set to the mail server address. If the firewall is properly locked down to only accept Symantec IP ranges, open a path to the phishing assessment sending servers. The service provider can assist with the configuration steps required.

Please do not submit phishing assessment emails as false positive detections.