does anyone have any tools they use to prevent email bomb attacks?

  • 26 January 2021
  • 27 replies
  • 144 views

Badge +3

does anyone have any tools they use to prevent email bomb attacks? we had an exec who got bombed the other day with hundreds of emails over a three hour period. they all mostly came from different domains so we can’t just blacklist certain domains to stop it and google did not flag them as spam. an EA ultimately cleaned up the inbox and moved things to spam but for a period of time the inbox was unusable.


27 replies

Userlevel 3
Badge +3

presuming there were all external emails, maybe a product that would detect an inordinate amount of emails in an hour and place those emails in some sort of quarantine?


Open Thread in Slack
Userlevel 2
Badge +5

Wow, I don’t think I’ve ever heard of this happening to a random layperson. Can you tell if anything happened to precipitate the attack?


Open Thread in Slack
Userlevel 3
Badge +3

And how public is his email address OR is the email address easy to guess? Might have been a trial run


Open Thread in Slack
Badge +3

Just started randomly. It’s not public at all, it is an account in his personal google workspace account (that he of course forwards to his work account)


Open Thread in Slack
Userlevel 3
Badge +3

might be worth doing a google search for his email address and seeing if its public anywhere


Open Thread in Slack
Badge

I'd tell him to stop forwarding irrelevant email to his work account. If not you, the legal team should.



Open Thread in Slack
Userlevel 3
Badge +3

Good luck with that approach.



Open Thread in Slack
Badge +3

Haha - yea, if only that was an option



Open Thread in Slack
Badge +3

So I did find what I thought was a fix, I set up this script that would in theory filter out all the junk, however the emails were coming in faster than they could be filtered away so it didn’t ultimately end up solving the problem



Open Thread in Slack
Badge +3

https://github.com/garyholeman/CreateGmailFilters



Open Thread in Slack
Userlevel 1
Badge +1

You can place a stronger spam filtering on the user account. move them into an OU with this enabled from the default off you see here.

You can also just send all email into a quarantine for the user but that still means you have to release all the valid email

image.png?pub_secret=32df288958

Open Thread in Slack
Badge

I was not kidding. It saddens me that you guys have to abide by such poor work relations, where you can't inform an/y exec that their behaviour is most likely illegal, potentially causing trouble for the company, and definitely wasting your time. Especially if you can't get proper backing from the legal team.



Open Thread in Slack
Badge +3

I don’t necessarily think it is poor work relations so much as it is that a white glove service approach is expected so when the executives have workflows that keep them productive that they want to keep it is expected that we find ways to secure those workflows and keep them going



Open Thread in Slack
Badge +3

If it was the other way, where they are forwarding their work email to their personal that would be a different story.



Open Thread in Slack
Badge

Sure, but I still don't see how the dude reading his personal email on his work account is in any way positive for the company.



Open Thread in Slack
Badge +3

There is a large blend of work/personal in the VC world



Open Thread in Slack
Userlevel 3
Badge +3

I think in most non tightly regulated industries, there's a mix of work/personal



Open Thread in Slack
Badge

Sure, but I have for twenty (actually, going on thirty now) years used many different accounts and identities, of all kinds of systems. Never would I dream of forwarding from one place to another. There's a reason they are different. Else I would have used the same account.

Only exception, Calendar. I (try to) manage all my Google Calendars in one place. So they are shared with one of my accounts.

Still that isn't actually true. I don't actually manage my many calendars there. I only view them there, so I can see my entire life when making a planning decision. I then do the actual planning in the relevant account.

Also, the forwarding isn't 100% true. I do have more than one work account forwarding to another, but they are within the same organisation, so not mixing legal ground.

Still, I wouldn't hesitate if I saw the CEO of the corporations I work with, or the municipal district chairman or top politician, and just tell them to stop doing that, immediately, and explain the reasons, of course.



Open Thread in Slack
Userlevel 2
Badge +5

It’s true enough, Kim. I wouldn’t dream of doing it myself and I would let one of my execs do it. But I can confirm that the VC world sees a lot of personal/work overlap, which I hypothesize is because the VC world tends to also have poor work/life boundaries. 🙃



Open Thread in Slack
Badge +3

what is this “boundaries” thing you speak of?



Open Thread in Slack
Userlevel 2
Badge +5

no place for boundaries when you’re supposed to be hungry 😉



Open Thread in Slack
Userlevel 3
Badge +3

The word "let" is interesting there. If you say your piece and they still do it (because of convenience) do you really need to go all in with legal and other stuff like that? Juice doesn't seem worth the squeeze



Open Thread in Slack
Userlevel 2
Badge +5

It’s honestly I think more of an HR issue than an IT issue. IT would care about forwarding out, but regular email protections will still protect against forwarding in. The potential for things that are not work appropriate though... HR’s area.



Open Thread in Slack
Userlevel 3
Badge +3

I would agree with that



Open Thread in Slack
Badge

True, thanks for the discussion guys.



Open Thread in Slack

Reply