I'm dealing with a problem where our users can whitelist email senders, but we use Barracuda for email security. The catch is that when a user adds a sender policy for a domain, it overrides all other security checks unless a virus is detected. This means that if an email fails SPF verification, it still gets delivered. I'm worried about the risks involved because users might unknowingly click on harmful links. I've been voicing concerns about this issue for a while, and I'm even considering switching to a different product. We've discussed the possibility of removing users' ability to whitelist completely, but that would likely lead to a flood of requests to our Help Desk. How does everyone else manage their email whitelisting? Thanks for your insights!
2 Answers
I suggest just removing the whitelisting capability altogether. If users are having to whitelist too many emails, it probably means your filtering settings need some adjustments. In my experience at a large company, we only have a handful of whitelisted emails and those are for necessary B2B relationships. It keeps our email security tight.
First, what's the scale of this issue? Are users whitelisting a lot of questionable domains? It sounds like some users might find it easier to whitelist rather than release emails from quarantine. Maybe investigate how many legit emails are caught in spam and consider allowing users to release them without needing to whitelist.
That seems to be the case—users are whitelisting legit domains just to avoid the hassle. They have the option to release emails, but it's ground for concern. We might need to rethink our policy options, including potentially removing whitelisting entirely.