Security Awareness and Lifting the Abuse Mailbox Burden

Security awareness training helps organizations improve their security posture. Part of that training is enabling the next step after a user recognizes a phishing email—sending the suspicious email to an abuse mailbox. But what happens to an email forwarded to the abuse mailbox?

Less defined processes mean more risk

Experienced organizations may have a well-documented process which includes staff assigned to monitor that mailbox, but smaller or less mature firms often treat the abuse mailbox as an “I’ll get to it when I have time project”.

If the email goes unaddressed, the internal sender either deletes the file or ignores it, hoping that IT or messaging will respond with more information and a verdict on the message. In the worst case scenario, the internal sender assumes that no response from IT or messaging means that the email is OK to open, click, etc. Messages to the abuse mailbox are both a time sink and possible security incident waiting to happen.

Protection through automation

There is a better way to resolve the abuse mailbox monitoring problem. And it starts with automation. For example, with Proofpoint’s Threat Response Auto-Pull (TRAP), messages sent to the abuse mailbox are automatically dissected into its component parts then analyzed against multiple intelligence and reputation systems to determine if any of the content matches malicious markers.

Messages containing credential phishing templates, malware links, and attachments can be surfaced by automatically comparing those message against Proofpoint’s industry-leading reputation and intelligence systems to identify truly malicious messages. Messaging admins can then initiate “auto-pull” on those messages to pull them out of the sender’s mailbox, and if the message was forwarded to other users or distribution lists, the retraction action will follow the trail to pull the messages out and place them in quarantine.

Whether it’s a handful, dozens, or hundreds of messages sent to the abuse mailbox, Proofpoint customers who use Threat Response or Threat Response Auto Pull (TRAP) can take advantage of this capability today, at no extra charge.

For more information, please contact your Proofpoint representative and ask about abuse mailbox monitoring.

Subscribe to the Proofpoint Blog