|Email Plug-in (Reporting):||1.1.0-114|
|Email Plug-in (Encryption):||1.2.1-118|
We've been getting an influx of email from random gmail accounts with no subject and rarely anything in the body. The body may contain a few commas or a single word like "HI". Its annoying and obviously spam.
Just curious since there's very limited things you can do to prevent this, but perhaps do you block blank subjects? How many valid emails do you think are accidently sent without a subject? Is this something that anyone has ever explored and did it cut back on any of this junk?
I do have one example however where both the subject and the body was just the word Hi. I think this bait is trying to get people to reply back and catch valid email accounts. I think these are bots or hijacked gmail accounts.
Perhaps being lazy, but I wanted to know how to block blank subjects (for the same reason) and am unable to see that in content filters.
I agree, the default reputation sensitivity is not the best, I torqued mine down quite a bit.
You can block blank subjects from the usage of content filters or message filters.
You will need to select condition -> Subject > "contains" -> ^$
You can also add the additional condition was well -> Other Header -> Subject -> ^$
Action -> Drop, or quarantine.
It appears that it is mostly Gmail that is abused for those non worthy HI or empty body emails..So we could filter this way only if the sender is from gmail probably..
Anyone would know what is the intent behind these emails and why gmail do not do anything for this abuse ?
My wild guess is that these emails are only use to validate if their email list is right for their next targeted attack to eliminate any potential bounce
This is purely speculation on my side but i do have to agree with that.
It is likely a compromised / fake account used to try to harvest valid email ID information for next wave of attack or to begin a targetted attack.
Unfortunately due to gmail servers being of high reputation it is generally not advisable to run this type of filter in for all gmail as it will in turn cause a LOT of false positive matching, even with boundary matching.
Any final thoughts on this please? Is cisco working on a native detection of such use cases?
Blank subject and/or blank body only are pretty much straight requirements? What would cause FPs? Please enlighten.
In the case you describe, is the total message size sufficiently small to preclude the possibility of legitimate mail?
I'm presuming that all of this Gmail is the genuine article and not simply forged Gmail envelopes?