A nice-to-have feature, for our over-zealous users who like to report every unexpected message as nefarious, would be a way for the organization to append a unique identifier (from account settings, similar to Phish Alert license key) to messages so that when a user clicks on 'Phish Alert' they receive the response that 'this was a legitimate communication sent by your organization'.
This could definitely come in handy for organizations using cloud services to distribute internal communications and updates. It would definitely need to be obscure and meaningless to others in the event that a malicious actor intercepts or receives a forwarded email from the company and attempts to 'whitelist' their emails against Phish Alert.
additionally: the Phish Alert mechanism shouldn't delete the email if it is deemed 'safe' as in having the unique identifier embedded.
Perhaps this could be done via mail headers, or DKIM/SPF/DMARC?
Please sign in to leave a comment.