Unique organization code to mark internal emails as 'safe' in Phish Alert integration
A nice-to-have feature, for our over-zealous users who like to report every unexpected message as nefarious, would be a way for the organization to append a unique identifier (from account settings, similar to Phish Alert license key) to messages so that when a user clicks on 'Phish Alert' they receive the response that 'this was a legitimate communication sent by your organization'.
This could definitely come in handy for organizations using cloud services to distribute internal communications and updates. It would definitely need to be obscure and meaningless to others in the event that a malicious actor intercepts or receives a forwarded email from the company and attempts to 'whitelist' their emails against Phish Alert.
additionally: the Phish Alert mechanism shouldn't delete the email if it is deemed 'safe' as in having the unique identifier embedded.
Perhaps this could be done via mail headers, or DKIM/SPF/DMARC?
Thanks for your request. I have forwarded your idea to our development team for review. We base a lot of our development on customer feedback so we appreciate your input.
Kirjaudu sisään jättääksesi kommentin.