As we get ready for a MEG transition off of a legacy mail platform, I'm observing a lot of the phishing schemes that seem to make it through legacy filter. The phishes against linkedin for instance, are nearly identical to known messages but the links are just modied. Often a hallmark of a phish is where a printed http address doesn't match the link target under it.
Has anyone done any rewriting of links to neuter their clickability and force users to copy and paste? How would that be done in MEG7?
I talked with support on this while discussing another matter. In short, no one was aware of such functionality.
Q: generally speaking, how happy are you with the antispam capabilities? Are phishes that are patterned strongly after legit emails from well known brands picked up by GTI and IP reputation filters effectively enough?
I asked about this exact functionality less than a year ago. Support indicated this was something that would be in 7.0 and did not exist in 6.7.x
I tried to use the string re-write capability built into the product as a content-filter action for this anyway (e.g. change HTTP to HxxP or whatever). It worked perfectly, except it only took effect about ~50% of the time and would never work any better. Because of this we eventually abandoned the idea.
I haven't looked at 7.0 yet to see if it does actually have this functionality and it is usable, but it doesn't sound like it from the above note.
You could try the content filter action to rewrite HTTP and see if it is more effective in 7.0