- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-07-2020 06:35 AM
I am curious to know if the organization I work at gets a blast email to 500 employee's from an external B2B marketer does the wildfire analysis get performed on all 500 identical emails or does it simply do it once knowing the email and links are identical.
08-07-2020 09:15 AM
As per my knowledge WF maintains trusted domain list and it will examine the external email address only once.
Regards
08-07-2020 11:03 AM
Actually yes, the firewall is doing the analysis for every email. It does not really care about the url, it simply forwards it to wildfire - in batches of 200 URLs per upload or all 2 minutes - depending on which limit is hit first. About the list of trusted sites I am not sure, as theoretically there is nothing like trusted site. On every website there is the potential risk that it gets hacked and will be used to host malware or exploit kits. But at least I think, there is a timer that a website is not ddos'ed by wildfire and only scanned for example max. once per hour or day. About a local check if the urls are identical, @jdelio could you say something about this? But often the links in such mass-emails aren't identical, every link is different to track which recepient clicks on the url.
08-07-2020 01:48 PM
@Remo and others..
From the official documentation on WildFire email analysis..
It states:
"WildFire visits submitted links to determine if the corresponding web page hosts any exploits or displays phishing activity. A link that WildFire finds to be malicious or phishing is:
08-09-2020 03:52 AM
@jdelio My question was more about if the firewall already does a local check for the urls? Or does it - in the case like in this topic - upload 500 times exactly the same URL to wildfire if there are 500 incoming emails with this one URL?
08-11-2020 04:59 AM
@Remo That is what I am trying to understand as well. If 500 people in my organzition all receive the same email with the same url http://www.website.com/page123. Is that URL submitted 500 times and scanned 500 times or does it scan that URL once?
08-11-2020 07:02 AM
@joecbrown and @Remo
When there are 500 of the exact same link.. I would like to think that it would count them as one, but I will ask the experts about this and see what they are able to tell me.
I will respond as soon as I have an answer.
08-13-2020 07:48 AM
OK, @joecbrown , @Remo and everyone else.. found the info..
Actually I was able to get the details from people who looked at the code, and other detailed info.. and it looks like there will be 500, because each one comes from a different email header and we produce separate reports with the specific session information associated with the SMTP, IMAP or POP3 session. So, all links are sent to the cloud at this time, duplicate or not.
08-13-2020 08:06 AM
Thanks @jdelio
This makes sense, as the URL is only one of the different attributes contained in wildfire report.
08-13-2020 08:14 AM
Many thanks for this great info!
Regards
08-13-2020 08:22 AM
@jdelio wrote:
So, all links are sent to the cloud at this time, duplicate or not.
Hmn ... what if now all these attributes are the same? Either if the same email really was sent 500 times or if the same email was sent to 500 recipients in bcc. In this case the firewall would only show the actual recipient in the to field of the email but nothing about bcc. But I assume even then there it will be forwarded to wildfire 500 times.
08-14-2020 07:57 AM
Yes @Remo , it would seem that it treats them individually, so yes, 500 links to WildFire.. In batches of 100.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!