The False Positive Machine
Posted by WantDebianThanks@reddit | talesfromtechsupport | View on Reddit | 20 comments
To illustrate something, briefly close your eyes and think about how many emails your company gets per day.
Is it a lot?
I bet it's a lot.
The other week the MSP I work for adopted this new email security tool that creates a ticket every time a user gets an email from a new domain.
Bob Bobson signs into the bank account of Bobson's Bait and Tackle, but forgot his password! Freedom Bank and Trust sends a reset link, but his company hasn't gotten any emails from FBT since we adopted the new system, so those emails get routed to us first. We release the email, and FBT should be allowed through.
Later, Joe Mononym at Mononym's Monochrome Signs logs into his account with FBT, gets an MFA link emailed to him, but it goes to us first because we haven't cleared FBT for them.
Also, it (as far as I'm aware) didn't have any kind of learning period or way for us to tell it "these emails are cool".
Finally, it wants us to clear each individual gmail address. I'm not sure if we're clearing FBT per email address too, or if they're per domain.
Between this and the system that lets us know about non-interactive log ins I'm expecting I'll hit 60 billed hours this week while having under 10 hours of working time.
PM_UR_VAG_WTIMESTAMP@reddit
You have to white-list EVERY new email domain? Manually?!?
What in tarnation are they thinking?
WantDebianThanks@reddit (OP)
🤷
Your guess is as good as mine.
meitemark@reddit
Depending on where you live, government may be bad actors.
Scratch that, government wants your money and your complianece wherever you live, so it is most likely always bad. Just do as regular workers do with emails from the IT dep and nullroute them.
WantDebianThanks@reddit (OP)
I'm sure the accountants getting tax docs from the state will love that.
meitemark@reddit
See, I told you that they only want your money :D
vaildin@reddit
You're assuming thinking was involved.
Reinventing_Wheels@reddit
Bold of you to assume they were.
dreaminginteal@reddit
Better yet: It sounds like for some domains, they have to whitelist every individual address in that domain!
All I can think is that the software was set up to ensure maximum billable hours by IT staff...
Immediate-Season-293@reddit
Yeah, I had something like that even back in 2010 that had default white and blacklists that you could edit and whatever, and only stuff it couldn't figure out would get routed to admin. It's weird that someone would sell such a thing - much less that someone would buy it, in 2025.
doglitbug@reddit
I thought we weren't allowed to say white list or black list anymore. 😅
meitemark@reddit
Pinkish list and ... the other list
zenazure@reddit
i had a mild panik after line 4 of this post
carasci@reddit
I feel a great disturbance in the ticket queue...as though millions of accounts suddenly cried out in terror, and you had to mute them one by one.
SilkeSiani@reddit
That sounds like a phisher's dream.
A guaranteed way to de-sensitise everyone to potentially dangerous emails: the techs, because they now see 10000 emails an hour, the end users because now every email comes with "Inspected by IT" tag, the management because they now pay Big Bucks for Bulletproof Inspection Software.
All you really need to do to get onto the "whitelist" now is to spam everybody in the corp with a fake (but safe) "We've updated our privacy policy" email from the company you want to impersonate... and then phish with impunity.
robsterva@reddit
My employer uses a similar system.
We trained it for several months and scanned all existing mailboxes before unleashing it on new email. It's gone fairly well, actually.
Daltesse@reddit
to be fair, Joe Mononym... I know that guy, shady as fuck, need to be reviewing his emails 👀👀
Legion2481@reddit
I hope to god most of your clients employees keep similar hours to you.
Imagine some brand new 3rd shift guy haveing to wait until 8am or whatever to be able receive there MFA confirmation email because this user hasn't ever received anything before ever. And that client didn't spring for off hours on call service.
MoneyTreeFiddy@reddit
Congratulations! They re-invented telephone operators!
JoeDonFan@reddit
Holy carp. An idea that stupid probably got someone a massive bonus.
ChickensInTheAttic@reddit
Might want to look into greylisting - it would get rid of most of your false positives I'd bet.