Warning ... Dumb Questions ...
I'm interested in security but would certainly not claim to be an expert, so there's a good chance I'm talking rubbish but ...
Could a corporate email server replace links in external emails with a link to an intranet page containing the "don't click on links in external emails" guidance?
Could the email server be integrated with the web filter so that incoming links that aren't already whitelisted get put on a temporary blacklist, and staff needing to follow the links could contact IT to have them removed from the blacklist? Perhaps the interface that reads the email server's dumps of the incoming links could look them up and just blacklist those that were registered less than, say, three months ago.
Couldn't the corporate web filter default blacklist .co domains --- and domains that have characters other than periods, dashes and A-Za-z0-9? There must be plenty of valid something-uk.com domains but anything -com.tld seems automatically suspicious to me.
I know none of these solutions are watertight, but wouldn't they help mitigate the risk?
Biting the hand that feeds IT
