LUCY

User Tools

Site Tools

Trace:
avoid_spam_issues

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
avoid_spam_issues [2019/07/29 17:25] – * lucyavoid_spam_issues [2021/12/14 07:04] (current) – ["Deceptive site ahead". What can I do?] lucysecurity
Line 176: Line 176:
  
 In case you rent a VPS through LUCY Security, we kindly ask you first to contact the the blacklist site and request a de-listing. If you cannot get delisted in a reasonable time, please get in contact with us and we can request an IP address change. In case you rent a VPS through LUCY Security, we kindly ask you first to contact the the blacklist site and request a de-listing. If you cannot get delisted in a reasonable time, please get in contact with us and we can request an IP address change.
 +
 +===== "Deceptive site ahead". What can I do? =====
 +{{ :deceptive_site.png?600 |}}
 +
 +If you are seeing a message like this, it means that the domain name was blacklisted by Google.
 +
 +Here are the different methods to resolve the issue (in order of recommendation):
 +
 +**Option 1.** Perform the Google Whitelisting procedure.\\
 +To whitelist the domain please review this article:\\
 +[[google_whitelisting|Google Safe Browsing]]
 +
 +**Option 2.** In case Option 1 doesn’t work, it's advised to choose another template for the Phishing Scenario and try again using the same domain in the scenario settings.
 +
 +**Option 3.** This option is the extended version of Option 2, but at this point also change the domain in the scenario settings. For the domain configuration please refer to a dedicated article [[domain_configuration|Domain Configuration]].
 +
 +**Option 4.** Repeat the recommended steps from Options 2-3 and check the domain status for the existing issues in the search console:\\
 +https://search.google.com/search-console/
 +\\
 +Then fix the issue and send the site again for a review confirming that the issues have been eliminated.
 +Please refer to [[google_whitelisting|Google Safe Browsing]] at this step.
 +
 +**Option 5.** The fastest and easiest option is to abandon the current domain name and register a new one.
 +The registration process is described here:
 +[[domain_configuration|Domain Configuration]].
 +
 +**Option 6.** In case if LUCY administration domain got blacklisted, there's a way to still be able to access it, but this would require the deactivation of Safe Mode, which is not recommended.\\
 +If access is needed urgently, follow these steps (**WARNING!** This setting is applied globally for the browser!):
 +  - Open Chrome 
 +  - Go to Settings > Privacy. 
 +  - Toggle off Chrome's Safe Browsing mode.
 +
 +After the actions above, the Deceptive Site message won't appear in your browser and the LUCY administration panel is available again.
 +
 +You can check if your domain got blacklisted by Google via the link below:
 +https://transparencyreport.google.com/safe-browsing/search
 +
  
 ===== Whitelisting in different products ===== ===== Whitelisting in different products =====
  
 **GSuite/Google Apps** **GSuite/Google Apps**
-  * This is the recommend setting if you do not have a cloud-based spam filter in front of GSuite. + 
-  * Login to https://admin.google.com and select Apps. +Please review [[gsuite_whitelisting|this]] article.
-  * Select GSuite. +
-  * Select Gmail. +
-  * Select Advanced Settings. +
-  * In the Organizations section, highlight your Domain (Not an OU). Note: GSuite does not allow whitelisting by IP Address for individual OUs, only the entire domain. +
-  * In the Email whitelist section, enter the LUCY IP address +
-  * Scroll to the bottom and click Save. The setting may take up to an hour to propagate to all users.+
  
  
 **Office365** **Office365**
-  * Log into your Office 365 portal and go to Admin/Exchange 
-  * Click on Service Settings/Mai/Mail Flow 
-  * Click the (+) Create New Rule button under Mail Flow/Rules 
-  * Give the rule a name 
-  * Click on "more options". 
-  * Add a condition --> "Apply this rule if...." 
-  * Select "The sender's domain is...", then enter your domain(s) 
-  * Add an action --> "Do the following..." 
-  * Select "Set the spam confidence level (SCL) to...", then select "Bypass spam filtering". 
-  * Click Save  
-  * If emails with certain attachements get blocked, setup a safe attachement policy: https://support.office.com/en-us/article/set-up-office-365-atp-safe-attachments-policies-078eb946-819a-4e13-8673-fe0c0ad3a775 
  
-**O365 Advanced Threat Protection**  +Please review [[o365_whitelisting|this]] article.
-  * Go to https://protection.office.com and sign in with your work or school account. +
-  * In the left navigation, under Threat management > Policy > Safe Links. +
-  * In the Policies that apply to specific recipients section, choose New (the New button resembles a plus sign ( +)) to create a new policy. (Alternatively, you can edit an existing policy.) +
-  * Choose New to add a Safe Links policy for specific email recipients +
-  * Specify a name and description for your policy. +
-  * In the Do not rewrite the following URLs section, select the Enter a valid URL box, and then type a URL, and then choose the plus sign (+). +
-  * In the Applied To section, choose The recipient is a member of, and then choose the group(s) you want to include in your policy. Choose Add, and then choose OK. +
-  * When you are finished adding URLs, in the lower right corner of the screen, choose Save.+
  
  
Line 254: Line 266:
  
 To add a global Approved Sender:  To add a global Approved Sender: 
-1.Select Services > Email Services > Anti-Spam. +  * Select Services > Email Services > Anti-Spam. 
-2.Ensure that Global Settings is selected in the domains drop-down list. +  Ensure that Global Settings is selected in the domains drop-down list. 
-3.Click the Approved Senders tab. +  Click the Approved Senders tab. 
-4.Click the Add Entry option. +  Click the Add Entry option. 
-5.The Domain/Email/IP and Description fields become editable. +  The Domain/Email/IP and Description fields become editable. 
-6.In the Domain/Email/IP field enter the IP address of the LUCY server. +  In the Domain/Email/IP field enter the IP address of the LUCY server. 
-7.In the Description field, enter brief details about the new entry. +  In the Description field, enter brief details about the new entry. 
-8.To add the entry to the list, click Update.+  To add the entry to the list, click Update.
  
 This new policy will allow any inbound mail flow originating from LUCY's IPs to reach your users. This new policy will allow any inbound mail flow originating from LUCY's IPs to reach your users.
 +
 +===== Catenator scripted module =====
 +
 +Any LUCY instance can be optionally hardened with the additional scripted module Catenator.
 +It allows intercepting and redirecting requests that analyze phishing activity, minimizing the chance of LUCY instance to be blocked / blacklisted.
 +More info [[catenator|here]]
 +
avoid_spam_issues.1564413929.txt.gz · Last modified: 2019/07/29 17:25 by lucy