We have released a research paper titled Email Correlation and Phishing. This paper describes, in some detail, how we use data correlation techniques to identify the “correct” senders of messages, which allows us to help identify spammers and spam/phishing messages and block them accordingly.
These techniques are very useful in detecting phishing messages that try to pose as legitimate messages by organizations. In this regard, not only is it useful in targeting “conventional” phishing attempts, it may also be able to detect and block more targeted threats aimed at organizations that use the same tactic.
These steps and techniques are necessary as spam and phishing techniques continue to improve. In particular, these phishing messages are very difficult to detect using techniques based on content, and both IP blacklists and email authentication, while useful have certain limitations. The techniques described in the paper are a useful addition to our existing tools, and demonstrate our expertise both in big data and today’s threats.
The full details of these techniques can be found in the paper Email Correlation and Phishing.