14
Can we talk about how long it took me to fix a simple phishing filter
I spent three full days trying to stop a phishing email that kept slipping through our spam filter at work. Everyone said to just update the rule list, but that did nothing. Turns out the issue was a custom whitelist the previous IT guy set up back in 2019 that allowed emails from a specific domain. It took me 72 hours of digging through logs, testing filters, and finally calling a buddy at a different company to figure it out. I felt pretty dumb when I found that whitelist, because it was just sitting there in a settings menu I didn't check. How long have you guys spent on something that should have been a quick fix? Has anyone else found hidden settings that cause way bigger problems than they should?
2 comments
Log in to join the discussion
Log In2 Comments
logan_schmidt4d ago
Man I read a similar story on a sysadmin subreddit the other day about someone who spent a WEEK hunting down a phantom email issue only to find out it was some "temporary" forwarding rule their manager set up two years ago and forgot about. That custom whitelist thing you found is EXACTLY the kind of nonsense that makes IT work feel like hunting ghosts. I had a buddy who found a hidden exception in their spam filter from a vendor install that basically gave a free pass to anything with "invoice" in the subject. 72 hours is brutal but at least you found it, the guy in that subreddit almost got fired before he stumbled on the forwarding rule.
5
nathang674d ago
Gotta say, I used to roll my eyes at stories like this thinking "how hard can it really be to find a setting?" but after dealing with a similar ghost hunt at my last place I totally get it now. We had this weird issue where emails from one specific client kept getting flagged as spam, nothing in the logs made sense for like two days. Turned out some intern back in 2019 had added a custom rule to block anything from an old vendor domain and the client happened to use the same email service. Took forever to trace because the rule was buried under like five layers of settings nobody ever touches.
1