Hi, On Wed, Apr 6, 2016 at 11:39 AM, John Hardin <jhar...@impsec.org> wrote: > On Wed, 6 Apr 2016, Alex wrote: > >> Yes, blocking all .doc files would be tough for us. However, maybe a >> rule that weights their existence them more heavily combined with >> something involving finance+money+invoices would be helpful. > > Would blocking with whitelist exceptions for expected sources work for you?
Unfortunately not. It's a business with a lot of little vendors, apparently. I'm surprised at just how many legitimate senders use junk email addresses like jo...@cox.net to send actual invoices for services. Thanks, Alex
