Reputation based blocking should be created, you have the data to do it.
Use investigate to look up email@example.com
That email has 82 domains, 7 marked as malware the remainder no classification
A quick look at the domain names, they look to be DGA.
I personally go in an block all of the domains from jokers like this, but what a hassle and so many that I don't know about to proactively block.
A simple algorithm could classify this as a reputation block category thereby proactively blocking future malware/botnet sites you know will go active down the road.
Please sign in to leave a comment.