I am working for a recruitment firm as an IT guy. as you might know recruitment firm sends and receives lots of sensitive information like resume and so on and the business requested us to come up with some solution that systematically prevents misdirected email to be sent out as misdirected email could lead our business to go downhill.
Example scenario that I would like to prevent is like this:
1. a consultant attaches a candidate’s resume in email which is intended to be sent to a client John[@abc.com](mailto:[email protected]).
2. The consultant sends this email to a client John[@xyz.com](mailto:[email protected]).
I was thinking that if we standardize attachment’s file name like below, maybe there is a system or solution that prevents this kind of scenario from happening?
-Attachment’s file name always has recipient client’s domain name (e.g. resume_abc.com)
*This needs to be done manually or by system somehow.
with this standardized file name, I was thinking of like this:
1. A consultant attaches a resume named candidate_**abc**.com and send email to John[@**xyz**.com](mailto:[email protected])
2. System or solution will check the attachement’s file name and the recipient’s domain and compare two if the attachment has the matching domain in the file name. if the matching domain is found in the file name, allowed to be sent, if not, blocked or show a pop up to make the sender to confirm if it is really ok to be sent out.
My questions to security professionals here are the followings:
1. is there such system or solution described above to prevent misdirected email?
2. How does your company prevents this type of misdirected email from happening?
3. Is there any other good ways to prevent this type of misdirected email?
I appreciate your comments and opinions on this :)