1 tutorial Email Security

Email security is a critical component in IT. With the ever increasing volume of spoofing, phishing, and spamming emails hitting people’s mailboxes is very important to set clear policies and procedures on how to mitigate and deal with these security vulnerabilities. On this section I will outline some email security policies you can implement on your email system to mitigate email threats.

email secuirtySpam filtering software

The first line of defense in an email system is the spam filter. Spam filters scan incoming and outgoing emails for possible threats. Email spam filters are installed at the server level, but most desktop security suites also include email security components. Popular server and desktop email security suites are Symantec Endpoint Protection, Barracuda Security Gateway, Google Apps inbound mail gateway. Most spam filtering software are cloud based nowadays, and some of them employ a sort of machine learning algorithm to combat threats.

SPF record

SPF stands for Sender Policy Framework and it should be one of the first things you implement when designing a secure mail system. SPF is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving email servers to check that incoming mail from a domain comes from a server authorized by that domain’s administrators. SPF is implemented at the DNS level as a txt record. To create a SPF record, you will need the IP address or addresses of your mail server, and access to your DNS management console. Use an online tool like this http://www.spfwizard.net/ to create a valid SPF record. Your record should look like this “v=spf1 mx a ip4: -all”

DKIM record

DKIM stands for DomainKeys Identified Mail and is a cryptographic way of validating the authenticity of an email. DKIM employs a private and public key to make sure the original message is not altered in anyway during transmission. DKIM is also a DNS TXT string based record, but creating the record is little bit more involved than creating a SPF record. Most cloud based spam filters provide DKIM support, and if you are using a connector with your internal mail server it should be a matter of just turning it on and setup the DNS record. If you are using an in-house mail server like Microsoft exchange, then creating the DKIM records is a little bit more difficult .Take a look at this tool to create the record https://github.com/Pro/dkim-exchange

DMARC record

DMARC stands for Domain-based Message Authentication Reporting and Conformance. DMARC needs an SPF and DKIM record in order to work. DMARC makes sure that legitimate emails are properly authenticated against DKIM and SPF records, and that spoof emails appearing to come from own domains are blocked. DMARC pretty much puts an end to spoof emails by making sure that the header of emails are not altered. Spoofing emails headers is a common way for hackers to trick people with fake emails, DMARC was setup to combat that problem. If you already have the SPF and DKIM records in place, then setting up the DMARC record should be straightforward. There are many tags that you can use to setup the DMARC record, I recommend you start with the reporting tag first. Read this guide on how to get started https://support.google.com/a/answer/2466563?hl=en

Email encryption

If you need an extra layer of security for your email communication then you can use email encryption.  Outlook for Exchange provide native support for email  encryption ( check tutorials below on how to set it up ). You can also use third party encryption software like http://openpgp.org/

Staff & user education

There is no software or security policy  in the world that will protect you 100%, that’s why you need to train your IT staff and mail users in best practices on how to deal with fraudulent emails. Train your users how to spot “spoof” emails, and not clicking on attachments from unknown sources, etc.

In the section below you will find many tutorials on how to implement some of the things I mentioned above, and other email security tutorials I might post here.

Email Security Tutorials

Email spoofing is a big security issue in IT. Often email users get fake emails pretending to be from colleagues or from their boss, and many of them fall for it sometimes leaking sensitive information to spammers. What is email spoofing? Email spoofing is the process of forging an email address to make it look like is sent from a known email address. Basically in a spoofed email the from: field is modified to make it look like the email is coming from a person the recipient know.The result is that the email recipient sees the email as having come from the address in the From: field; but if they reply to the email it will go to Reply-to email address which is an email address the spammer might have setup to receive those replies. Why is email spoofing possible?…