Email security is a critical component in IT. With the ever increasing volume of spoofing, phishing, and spamming emails hitting people’s mailboxes is very important to set clear policies and procedures on how to mitigate and deal with these security vulnerabilities. On this section I will outline some email security policies you can implement on your email system to mitigate email threats.
Spam filtering software
The first line of defense in an email system is the spam filter. Spam filters scan incoming and outgoing emails for possible threats. Email spam filters are installed at the server level, but most desktop security suites also include email security components. Popular server and desktop email security suites are Symantec Endpoint Protection, Barracuda Security Gateway, Google Apps inbound mail gateway. Most spam filtering software are cloud based nowadays, and some of them employ a sort of machine learning algorithm to combat threats.
SPF stands for Sender Policy Framework and it should be one of the first things you implement when designing a secure mail system. SPF is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving email servers to check that incoming mail from a domain comes from a server authorized by that domain’s administrators. SPF is implemented at the DNS level as a txt record. To create a SPF record, you will need the IP address or addresses of your mail server, and access to your DNS management console. Use an online tool like this http://www.spfwizard.net/ to create a valid SPF record. Your record should look like this “v=spf1 mx a ip4:10.10.10.10 -all”
DKIM stands for DomainKeys Identified Mail and is a cryptographic way of validating the authenticity of an email. DKIM employs a private and public key to make sure the original message is not altered in anyway during transmission. DKIM is also a DNS TXT string based record, but creating the record is little bit more involved than creating a SPF record. Most cloud based spam filters provide DKIM support, and if you are using a connector with your internal mail server it should be a matter of just turning it on and setup the DNS record. If you are using an in-house mail server like Microsoft exchange, then creating the DKIM records is a little bit more difficult .Take a look at this tool to create the record https://github.com/Pro/dkim-exchange
DMARC stands for Domain-based Message Authentication Reporting and Conformance. DMARC needs an SPF and DKIM record in order to work. DMARC makes sure that legitimate emails are properly authenticated against DKIM and SPF records, and that spoof emails appearing to come from own domains are blocked. DMARC pretty much puts an end to spoof emails by making sure that the header of emails are not altered. Spoofing emails headers is a common way for hackers to trick people with fake emails, DMARC was setup to combat that problem. If you already have the SPF and DKIM records in place, then setting up the DMARC record should be straightforward. There are many tags that you can use to setup the DMARC record, I recommend you start with the reporting tag first. Read this guide on how to get started https://support.google.com/a/answer/2466563?hl=en
If you need an extra layer of security for your email communication then you can use email encryption. Outlook for Exchange provide native support for email encryption ( check tutorials below on how to set it up ). You can also use third party encryption software like http://openpgp.org/
Staff & user education
There is no software or security policy in the world that will protect you 100%, that’s why you need to train your IT staff and mail users in best practices on how to deal with fraudulent emails. Train your users how to spot “spoof” emails, and not clicking on attachments from unknown sources, etc.
In the section below you will find many tutorials on how to implement some of the things I mentioned above, and other email security tutorials I might post here.
Email spoofing is a big security issue in IT. Often email users get fake emails pretending to be from colleagues or from their boss, and many of them fall for it sometimes leaking sensitive information to spammers. What is email spoofing? Email spoofing is the process of forging an email address to make it look like is sent from a…
If you are a systems administrator in charge of keeping a mail server running then spoofing emails is probably one of your biggest headaches. Spoofing techniques used by spammers are becoming more sophisticated every day, many of them even employing artificial intelligence to exploit your mail system vulnerabilities. I’ve been researching ways to combat and prevent spoofing emails for years…
One of the best ways to keep your email users on their toes when it comes to e-mail security is to hack them before a real hacker does it first. We just went through this drill at the place I work for as a training. We sent out an email using a publicly available email address ( Gmail ) using…