Email security is a critical business process that systems admin are responsible for on a daily basis. An organisations email system will either be an on-premise set up (mail system is hosted locally), a hybrid set up with a combination of an email server locally and in the cloud or totally in the cloud using an office 365 solution. Regardless of how you are set up these best practices will apply to you and will outline things you will need to do to keep our email secure and lock down your systems.
Email Security – Start with DNS
DNS plays a pivotal role when it comes to email and email delivery and without it, emails just would not work. The first thing you should have set up is a reverse DNS record or reverse lookup or PTR record. These are important for email validation and all systems look at PTR records to validate your email system. When you send an email outside of your system the IP address that is advertised publicly from your email system must match that of the domain that is in the HELO or EHLO message in the email. A lot of rejected messages are due to incorrect reverse DNS records.
SPF (Sender Policy Framework) record – this is what protects you from sending out and or receiving spoofed messages and especially recognises spoofed emails from your own domain. This is basically a public record (text record) containing a list of servers that should be allowed to send mail from a specific domain. When an “EHLO/HELO” is received a simple lookup needs to match whether a domain name and IP address match that of the public SPF text record.
DKIM (Domain Keys Identified Mail) record – having this set up greatly reduces the chances of your email being regarded as SPAM by a digital signature. DKIM attached a domain name identifier to the email and uses cryptographic techniques to validate authorisation of the email and this process builds trust between the sender and receiver. If your receiving email system does a DKIM lookup and it passes there a good chance that your email will be delivered successfully.
DMARK (Domain-based Message Authentication Reporting and Conformance) record – is basically a record that tells your email system what to do with any emails that fail any tests from the SPF or DKIM record. Depending on the pass/fail result on both the SPF and DIKIM lookups a policy is then assigned that tells you what the mails system will then do with the email whether it’s do nothing, reject the email or quarantine the email.
Filter the SPAM
One of the most important practices when it comes to email security is to ensure that you have implemented a solid email spam filter or security appliance/ service in place to filter the email as it travels in and out of your organisation. A cloud-based version is usually the best solution as it takes a lot of overhead away from your network, they are easy to set up and scalable and fewer chances of hardware failure. These systems do a very thorough job of stopping SPAM and malicious emails from being received into your organisation through a variety of scanning methods.
It is important not only to protect your organisation from receiving malicious emails through your SPAM filter system but it is also important to prevent SPAM emails from being sent out of your organisations. A machine on your network may get infected by a mail-bot and will start sending out a heap of email from inside your network and a good email security system will prevent this.
A setting on your email filter called Raid control will be a handy option you can potentially change to prevent heaps of emails exiting your system from one particular person. By doing this you can set a maximum amount of emails that can be sent out of your organisation at any given time by individuals to a maximum number. Another good option to look at changing your SPAM filter is to turn on the Geo I.P setting. This option will allow you to specify which countries you can receive emails from.
Also look at whether or not your email filter can perform content filtering on your outbound emails. There should be no reason at all that a user will have a need to send out Credit card details via email so its a good idea to look for 12 consecutive numbers which are typically credit card numbers or look for key work credit card and block these email from being sent from your organisation.
The I.T team can spend hours implementing tools and best practices for email security but usually, the best prevention is education. The more you train your users on potential risks and what to look for the safer your users and systems will be. Let your users know what to look out for with SPAM or phishing emails. An example may include looking for something suspicious in the address details of the sender of the email or hover over links in the email first to see if they look legit.
Most spammers need to somehow get your email address from somewhere. Also, educate your users to limit the number of times they enter their work email address into internet web pages unless they absolutely have to and the web page is legit. Also, it’s a good idea to try not to post any email addresses on your public website. Crawlers out there will search for these email addresses and because they know they are legit and they will sell these addresses to and will end up on marketing databases.
If you are running an Office 365 email solution in your network ensure that you are protected. Microsoft has 2 layers of protection, basic protection which is standard the box and advanced threat protection. The Advanced threat protection will be available if you sign up to their E5 subscription plan but if you do not have the E5 subscription and you would like Advance threat protection it will cost you around $2 per mailbox a month. ATP will give you the ability to scan links in email, sandboxing capabilities and better protection from spearhead phishing attempts. These are all important these days to keep yourself protected. If you do not want to use these then you can of course use your own email spam filter service for this.
Another good email security best practice when using the Office 365 solution is to ensure you have a strong password policy and it is highly recommended that you set up 2-factor authentication also for extra security.
If you are using a Microsoft Exchange on-premise solution, just like the ATP module in Office 365 you can also install an anti-spam agent to give extra protection by scanning emails. Again, this may not be needed if you have a solid Spam filter service already in place. If your system is on-premise it would be highly recommended that you ensure that you have the correct firewall rules in place. Ensure that only your email server send and receive via port 25.
Email security is a critical business process that systems admin are responsible for on a daily basis. by following some of these best practices you will ensure that your organisation’s users and systems are safe from the security risks that we are all exposed to.