In the following post, I will be listing down various security measures to assist us from email based threats. Most of the following email security mechanisms can be implemented for free or minimal cost. However, most of the modern solutions from vendors like Microsoft, Mimecast makes the administration job easier and reduces the mean time to respond.

Following are the different email security mechanisms that can be used to mitigate email threats:

• Email envelope spoofing: SPF
• Email header spoofing: No one mechanism is sufficient so SPF + DMARC, or DKIM + DMARC, or SPF + DKIM + DMARC
• Display name spoofing: Advanced threat filters, transport rules, and user awareness
• Compromised mailboxes or “legitimate: senders: Advanced threat filters, transport rules, and user awareness
• Malicious URLs: Web filter, web proxy
• Malicious Attachments: Sandboxing, Extension Whitelists

Email Security Mechanisms with Definitions:

Sender Policy Framework (SPF)

SPF is a DNS TXT record that contains a list of servers from which they send emails. We include the IP addresses of all the SMTP servers and other server like certain web servers that are likely to send emails to the SPF records. The idea is that when a receiving server receives an email from their domain, checks the list of legitimate sources using SPF, and verifies if the received email was legitimate or not.

DomainKeys Identified Mail (DKIM)

DKIM is a key-pair signing mechanism for the header of mail messages. When you send an email, our authorized SMTP server attaches a signature to the message using a private. The private key is then compared to the public key published in DNS of your domain and adds authenticity on the receiving end.

Domain Message Authentication Reporting & Conformance (DMARC)

DMARC record like the above is another TXT record in DNS which tries to make up for the weaknesses in both SPF and DKIM. If either DKIM or SPF alignment passes DMARC evaluates as a “PASS” or known as DMARC “alignment”. DMARC alignment is only enforced when your policy (p=) is set to “reject” or “quarantine”.