Question: What is e-mail security?
Answer: E-mail security is a security product designed around sending and receiving e-mails. Most of the time, these products will scan e-mails for malicious attachments, links, and other elements of the e-mail, such as the sender, to help ensure that an e-mail is legitimate and safe to interact with.
Question: Do I need a sophisticated e-mail security solution?
Answer: A mature e-mail security solution will provide more protection against malicious e-mails, but also the solution can also quarantine spam e-mails, resulting in a cleaner inbox. Fewer spam e-mails equal more time for productive work. In my testing, my e-mail security solution quarantined almost 30 spam e-mails, and my inbox has stayed very clean, with only legitimate e-mails that needed my attention. Therefore, I believe that, yes, you should strongly consider an e-mail security solution.
Now that we have established an e-mail security solution and whether you need one, let me elaborate on the e-mail security solution I have implemented in my environment. I leverage Proofpoint as my e-mail security solution. Proofpoint seems to be an effective security solution providing enterprise-grade security for a compelling price. Proofpoint’s Essentials has saved me time by quarantining roughly 30 spam e-mails within a week.
Elements of E-mail Security
Elements used in e-mail security include DNS records such as SPF, DKIM, and DMARC, screening e-mail headers, URL links, and attachments, as well as other aspects of the e-mail.
DNS Records and Purposes
SPF Record
The SPF record is a record you place inside your DNS, which outlines the acceptable domains from which e-mails can be sent. When your e-mail is received, the receiving e-mail security provider can scan the e-mail header and compare the domain from which the e-mail was sent against your SPF record to confirm that the e-mail is, in fact, legitimate.
DKIM Record
The DKIM record takes the SPF record one step further by providing an encryption key attached to your outgoing e-mail. The receiving e-mail server can compare the encryption key against your DKIM record to verify the sender’s identity.
DMARC
Your DMARC record applies to incoming e-mails. If any incoming e-mail fails the SPF or DKIM record check, the DMARC record determines whether to quarantine or drop the e-mail.
E-mail Headers, URL Links, and Attachments
E-mail Headers
The e-mail header contains information such as the sender, recipient, source and destination, DKIM signatures, and other information like content type. HTML or plain text. As far as e-mail security is concerned, e-mail security solutions use the e-mail header to help identify possible malicious or spam e-mails.
URL Links
Most e-mail security solutions will scan any links provided in the e-mail for any malicious payloads at the end of the link. These e-mail security solutions open the e-mail link in a sandbox environment and scan the destination in the sandbox environment to see if the destination has any embedded malicious code.
Attachments
Like URL links, e-mail security solutions can scan any attachments for malicious code. We are opening the attachment in a sandbox environment and scanning the attachment for malicious code.
Conclusion
There are many aspects of e-mail security that I did not cover in this post, and the subjects that I did touch on could be expanded on. This was a surface-level explanation of what you can expect from an e-mail security solution and how it protects you. I do need to express that no solution is perfect. When your security solutions fail, trained staff needs to be able to act accordingly and respond to possible malicious e-mails that slip through.
Comments