E-Mail Security

Email security and anti-spoofing A guide for IT managers and systems administrators This guidance assumes readers have prior knowledge and experience ...

Configure anti-spoofing controls Configure anti-spoofing controls by implementing DMARC, creating and iterating an SPF record and creating and managin...

Phishing attacks: defending your organization  provides a multi-layered set of mitigations to improve your organization ’s resilience against phish...

Implementing controls to secure your domains and emails in transit can generate a lot of data. There are a number of  open source and commercial tools...

Although it is possible to encrypt individual emails using protocols like  PGP or  S/MIME , this requires the sender and recipient to have the necess...

Implement a  DMARC policy of ‘none’ Create and iterate an  SPF record including your mail email senders Create and manage a  DKIM  record for all of...

At this point you should have identified and resolved any issues arising during the  “quarantine phase” . As soon as you are confident DKIM and SPF ar...

During the ‘quarantine phase,’  any failed email will be sent to spam/junk (where the recipient has this enabled). This means the messages are  recov...

In order to ensure that legitimate emails aren’t lost, and that old systems can’t be used to spoof email from your domains, you should put processes i...

Major mail systems today, such as Exchange Online or Gmail, enforce a number of controls designed to thwart the spread of ransomware, reduce the chanc...

The procedures in this section require the Microsoft Report Message or Report Phishing add-ins. For more information, see Enable the Microsoft Report...

When we identify that an email may be phishing or suspicious, we might show a warning or move the email to Spam. If an email wasn't marked correctly, ...

Guidance for websites, mass e-mail campaigns, and fax Major mail systems today, such as Exchange Online or Gmail, enforce a number of controls designe...