E-Mail Security

Guidance for websites, mass e-mail campaigns, and fax Major mail systems today, such as Exchange Online or Gmail, enforce a number of controls designe...

Major mail systems today, such as Exchange Online or Gmail, enforce a number of controls designed to thwart the spread of ransomware, reduce the chanc...

In order to ensure that legitimate emails aren’t lost, and that old systems can’t be used to spoof email from your domains, you should put processes i...

During the ‘quarantine phase,’  any failed email will be sent to spam/junk (where the recipient has this enabled). This means the messages are  recov...

At this point you should have identified and resolved any issues arising during the  “quarantine phase” . As soon as you are confident DKIM and SPF ar...

Implement a  DMARC policy of ‘none’ Create and iterate an  SPF record including your mail email senders Create and manage a  DKIM  record for all of...

Although it is possible to encrypt individual emails using protocols like  PGP or  S/MIME , this requires the sender and recipient to have the necess...

Implementing controls to secure your domains and emails in transit can generate a lot of data. There are a number of  open source and commercial tools...

Phishing attacks: defending your organization  provides a multi-layered set of mitigations to improve your organization ’s resilience against phish...

Configure anti-spoofing controls Configure anti-spoofing controls by implementing DMARC, creating and iterating an SPF record and creating and managin...

Email security and anti-spoofing A guide for IT managers and systems administrators This guidance assumes readers have prior knowledge and experience ...