Email Security – Top 5 Recommendations To Secure Your Communication

Most of us, if not all, have received phishing emails trying their best to convince us to download an attachment or click on a link. Simple Mail Transfer Protocol (SMTP) was designed during simpler times with mail deliverability in mind and security nowhere on the radar. Soon enough, the internet exploded, and as a quick dive into the history of email will tell you, SMTP had to evolve quite a bit to incorporate security controls. However, since some inherent weaknesses exist in the system and because email frauds are here to stay for the foreseeable future, it is best we learn how to identify between a spoofed and a legitimate email.

Additionally, there’s been a spike in such attacks since March this year, with email campaigns doing the rounds in the form of relief packages and donation scams, feeding off on the widespread anxiety surrounding the pandemic. Now more than ever, it is crucial that we take a moment to go over some practical controls that we can implement to ensure that we do our best to protect ourselves against such attacks.

Top 5 Tips to Secure Your Communication

There are some measures we can take to secure our email communication, which includes, but are not limited, to some of the pointers listed below.

Let’s get started!

1. Examine the Message Headers

Depending on your email client, you can find out how to see original message headers that are usually not displayed by default. Once you can view the headers, inspect the SPF and DKIM records to confirm that the message passed these checks. The “Received From” field will contain the route and the IP where the message originated. If you’re suspicious, compare the displayed ‘from’ with the ‘mail from’ field in the message header to verify that the two matches. You can also perform a reverse lookup to trace the mail.

2. Refrain From Downloading Attachments or Clicking on Links

You’ve probably heard this several times already, but that’s because it is the most effective way to steer clear of falling victim to phishing attacks. In addition to maintaining IP blocklists that filter out regular offenders or having controls such as spam filters and antimalware installed, we need to avoid clicking on links consciously. Instead, hover over the link to view where it points or if it is a link to login to an account directly type the address in the browser to visit the site. When it comes to any attachments you might receive, unless it is from a trusted source and you’re certain about the legitimacy of the email, it is better to err on the side of safety and not download them.

3. Use Secure SMTP Ports

Some legacy systems might support port 465 for SMTPS connections as it was previously used to securely exchange messages between the email client and server over an SSL/TLS connection. However, port 587 should now be used as the default port for submitting email messages to a server along with TLS encryption (which can be opportunistic or forced, based upon its implementation). Port 25 is used for relaying messages between mail servers, but unless you’re managing one, you should see no traffic on this port, and it’ll probably be blocked by your service provider. 

4. Configure Your DNS Records With Security in Mind

Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting, and Conformance (DMARC) are DNS records that, if configured correctly, can be used to investigate if a message is spoofed or a genuine email.

SPF records map IPs to domains and signals to the client, which addresses are allowed to send messages on its behalf. DKIM is useful in terms of asserting identity in the form of a digital signature and can be used to verify the message’s integrity. DMARC is used in combination with SPF and DKIM and is the only mechanism that can be used to define the action a server should take if a message fails these tests as it can be indicative of a fraudulent email. Monitoring DMARC flags’ values or observing irregular SPF records with permerror, fail, etc. can help to gain visibility into the flow of the messages.

5. Make Use of Email Signing Certificates for End-to-End Encryption

Secure/Multipurpose Internet Mail Extensions (S/MIME) is a protocol standard with which we can encrypt emails in storage and in transit. That way, even if an attacker intercepts your mail, all they’ll see is scrambled data. Although using an S/MIME certificate encrypts the message and also authenticates the sender’s identity using a digital signature, it does not secure the communication channel itself. For this, the email provider will need to install an SSL/TLS certificate on the mail server.

In Summary

Cyber-attacks have gone up, and email continues to be one of the favorite channels using which to deliver payloads. By exercising the right amount of caution, and utilizing some of the pointers mentioned above, you will, hopefully, be better equipped to identify and block suspicious emails.