Module 13: Section 10.9.1 Email Security

Sender Policy Framework (SPF) record

- Email authentication method - works by verifying the sender's IP address against a list of authorized sending IP addresses published in the DNS TXT records of the email sender's domain.

Email Security Gateway

- a security solution that monitors emails that are sent to or originate from an organization. - an be software-, vurtialized, hardware-, or cloud-based. - offer spam protection, malware and virus scanning, email encryption, and data loss prevention

Secure POP/IMAP (Post Office Protocol/Internet Message Access Protocol)

- both of these protocols support the use of SSL/TLS in order to create a secure tunnel when connecting to an email server.

S/MIME protocol

- most common and widely accepted protocol for email encryption - requires the use of a public key certificate in order to encrypt and decrypt email messages. - one for encrypting the email and another for digitally signing the email.

Spam Filtering

- offered by a lot of gateways - filter will try to filter out unwanted or unsolicited emails and prevent them from arriving to the end users. - use lists to know what to block - Not super reliable

Data Loss Prevention (DLP)

- scan all outgoing emails for sensitive information. - Both the message body and attachments are scanned and if sensitive information is found, the email will be blocked. - Alerts to admin - Part of email gateway

Email Encryption

- standalone or as part of an email security gateway. - Encrypts entire email - digitally sign the email with a certificate. - similar to SSL certificates in that they provide a form of identity verification. - Can encrypt all emails or emails sent outside the internal network - Can encrypt sensitive email only

Domain-based Message Authentication, Reporting and Conformance (DMARC)

- uses the results of SPF and DKIM checks to define rules for handling messages, such as moving messages to quarantine or spam, rejecting them outright, or tagging the message. - provides reporting capabilities

DomainKeys Identified Mail (DKIM)

This protocol leverages encryption features to enable email verification by allowing the sender to sign emails using a digital signature. The receiving email server uses a DKIM record in the sender's DNS record to verify the signature and the email's integrity.

Sender Policy Framework (SPF)

an email authentication method that helps detect and prevent sender address forgery, commonly used in phishing and spam emails.

Open SMTP relay

an email server that accepts mail and forwards it to other mail servers, and an open SMTP relay allows anyone to forward mail if they choose.

Pretty Good Privacy (PGP)

A method of encrypting and decrypting e-mail messages. It can also be used to encrypt a digital signature.