What is Email Security?

Vishnu Shivalal P
3 min readMar 6, 2023

--

Email security refers to various cybersecurity measures to secure the access and content of an email account and service. Proper email security can protect sensitive information in email communications, prevent phishing attacks, spear phishing, email spoofing, and protect against unauthorized access, loss or compromise of one or more email addresses.

Email security is important because malicious email is a popular medium for spreading ransomwares, spywares, worms, different types of malware, social engineering attacks like phishing or spear phishing emails and other cyber threats.

Secure email is necessary for both individual and business email accounts, and there are multiple measures organizations should take to enhance email security. There are three email security implementation (authorization) methods and they’re SPF, DKIM, and DMARC.

Sender Policy Framework (SPF)

SPF is an email verification protocol that specifies who can send emails using a particular domain. The SPF uses the Domain Name System (DNS) entries to check a sender against a list of authorized IP addresses. SPF is one of the authentication techniques on which DMARC is based.

Sender Policy Framework (SPF) is an email authentication protocol that helps to detect and prevent email spoofing by verifying the sender’s identity.

SPF is a great technique to add authentication to your emails. However, it has some limitations which you need to be aware of.

  • SPF does not validate the “From” header. This header is shown in most clients as the actual sender of the message. SPF does not validate the “header from”, but uses the “envelope from” to determine the sending domain.
  • SPF will break when an email is forwarded. At this point the “forwarder” becomes the new “sender” of the message and will fail the SPF checks performed by the new destination.
  • SPF lacks reporting which makes it harder to maintain.

DomainKeys Identified Mail (DKIM)

DomainKeys Identified Mail (DKIM) is a system for authenticating email that works with modern Message Transfer Agent (MTA) systems. This resource was created to help fight spam, and uses a digital signature to help email recipients determine whether an email is legitimate.

DomainKeys Identified Mail a protocol that allows an organization to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify. DKIM record verification is made possible through cryptographic authentication.

Domain-Based Message Authentication, Reporting and Conformance (DMARC)

Domain-Based Message Authentication, Reporting and Conformance (DMARC) is a white-list system for email communications meant to limit different types of email-based hacking or fraudulent activities such as email spoofing.

Domain-Based Message Authentication Reporting and Conformance DMARC is an email authentication protocol that helps to detect and prevent email spoofing by verifying the sender’s identity. It works by combining the SPF and DKIM protocols to create a more comprehensive authentication system. DMARC also provides feedback to the sender about the emails that are sent from their domain.

--

--

Vishnu Shivalal P

Cyber Security Analyst | Bug Hunter | Security Researcher | CTF Player | PenTester | Security Enthusiast | TryHackMe Top 1% www.linkedin.com/in/vishnushivalalp