Organizations are wary of the impact to their business due to spam, phishing and virus emails that enter their organization. I spend a considerable amount of my time with customers and partners discussing ways to protect their networks, users, and data from inbound threats. But it is equally important to understand the implications of not having outbound protection. Broadly, the issues around outbound email can impact the reputation of your email infrastructure which may result in your mail servers being blacklisted, leaving your resources scrambling to repair the problem and your reputation. In addition, a lack of attention to outbound protection can result in compliance violations due to leakage of sensitive information. Below, you can see that the majority of the organization’s email is inbound, but outbound is also measurable and when you remove inbound spam and junk, outbound becomes even more significant.
Typical daily volume of Inbound vs. outbound email
To protect your email, here are 5 important tips:
1) Improve the trustworthiness of your email
Utilizing certain techniques, you will be able to prevent your email domains from being spoofed and from hackers sending fake/phishing emails. As a first step, set up a Sender Policy Framework (SPF) record for your domain. This allows you to identify which mail servers are allowed to send email on behalf of your domain thus prevent spammers from forging it. As a second step, set up Domain Keys Identified Mail (DKIM), which provides a method for validating a domain. Implementing DKIM involves signing each outbound email with a private key and setting up the corresponding public key in your Domain Name Server (DNS). Finally, implement Domain-based Message Authentication, Reporting & Conformance (DMARC) and configure policies to improve the trustworthiness of legit email and make better judgment on illegit ones.
2) Monitor who is spoofing your domain
Staying on the topic of DMARC, there is a second benefit to its implementation that involves a feedback loop from receiving servers. Typically senders remain largely unaware of whether or not their email domain is being spoofed. DMARC provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation. This can be done by updating the DNS record and adding an attribute “rua=mailto:email@example.com”. You need to ensure you have an email security solution like SonicWall Email Security that supports DMARC and can process this information to create actionable reports.
3) Implement encryption
Organizations must protect their intellectual property and sensitive information from inappropriate distribution while ensuring compliance. If your organization is in a regulated industry like healthcare, banking, insurance etc., and/or you are doing business with such entities, you might want to consider encrypting your email. You should review your internal corporate and government regulatory needs and setup policy filters accordingly. For example, some companies chose to block EXE or MP3 files from delivery; or require that attachments containing company confidential information be re-routed to an approval box; or encrypt email containing Personal Health Information (PHI) when communicating with customers and partners.
4) Add multi-layered anti-virus protection.
My colleague John Gordineer wrote a blog where he emphasized the need for a layered security approach for better protection. Should one of your employee machines get infected and become a zombie system that originates spam, phishing or virus-laden email, you could see your email server blacklisted and your ISP connection shut down. Having multiple anti-virus engines scanning outbound email is a very critical part of the overall multi-layered security strategy organizations need to adopt.
5) Monitor and control the volume of outbound email
Not every flurry of outbound mail is due to a zombie infection. There are times when an internal resource (either a person or a system) can send thousands of emails without proper authorization that can result in your domain being blacklisted. To avoid such scenarios, you can enforce controls on the amount of email that any individual account can send within a specific period of time. Make sure your organization has an email security solution that can automatically block such emails and block the sender from sending more emails until appropriate corrective action can be taken.
Organizations have a responsibility to implement the right inbound and outbound controls to protect their employees, customers and partners email ecosystems. To learn more about protecting your network from email-borne attacks and other exploits, read the new SonicWall Security eBook, “Types of Cyber-Attacks and How to Prevent Them”.