- Category: November - December 2008
Only 40 percent of the Fortune 500 companies use tools for e-mail authentication according to an investigation of Secure Computing.
In consideration of the fact that companies could fend off spam and phishing effectively, this is an astounding result, especially since both threats are a constant problem for IT administrators.
Furthermore, data falling into the hands of unauthorized third parties has also to be prevented. Therefore, it is crucial to track both the outgoing and incoming email traffic thoroughly to ensure comprehensive mail security.
According to a survey by Secure Computing, 60 percent of Fortune 500 companies forgo e-mail authentication tools such as Domain Keys Identified Mail (DKIM), or Sender Policy Framework (SPF). Moreover, of the 166 companies who at least employ SPF, only 65 companies use the safest policy, which recommends that the recipient refuses emails from unauthorized senders. The remaining 101 enterprises are satisfied with weaker policies, namely the fact that authorized senders are listed. On the other hand they also recommend accepting messages from non-listed senders. Still, such e-mail authentication tools can be a first step towards a better email security.
E-mail authentication with DKIM or SPF
With the Yahoo DKIM standard, companies can encrypt their emails asymmetrically in order to determine whether an e-mail actually comes from the stated domain. The electronic message gets a signature which the recipient can verify with one in the Domain Name System’s (DNS) available public key. For that purpose, both the receiving and the sending servers have to be equipped with the appropriate technology. Filtering techniques can then automatically block e-mails that have not been sent through the alleged domain. eBay, for example, used this method for a short time in cooperation with Gmail. Emails from eBay or Paypal, whose signatures are not positively verified get automatically deleted by the provider. And therefore phishing emails that want to attack eBay user data have no chance with Gmail users.
With the Sender Policy Framework (SPF), it can be verify whether a mail server is entitled to send emails for a certain domain. To do so, e-mail administrators have to publish SPF records in DNS where it is deposited which computers have the permission to send emails to the domain. However, there have to be available the SPF records of many domains if possible. The larger the spread, the lower the chance of spammers and phishers, simply because if they use a false sender address, they can be quickly traced.
Content Analysis and Encryption
It is not all about protecting the company network from invading emails only. Outgoing, “outbound” data traffic requires comprehensive monitoring, too. Ultimately, a false handling with confidential information internally, whether intentionally or inadvertently, can make the fall into the wrong hands possible. Also, there are numerous statutory directives that support the strict surveillance of various electronic data. In this case, a content analysis that reviews outgoing e-mails on certain words and data such as social security or bank account numbers can be helpful. In particular, sophisticated technologies possess adaptive word recognition and image analysis technologies.
Numerous compliance requirements demand e-mail encryption in addition that often differentiate between guideline-based cryptographic techniques for B2B and B2C.
Many employees are not familiar with the various encryption options and are irritated by the numerous given ways. Ideally, however, are solutions, where the encryption happens automatically at the gateway. Security risks, posed by failed or inappropriate encryption, can be excluded in this way.
Pro-active security by reputation systems
A pro-active security strategy against malware, denial-of-service attacks but also against spam and phishing are also supported by so called reputation systems which try to understand the behavior of individual IP addresses both as a receiver as well as sender of messages and to establish appropriate standards.
If an IP address, for example, sends instead of usually ten suddenly 5,000 emails a day, it deviates from the standard and the system classifies the IP as a suspicious. In addition, reputation systems such as that of Secure Computing, Trusted Source, also analyze the content of the messages. The correlation of a "conspicuous" IP address with an unusual outcome of the content analysis (such as unwanted keywords), could result in the general blocking of messages from this specific sender from the gateway itself. These emails then are no risk to the enterprise network and this has not only advantages for the employee who no longer has to delete spam emails permanently, but also for the stability of the network as a crucial amount of data is already blocked in the run-up and therefore doesn’t put a strain on the network.
As can be seen, databases play a crucial role when it comes to the accuracy and the quality of the reputation system.
E-mail authentication tools are useful, though so far little-used defence mechanisms. For companies, such standards can only provide additional security. In addition, companies have to check their outbound traffic. Reputation systems seem to be particularly promising for a proactive protection that intercepts dangerous or suspicious mail already at the network gateway.
By Daniela La Marca