Key Concepts in Email Security

Feb 6, 2025

Mindmap

Lecture on Email Security: Key Concepts and Terminologies

Importance of Email Security

  • Email is a crucial communication channel in businesses.
  • It's a common target for attacks due to its widespread use.

Types of Email Attacks

Phishing

  • Most common email-based social engineering.
  • Trick recipients into believing the email is from a legitimate source to extract sensitive information.

Subtypes of Phishing

  • Spear Phishing: Targeted at specific individuals.
  • Whaling: Aimed at high-level executives.
  • Pharming: Redirects to fake websites to steal credentials.
  • Email Forwarding: Crafting emails to look like part of a legitimate email chain.

Business Email Compromise (BEC)

  • Involves using compromised email accounts to send legitimate-looking emails.

Analyzing Email Headers

  • Email headers contain metadata useful for identifying spoofed emails.
  • Important fields to analyze:
    • Display From: Sender’s email address and name.
    • Envelope From/Return Path: Sender's return address.
    • Received By/From: Email servers that processed the email.
    • Authentication Results: Sender’s authentication methods.

Tools for Email Analysis

  • Microsoft Office 365 tools, email header analyzers.
  • Check for IP validity, blacklist status.

Email Payload and Risks

  • Attachments may contain executable code or scripts.
  • HTML emails can have embedded scripts.
  • Links can redirect to malicious sites.

Signature Block

  • The absence or inaccuracy of an email signature block can hint at spoofing.

Server-Side Email Security Mechanisms

Sender Policy Framework (SPF)

  • Uses DNS to publish valid email servers of a domain.
  • Helps prevent email spoofing.

DomainKeys Identified Mail (DKIM)

  • Uses cryptography (PKI) to create digital signatures for email authenticity.

Domain-based Message Authentication, Reporting & Conformance (DMARC)

  • Provides policies for using SPF and DKIM.
  • Defines how to handle emails failing authentication checks.

Ensuring Email Confidentiality

S-MIME (Secure/Multipurpose Internet Mail Extensions)

  • Digital certificates for signing and encrypting emails.
  • Ensures confidentiality, integrity, and authenticity of emails.

Logging and Monitoring

  • Inspect email server logs for errors or possible security threats.
  • SMTP protocols use return codes to indicate email transaction status.

Exam Preparation

  • Understand phishing types and email header fields.
  • Understand and apply security controls like SPF, DKIM, DMARC, and S-MIME.

Note: Ensure to revisit these concepts for exam preparation, particularly focusing on phishing subtypes, email header analysis, and security mechanisms like SPF, DKIM, and S-MIME.