When we think of online security in a company, we immediately think of VPNs, firewalls, antivirus, and SSL certificates. But mail servers also need security. In this article, we will give 8 tips for protecting corporate mail.
Corporate mail is an excellent solution for communication with customers. It helps strengthen the image, develop user loyalty, and even build funnels and increase sales. However, corporate mail requires a special security system at all levels.
From 2016 to 2021, attackers launched 240 attacks on corporate mailboxes and stole $43 billion from companies. Compromise, theft of personal data, salary data and crypto wallets are the main types of such attacks. In addition, small businesses are the most vulnerable – in January 2023, the number of attacks on small and medium-sized companies increased 5 times compared to the same month in 2022.
1. Write a PTR record to the mail server
resource record, or DNS record, – Records with the help of which service information about servers can be entered into the DNS system. Each DNS record has a specific purpose.
ptr, or pointer (English “pointer”), A resource record that associates a server’s IP address with a domain.
To protect users from spam, email services check whether the server’s IP address matches the company’s real domain. All suspicious emails are sent to spam. A PTR record ensures that your emails reach their intended recipients and are not treated as spam.
In REG.RU, records are created automatically for all servers on virtual hosting. If you have a cloud or dedicated server, you can add PTR records manually.
2. Add an SPF record to protect against phishing
SPF (“Sender Policy Framework” from English – “Sender Policy Structure”) – Another resource record, but it is inside another, TXT record. This is a kind of code, a list of trusted IPs to which you can send letters on behalf of a specific domain.
An SPF record can help protect against phishing, a cybercriminal’s favorite identity-stealing technique. Attackers spoof email addresses and design as branded emails and send them on behalf of well-known companies. Links in emails lead to fake sites or automatically start downloading viruses – in that very second, attackers have access to the data. By registering an SPF record, you will reduce the likelihood of phishing mailings on behalf of your company.
Half of all emails sent last year turned out to be spam and phishing emails. And in 3 months of this year 7,000 phishing resources were removed in Russia.
You may have received such letters too – often they ostensibly come from a bank, two years ago the most popular letters were vaccination surveys, and in the past, attackers used unsecured links to visit military registration and enlistment offices” The invitation was sent. sites.
3. Use SMTP Encryption Mechanism
SMTP (“Simple Mail Transfer Protocol” from English – “Simple Mail Transfer Protocol”) – The protocol responsible for sending letters. It works with outgoing mail servers.
Before sending a letter, the SMTP server checks the settings on the sender’s computer and connects to the recipient’s mail server. If there are no errors in the settings, the letter is sent, and the protocol confirms its delivery. Otherwise, it issues an error notification. SMTP Functions:
– Make sure the sending setting is correct;
– Check the contents of the letter for spam;
– increased delivery of letters due to the filter;
– Confirm delivery or notify about an error – The protocol sends commands in response, so you can understand why the letter was not sent.
4. Use the DKIM email authentication mechanism
DKIM is a digital signature for email. It has two main functions – to reduce the chances of email going to spam and to protect against phishing. Providers trust letters sent with DKIM records more, which means they are more likely to end up in the Inbox folder.
When you send a letter, it seems to reach the recipient within seconds. In reality, the process is more complicated – the letter goes a long way. First, it is sent to the sender’s server, which will check the message for spam. After this, the email is sent to the recipient’s server, where it is also checked. And only then a specific email arrives.
DKIM technology works on the basis of encryption keys – public, it is written in a TXT record in DNS, and private, known only to the sender’s server. Using the private key, each letter receives an encrypted inscription with information about the recipient and the time of sending. This information is decrypted by the recipient’s server using the public key. If everything is correct then the letter will be delivered. If an error is found in the key or digital signature during the process, the letter will be sent to spam.
5. Set up blacklist and whitelist of addresses
In almost all mail services, you can set up white and black lists of senders and recipients. Whitelist – addresses your trust. Emails from these senders will never end up in spam. Addresses from the blacklist, respectively, you do not trust, so they will automatically go to spam, or will not be delivered at all.
6. Change passwords for personal accounts and mail every six months
Each employee must have a personal complex mail password, which must be changed every six months. When using corporate mail, it is important that all employees follow this rule – a breach could cost the company millions if attackers gain access to your customer data or company accounts through it.
It is convenient to store passwords using special managers like KeePass. Remember that a strong password must be at least 8 characters long, consisting of two-case numbers and letters. You should not use easily accessible information for passwords: names of children, their dates of birth. And, of course, the combination 123456, 123456789, qwerty123 will not work – by the way, these three “passwords” were the most popular over the past year according to data from the analysis of leaked accounts.
7. Refuse Free Services
Free services are simpler, but you need to understand that in this case the mail is actually not yours – it is located on someone else’s server, and you do not control it. At the same time, free services have less security, and no one is safe from possible failures. The benefits of having your own corporate mail are clear:
- Customer confidence – own mail has a positive effect on the loyalty of your customers, increasing trust and the likelihood of opening a letter;
- better remember the brand;
- Reduces the chances of email going to spam.
- Communication with clients is easy – you can set up welcome mailings and useful letters to get to know the company;
- It’s easier to create an email environment for employees when employees don’t need to mix personal email with work email.
8. Train Employees on Safety
The safety of corporate mail depends on each employee, so it is necessary to conduct training and talk about the simplest rules:
– Do not respond to suspicious emails;
– do not follow links inside the letter and do not download files from mailing lists from unknown senders;
– monitor antivirus updates;
– Do not use corporate mail on personal devices;
– Do not connect to a public Wi-Fi network when using corporate mail.