Summary Managed Email Security

Managed Email Security

Email servers that use SMTP or Simple Mail Transfer Protocol to accept
messages from clients and transport to other servers and deposit into the
user’s inbox (on the server) - mail relay system

 Don't run in open relay because SMTP doesn't authenticate senders

Clients retrieve email from them from their server-based inbox using POP3 -
Post Office Protocol v3 or IMAP - Internet Message Access Protocol

Can use SaaS email solution

Email Security Goals

 Provide nonrepudiation

 Restrict access to messages to their intended recipients

 Maintain the integrity of messages

 Authenticate and verify the source of messages

 Verify the delivery of messages

 Classify sensitive content within or attached to messages

Address within policy

 Acceptable Use of email

 Access Control

 Privacy

 Email Engagement

 Email backup and retention policies



Understand Email Security Issues

 Recognize the vulnerabilities specific to email

 Standard protocols are SMTP, POP3, and IMAP and do not employ
native encryption

 Email is common for viruses, worms, trojan horse, docs with
destructive macros or bad code