| Current business email system used by most of the | | | | provide very high level of security when used jointly |
| corporations works like normal post office, it travels like | | | | with SPF. |
| a postcard i.e. There are good chances that other | | | | Simple Secured System |
| people can open and read & modify your | | | | It is very important that the sender servers are very |
| message before it reaches to destination. These | | | | secured. i.e. All mails sent by them are authenticated, |
| systems don't verify sender authenticity and anyone | | | | verified and certified. Most of corporate servers don't |
| can send E-mail stating it has come from you. | | | | have this system in place. Most of cases there is no |
| Email through Encrypted Channels | | | | authentication for local users sending mails. Many |
| There is no verification that it is sent by you only, as | | | | cases any user can send email pretending any other |
| anyone can use your id. Your spoofed id mail can | | | | users. Even with authenticated system any user can |
| contain information that may be harmful to your | | | | log-in with one id and can send mail pretending any |
| organization. E-mail id spoofing is one of the most | | | | other user in organization. All these security issues to |
| weakest component of corporate Communication | | | | be addressed while deploying corporate secured |
| systems. The mail you receive travels through various | | | | communication system. Following steps should be |
| networks, Internet and servers before it reaches you | | | | performed by servers before accepting any mail from |
| mail box. There is no way it can be confirmed that it is | | | | local users: |
| intact and there is no modification of any kind to the | | | | |
| content. | | | | 1. User is authenticated using his id and password. |
| Most corporate communication solutions ensure | | | | 2. Sender user id is matching authenticated user id. |
| security of your mail box and security of Internet link | | | | 3. Once step1&2 are OK add domain keys to mail |
| while you download emails from your mail box to your | | | | header. |
| client like outlook express. This is good way to secure | | | | 4. Add check sum to the header. |
| email channel between your client and server and | | | | 5. Add line confirming it is sent by authenticated user |
| provide very limited security. | | | | only. |
| To solve these issues of lack of verification, | | | | Easy Deployment |
| authentication and confirmation and hacking protecting | | | | There is no modification required in this case at user |
| there are many solutions available as discussed below. | | | | end for any software. This is very simple and easy |
| Each solution has its own advantages and limitations. | | | | solution that can be deployed easily using add-on |
| To avoid people intercepting your email and reading it | | | | wrapper to existing mail servers of any kind. This |
| on network and Internet it is advised to use ssl | | | | solution provides a reasonable security and delivers |
| secured channel between your client and server and | | | | certified emails to your system and can be deployed in |
| from your server to other servers. Most of corporate | | | | very short time. Please visit spamshield.us for detailed |
| systems support and use ssl based secured channels | | | | information. |
| for email communication. | | | | User based Security |
| Sender Domain Verification | | | | There are more complicated solutions available using |
| Second method is using SPF (Sender policy frame | | | | GNUPG or MIME Encoding using public & private |
| work). In SPF the hosts and ips that will be sending mail | | | | key pair PKI for each user. Each user has his own key |
| from your domain are listed in Domain name system. | | | | pair. Public keys are published on CA key servers. |
| Whenever a mail is delivered, spf records are verified | | | | When user sends any mail, it is encrypted using private |
| and it is certified as SPF compliance. This certifies that | | | | key of user. When recipient receives it he can decrypt |
| email has come from senders mail server for sender | | | | the message using sender's public key. Even higher |
| domains. It doesn't provide any further protections. | | | | security can be used by encrypting sender's encrypted |
| Many corporate server work with SPF support. This | | | | message using recipient's public key. In this case only |
| solution adds one step to security. | | | | recipient can decrypt the message and read it. Though |
| Sender Domain Keys | | | | this looks like ultimate security for communication |
| Addition to SPF another method that can be deployed | | | | system, it has following issues. |
| are using Domain Keys technology. A pair of private | | | | |
| public key is generated for each server that your | | | | 1. Each Email clients at sender and recipient has to |
| organization uses and public key is published using your | | | | modified to support GNUPG or MIME. This is very |
| Domain Name System, i.e. Public key is added to DNS | | | | difficult task. |
| records as text filed. All mails passing through these | | | | 2. Security is a chain; it's only as strong as the |
| servers are checked for Domain Keys. If it is sent by | | | | weakest link. The security of any CA-based system is |
| local users a header is added for domain keys to the | | | | based on many links and they're not all cryptographic. |
| mail and it is delivered. If email is coming from outside | | | | People are involved. |
| users, Its verified using Domain Keys information in | | | | 3. There is no protection of your keys, you store your |
| email header and certified OK using public key of | | | | private key on a conventional computer. There, it's |
| sender domain using sender domain DNS records. | | | | subject to attack by viruses and other malicious |
| E-mail Certification | | | | programs. |
| The content of mail sent by local users are certified by | | | | 4. How did the CA identify the certificate holder. |
| adding check-sum information using domain keys to | | | | Therefore with simple use of authentication, |
| the headers of the mail. If it has come from outside | | | | authorization, verification and digitally certification of mail |
| check-sum is compared using Domain keys of sender | | | | you can achieve reliable email security to serve your |
| domain and it is certified as OK if check-sum | | | | corporate communication. |
| verification passes. This method provides double | | | | This is really very simple and easy to deploy as there |
| security of sender id verification as well as mail | | | | is no need for any modification to user lavel and |
| content verification. This system is much more | | | | security is integrated to your existing system |
| secured and authenticated compared to SPF and can | | | | seamlessly to your existing mail servers. |