Sorry! The requested paper could not be found.
Email Issues
Featuring 52 Papers as of November 13, 2020
-
Defeat the Dread of Adopting DMARC: Protect Domains from Unauthorized Email SANS.edu Graduate Student Research
by Tim Lansing - November 11, 2020Many large organizations do not implement Domain-based Message Authentication, Reporting, and Conformance (DMARC) (Frenkel, 2017), and system administrators at small to medium businesses struggle to understand DMARC and how to use it to protect domains that send and do not send emails. When fully implemented, DMARC is a barrier discouraging criminals from conducting spoofing attacks against a domain (Kerner, 2018). DMARC reports on what servers are sending the domain’s email. This research examines how to simplify the process of configuring and monitoring the Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and DMARC to save individuals and businesses time, and allow them to better protect themselves and their domains.
-
Are You Hitting the Mark with DMARC? by Robert Mavretich - February 12, 2020
As organizations struggle to protect their end-users from email attacks despite pragmatic methods such as phishing and awareness training, there is another tool available to assist in reducing this threat – Domain-based Message Authentication, Reporting, and Conformance (DMARC). Despite the many tangible benefits of DMARC, including monitoring, quarantining, and rejecting potentially harmful emails based on various indicators, many organizations have not moved to implement DMARC to make a positive difference in email protection and delivery worldwide. This paper highlights the benefits and outline steps that security technology departments can take to effectively partner with internal stakeholders (such as Sales and Marketing) to establish a win-win scenario of appropriately protecting the enterprise while furthering business goals.
-
Protecting the User: A Review of Mimecast's Web Security Service Analyst Paper (requires membership in SANS.org community)
by David Szili - December 11, 2019- Associated Webcasts: Protecting the User: A Review of Mimecast’s Web Security Service Protecting the User: A Review of Mimecast’s Web Security Service
- Sponsored By: Mimecast Services Limited
The web remains a primary vector for cyberattacks, as either the initiation point or the way to complete the adversaries' mission. In this review, SANS instructor David Szili shares his perspectives on best practices for securing the web in general and his experience using the Mimecast Web Security cloud service in particular.
-
Automating Response to Phish Reporting SANS.edu Graduate Student Research
by Geoffrey Parker - June 12, 2019Phish Reporting buttons have become easy buttons. They are used universally for reporting spam, real phishing attacks when detected, and legitimate emails. Phish Reporting buttons automate the reporting process for users; however, they have become a catch-all to dispose of unwanted messages and are now overwhelming Response Teams and overflowing Help Desk ticket queues. The excessive reporting leads to a problem of managing timely responses to real phishing attacks. Response times to false positives, spam, and legitimate messages incorrectly reported are also significant factors. Vendors sold phish alert buttons with phishing simulation systems which then became part of more in-depth training systems and later threat management systems. Because of this organic growth, many companies implemented a phish reporting system but did not know that they needed an automation system to manage the resulting influx of tickets. Triage systems can automate a high percentage of these phish alerts, freeing the incident response teams to deal with the genuine threats to the enterprise on a prioritized basis.
-
ComBAT Phishing with Email Automation SANS.edu Graduate Student Research
by Seth Polley - September 15, 2017An analysis of organizations' email reporting processes reveals two challenges facing cyber security departments: successful administration of the managed mailbox provided for user's suspicious email reporting (automation) and effective security awareness training tailored to the business groups based on the type of email received. An effective defense requires an organization to be informed by actual attacks (knowing the enemy) and awareness of internal shortcomings (knowing yourself) so that implemented protections and training are applicable to the threats faced (strategy and tactics).
-
How to Conquer Targeted Email Threats: SANS Review of Agari Advanced Threat Protection Analyst Paper (requires membership in SANS.org community)
by Dave Shackleford - May 9, 2017- Associated Webcasts: How to Conquer Targeted Email Threats: SANS Review of Agari Advanced Threat Protection
- Sponsored By: AGARI
Why are our traditional email and endpoint security tools failing us? First, most email deployments lack any authentication of outside senders. Given this vulnerability, it’s trivial to execute spoo ng and falsi ed email content that purports to come from a trusted entity the recipient knows and trusts. Second, attackers are using cloud-based email and “detection-busting” techniques such as fake identities, deceptive sender names and phony domains to beat defenses. Clearly, given the prevalence of email-borne threats, protecting email infrastructure and end users needs to be a high priority for all security teams today. To this end, SANS had the opportunity to review Agari Enterprise Protect and the Agari Email Trust Platform.
-
Honeytokens and honeypots for web ID and IH SANS.edu Graduate Student Research
by Rich Graves - May 14, 2015Honeypots and honey tokens can be useful tools for examining follow-up to phishing attacks.
-
Phishing Detecton and Remediation by Rich Graves - January 21, 2013
This paper primarily addresses mass-market, consumer-grade phishing against webmail users.
-
Zombie profiling with SMTP greylisting by Jeremy Koster - January 12, 2009
This paper observes that computer zombies react differently to being greylisted, providing a method to profile computer zombies into various types.
-
Detecting Spam with Genetic Regular Expressions SANS.edu Graduate Student Research
by Eric Conrad - November 20, 2007This paper describes an approach for detecting spam with automatically-generated regular expressions (where regexes are generated according to simple logic), followed by a 'genetic' approach (where regexes are generated, and then ‘evolve’ to the final solution via a genetic algorithm).
-
SPAM and Anti-Spam SANS.edu Graduate Student Research
by T. Brian Granier - May 14, 2007This paper discusses many issues related to SPAM (any marketing, deceptive, or abusive use of email that the recipient does not wish to receive) and Anti-SPAM.
-
The Growing Threats to Email Communications in 2004 by Scott Palmer - May 5, 2005
The number of threats to email has increased to epidemic levels in the 2004 despite the industries best efforts to keep them in check.
-
Creating a Hardened Internet SMTP Gateway on Exchange 2003 by Bret Fisher - May 5, 2005
This paper will evaluate a 'locked down' inbound mail gateway (receives email from the Internet) design on Windows 2003 and Exchange 2003, using a set of complementing software products including Microsoft ISA Server 2004 and McAfee SecurityShield for Microsoft ISA Server 1.0.
-
Email Security Threats by Pam Cocca - January 27, 2005
In this paper I will outline the various threats to email security, focusing on those that are of particular concern. I will then review some of the most recent advancements in the industry that are aimed at solving some of these issues.
-
Utilizing Open-Source Software to Build a (Relatively) Secure, Spam- and Virus-Free Mail Service by David Bailey - June 9, 2004
Electronic mail (email) services have become critical to survival, whether a commercial business, non-profit organization, or government agency, in today's information-centric world. There are a myriad of solutions for providing email services, some are cost-effective and some are cost-prohibitive.
-
A Company in Chapter Eleven Doesnt Have to Eat SPAM by Bob Olson - June 9, 2004
This paper is a case study detailing the replacement of a commercial E-mail filtering system with one made up of all Open Source Software. The main goals were to reduce delivery time, increase accuracy of spam and Malware detection and to reduce operating costs.
-
Eradicating Spam Through a Hybrid Sender-Pays Model by Ron Jager - June 8, 2004
The evolution of email as a network message exchange was developed for the ARPANET shortly after it was created, and has evolved into the powerful technology we use today. It soon became obvious that the ARPANET was becoming a human-communication medium with very important advantages over normal U.S. mail and over telephone calls.
-
Exchange 2000 Security an Overview by Charles Polkiewicz - March 31, 2004
Exchange 2000 is a Microsoft premier messaging product, with over 100 million licenses sold throughout the world1. Securing this product is a challenge for any administrator. Proper administration requires both knowledge of the product and understanding of security policies involved.
-
Implementing a SPAM Filtering Gateway with Apache James by Kraig Schario - March 25, 2004
This paper discusses the configuration of a SPAM Filtering Gateway using the Java Apache Mail Enterprise Server, James, developed by The Apache Software Foundation.
-
Controlling Spam in a Small Business by Nadim El-Khoury - November 6, 2003
This paper will explain methods spammers are using to exploit e-mail, what measures are being taken by ISPs to curb the effect of spam and what choices are available for small companies to control spam and the productivity of their employees.
-
Securing Electronic Mail in a Small Company by Nikolai Fetissov - October 6, 2003
This paper presents a typical email configuration of a small company, the associated vulnerabilities, and demonstrates how free open source tools help reduce the risks
-
Building a secured open source mail system for Small Medium Enterprise (SME) by Tan Han - October 6, 2003
This document aims to provide the possibility of using secured open source mail system solution for SME.
-
Spam Filtering in a Small Business Environment, a Case Study by Richard Snow - September 26, 2003
This case study describes the process of researching and implementing a filter for email "SPAM" in an organization of modest size, running Microsoft Exchange 5.5 and IMC.
-
Slippery Slope or Terra Firma? Current and Future Anti-Spam Measures by Charlene LeBlanc - August 8, 2003
This paper will help to explain current methods that are used to send out spam, combat spam, and legislation in place to hold abusers accountable and will also take a look at what might be on the technology horizon with more robust filtering methods and perhaps a better SMTP standard.
-
Technologies to Combat Spam by Thomas Knox - August 4, 2003
This paper addresses the issue of spam and will give you some background, its proliferation, some of the issues and information about spam.
-
What it is, how can it affect us, and how to deal with spam. by Adalberto Zamudio - July 14, 2003
This paper explores the problem of spam, its nature and also the reasons why it is a security risk. It also describes some of the techniques that are currently used to deal with spam including basic technical and policy methodology.
-
Security Issues in Running an Email by Jerry Berkman - July 11, 2003
This paper discusses security topics with respect to administering an email system.
-
Options For Securely Deploying Outlook Web Access by Sharon Smith - April 6, 2003
This paper will provide an overview of Outlook Web Access and how it functions to deliver Exchange server mail via HTTP.
-
Solving HealthCare’s eMail Security Problem by Bill Pankey - March 3, 2003
This paper discusses email security and recommends solutions to the healthcare organization's problem in securing its mail.
-
Securely Connecting Your Email System To the Internet - A Primer by Stephen Cottrell - February 25, 2003
This paper examines the basics that need to be considered when building a secure email connection to the Internet using an SMTP gateway.
-
A Secure Sendmail Based DMZ for the Corporate Email Environment by Jason McLellan - February 12, 2003
Adding a layer of simple mail transfer protocol (SMTP) infrastructure in the demilitarized zone (DMZ) between the Internet and your corporate email system is an effective way for corporate environments to enhance the security and functionality of their electronic email systems.
-
Gotcha! : Virus and E-mail Hoaxes by Charles Coffman - January 24, 2003
This paper addresses the existence of virus and e-mail hoaxes uses resources, costs money, and picks and pulls at the already frayed nerves of the often overworked, understaffed information technology corps.
-
Fighting Spam in the Academic Arena by Bev Weidmann - December 12, 2002
This paper addresses the issue of spam and discusses a multi-layered approach: at the source, on the network, and with the enduser.
-
Secure eMail: Determining an Enterprise Strategy and Direction by Marian Gurowicz - September 16, 2002
This paper takes a look at the research needed for developing a management proposal for a secure eMail solution.
-
The Spam Battle 2002: A Tactical Update by Karl Krueger - September 13, 2002
This paper provides an overview of the spam situation, presenting policy and technical tools to continue the fight against spam.
-
Security Features of Lotus Notes/Domino Groupware by Vivekanand Chudgar - March 14, 2002
This document provides an overview of Lotus Notes from a security perspective with particular focus on security related features, roles / options and limitations.
-
Securing Exchange 2000 Server E-mail by Bill English - March 14, 2002
The focus of this paper is on how to secure Exchange 2000 Server e-mail.
-
A Robust Email Infrastructure using Sendmail 8.12 by Alan Ptak - February 6, 2002
This document provides an overview of how sendmail and sound network security practices can be combined to create a robust scalable electronic mail infrastructure.
-
Implementing a Bulletproof MTA by Nick Reeves - January 22, 2002
This paper provides comprehensive instructions for installing and setting up the qmail Mail Transfer Agent (MTA).
-
A Practical Approach to Message Encryption by Edward Skerke - January 12, 2002
This paper provides a description of the mail encryption provided by ZixMail. and ZixMail.Net. from a security and business perspective by highlighting the advantages and disadvantages of these products.
-
Beyond Email: Defending Against Malicious Code in a Healthcare Setting by Dianne Belt - January 11, 2002
This paper takes an in-depth look at defending healthcare organizations from malicious code, from the perspective that effective protection requires a multilevel defense that includes polices and procedures, user education, physical security, system configuration and maintenance, password management, anti-virus software, and adequate backups, and the support of the entire organization.
-
Anti Spamming - How to Filter Unsolicited e-mail on Your Mail Server by Nam Tran - December 27, 2001
This paper addresses the issue of SPAM and how sendmailTM and IP Filters offer Spam-prevention features.
-
Securing E-mail by Sharipah Setapa - September 13, 2001
This paper addresses some of the challenges and issues of securing email.
-
Hotmail: Why Free Email Might Not Be Such a Hot Idea by Michael Barrett - September 12, 2001
This paper addresses some of the challenges with Hotmail, a free email service purchased by Microsoft in 1997.
-
Securing Email Through Proxies: Smap and Stunnel by Jim Cabral - September 11, 2001
This paper describes an approach to securing complex mail application using a common firewall technology, application proxies.
-
Protecting Email in a Hostile World with TLS and Postfix by David Severski - August 22, 2001
This paper addresses Transport Layer Security (TLS) and how it can be a very effective enhancement to keep email safe, secure, and private.
-
Stopping Viruses at a Unix Mail Gateway by Thomas Heinrichs - August 20, 2001
This paper addresses the ability to protect users from viruses at a Unix mail gateway using both commercial and freely available tools.
-
SMTP Gateway Virus Filtering with Sendmail and AMaViS by Kevin Swab - August 8, 2001
This paper describes the software necessary for adding low-cost virus filtering capability to any UNIX / Sendmail SMTP gateway, details its installation and configuration, and relates some observations on its use.
-
Securing Web Based Corporate E-Mail Using Microsoft Exchange Outlook Web Access by Michael Parker - July 26, 2001
This paper addresses Microsoft's Outlook Web Access (OWA), an extension of the Exchange 5.5 mail system.
-
The Security Implications of Web Based Email by Eric Trombold - July 22, 2001
This paper addresses four areas of risk posed by the unrestricted use of web based email services and ways to manage that risk.
-
Email in the New Era (Version 1) by Guang Chen - July 21, 2001
This paper addresses how e-mail can be effectively and safely used in this new era.
-
Third-Party Mail Relay (Open Relay) and Microsoft Exchange Server by Jeremy Stewart - October 10, 2000
In the following paper I will be discussing the topic of Third Party Mail Relay, or Open Relay, the SMTP protocol, and the unwanted side affects of having a system that is configured as an open relay.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.
SANS.edu Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.