What Are Email Protocols?
Email protocols consist of a collection of rules and standards governing the transmission, receipt, and processing of email messages between mail servers and clients. These protocols enable seamless email communication by outlining procedures for sending, receiving, storing, and retrieving emails.
In this article, we’ll explain about email protocols designed specifically to improve the security of email communications and mitigate malicious attacks.
This is part of a series of articles about email security.
In this article
Email protocols consist of a collection of rules and standards governing the transmission, receipt, and processing of email messages between mail servers and clients. These protocols enable seamless email communication by outlining procedures for sending, receiving, storing, and retrieving emails.
Email security protocols are important for confidentiality, integrity and authenticity.
– SSL/TLS for HTTPS
– SMTPS
– STARTTLS
– SMTP MTA-STS
– SPF
– DKIM
– DMARC
Why Are Email Security Protocols Important?
Confidentiality
Emails frequently contain sensitive information that should be protected from unauthorized access. Without appropriate encryption, attackers can intercept and read your emails, while in transit between servers or when stored on a mail server. By employing secure email protocols like SSL/TLS or STARTTLS, you can guarantee that your messages remain confidential during transmission.
Integrity
Email integrity refers to the capacity of an email to retain its original content without being altered during transmission. Cybercriminals may attempt to modify emails in transit for malicious purposes, such as embedding malware or changing financial details within invoices. Email security protocols assist in preventing these attacks by verifying the message’s integrity before it arrives at its destination.
Authenticity
Establishing trust between senders and recipients requires verifying that an email originates from a legitimate sender rather than an imposter, seeking to deceive users into revealing sensitive information. Establishing authenticity can be highly effective against many cyber attacks, including phishing scams.
Protocols like SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication Reporting & Conformance) play an essential role in authenticating sender identities and thwarting spoofing attempts.
Tal ZamirCTO, Perception Point
Tal Zamir is a 20-year software industry leader with a track record of solving urgent business challenges by reimagining how technology works.
TIPS FROM THE EXPERTS
- Conduct regular penetration testing focused on email infrastructure. Regular penetration testing can uncover vulnerabilities in your email configuration, including overlooked protocol weaknesses, insufficient encryption, or gaps in SPF/DKIM/DMARC implementations. Prioritize remediating findings to strengthen your overall email security posture.
- Rotate and manage DKIM keys carefully. Regularly rotate your DKIM keys to mitigate the risk of key compromise. Use different DKIM selectors for different sending services to isolate keys. This also allows you to revoke a key from a compromised service without affecting other services.
- Monitor DMARC reports actively for emerging threats. DMARC aggregate reports can reveal patterns and sources of attempted abuse against your domain. Establish a routine to analyze these reports regularly and fine-tune your policies or adjust SPF/DKIM settings based on observed anomalies.
A Summary of Common Security Protocols
SSL/TLS for HTTPS
Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are cryptographic protocols designed to provide secure communication over a computer network. They use encryption algorithms to secure data transmitted between a client (e.g., a web browser) and a server (e.g., a web server). In the context of email, SSL/TLS can be used to establish a secure connection between an email client and an email server, ensuring that email messages are transmitted securely.
SSL/TLS works by establishing a secure communication channel between the client and the server. This is done through a process known as a “handshake,” during which the client and server exchange cryptographic keys and establish a shared secret. Once the handshake is complete, all data transmitted between the client and server is encrypted using the shared secret, ensuring that it can only be read by the intended recipients.
By implementing SSL/TLS for email, you can ensure that your email communication is protected from eavesdropping and man-in-the-middle attacks. This is particularly important when transmitting sensitive information, such as login credentials, financial data, or personal information.
SMTPS
Simple Mail Transfer Protocol Secure (SMTPS) is an extension of the Simple Mail Transfer Protocol (SMTP), which is used to transmit email messages between email servers. SMTPS adds a layer of security to SMTP by establishing a secure connection between the client and server using SSL/TLS, ensuring that email messages are transmitted securely.
When a client connects to an email server using SMTPS, it initiates an SSL/TLS handshake to establish a secure connection. Once the handshake is complete, the client and server can securely exchange email messages over the encrypted connection. This helps to protect email communication from eavesdropping and man-in-the-middle attacks.
STARTTLS
STARTTLS is an extension to SMTP, IMAP, and POP3 protocols that allows email clients and servers to upgrade their plaintext connection to an encrypted SSL/TLS connection. This helps to protect email communication from eavesdropping and man-in-the-middle attacks.
When a client connects to an email server using a protocol that supports STARTTLS, it sends a STARTTLS command to the server. If the server supports STARTTLS, it responds with a message indicating that the client can proceed with the SSL/TLS handshake. Once the handshake is complete, the client and server can securely exchange email messages over the encrypted connection.
SMTP MTA-STS
SMTP Mail Transfer Agent Strict Transport Security (SMTP MTA-STS) is a security protocol that helps to ensure secure email communication by enforcing the use of SSL/TLS for email transmission. It does this by defining a policy that email servers can publish, which specifies the required level of encryption and authentication for email communication.
When an email server supports SMTP MTA-STS, it publishes a policy that specifies the required level of encryption and authentication for email communication with that server. When a client connects to the server, it checks for the presence of an MTA-STS policy and, if present, ensures that the connection meets the requirements specified in the policy. If the connection does not meet the requirements, the client will refuse to send the email message.
SPF
Sender Policy Framework (SPF) is an email authentication protocol that helps to prevent email spoofing and phishing attacks. It does this by allowing domain owners to define a list of authorized mail servers that are permitted to send email on behalf of the domain.
When an email server receives an email message, it checks the SPF record for the sender’s domain to determine if the message was sent from an authorized mail server. If the message was sent from an authorized server, the message is accepted; otherwise, the message is rejected. This helps to prevent unauthorized parties from sending email messages that appear to be from a legitimate domain, which can be used in phishing attacks and other malicious activities.
By implementing SPF, you can help to protect your domain from email spoofing and phishing attacks, reducing the likelihood of your users receiving fraudulent messages. Additionally, SPF can help to improve the deliverability of your legitimate email messages, as receiving servers can more easily distinguish between legitimate and fraudulent messages.
DKIM
DomainKeys Identified Mail (DKIM) is an email authentication protocol that helps to ensure the integrity of email messages by allowing the sender to digitally sign the message. This signature can then be verified by the receiver to ensure that the message has not been tampered with during transit.
When an email server sends an email message, it generates a digital signature using the sender’s private key. This signature is included in the message header. When the receiver’s email server receives the message, it verifies the signature using the sender’s public key, which is published in the sender’s DNS records. If the signature is valid, the message is accepted; otherwise, the message is rejected.
By implementing DKIM, you can help to ensure the integrity of your email communication, protecting your users from receiving tampered or malicious email messages. Additionally, DKIM can help to improve the deliverability of your legitimate email messages.
DMARC
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication protocol that builds upon SPF and DKIM to provide a more comprehensive solution for preventing email spoofing and phishing attacks. DMARC allows domain owners to define a policy that specifies how receiving email servers should handle messages that fail SPF and/or DKIM checks.
When an email server receives an email message, it performs SPF and DKIM checks to determine if the message is authentic. If the message fails either of these checks, the server then checks the DMARC policy for the sender’s domain to determine how to handle the message. The DMARC policy may specify that the message should be rejected, quarantined, or accepted with no action taken.
Like SPF and DKIM, DMARC can help to protect your domain from email spoofing and phishing attacks, and improve the deliverability of legitimate email messages.
Learn more in our detailed guide to email security issues and solutions
