Email has proven to be a major benefit to consumers, enterprises and organisations. Today it is the life blood of many businesses and a huge amount of business information and data resides in business email. However it is not without its problems. Almost from its inception it has been abused by spammers, hackers, spies and sometimes by legitimate businesses. Here we examine some of the issues involved in email security.
The word spam is used for a variety of things but email spam means email that is both unsolicited and sent out in bulk regardless of content. To send spam is against the law in the majority of jurisdictions and is banned worldwide by all ISPs. The question is then why is there so much of it and how do people and organisations get away with sending it.
The problem is that it is very easy to create and spam. Really all that is needed is a collection of email addresses, and they tend to be readily available. For instance ‘spambots’ can search the web for email addresses; they can be gathered from newsgroups; they can be solicited by websites; and they can be gathered by dictionary attacks, which means generating email addresses at random and checking out if that address actually exists. Sending the spam is also easy; there are organisations that will send out over a billion spam messages a day.
The first weapon in the war against spam is filtering by content. This has become increasingly sophisticated and there is a perpetual cat and mouse game between spammers and spam filters. It is also possible to block spammers by IP addresses, but it is also easy to change these.
Spanners also use networks (bot-nets) of “zombie machines” which are PCs that have unknowingly to their owner been taken over using viruses and are remotely controlled by the spammers to send out spam email. It is an easy way to bypass IP address blocks as well as launching denial of service attacks on corporations.
Transmission of viruses and other malware is another serious problem. For instance they can be used to set up the bot-nets mentioned above as well as phishing attacks that attempt to trick the recipient into divulging sensitive or confidential information. This might be the banking username and password of an individual or it might be sensitive corporate data. Email is also venerable to leaks and eavesdropping unless appropriate measures are taken to encrypt it. Even encrypted email might be vulnerable under certain circumstances.
It is apparent that any enterprise that fails address email security can anticipate disastrous consequences. The more that mailboxes get clogged by spam the more employee security is reduced, to say nothing to the wasted resources spent on dealing with malware attacks. There is also the danger of a leak or loss of sensitive data.
It is important that these risks are minimized without compromising the up-side of email and one solution is the Mimecast cloud email security model which provides always on service availability along with total protection from viruses along with flexible email encryption.