Select your language

Would you like to know how you can best protect your e-mail communication from misuse and attacks? In this article, we answer this and other frequently asked questions about e-mail security.

What is e-mail security?

E-mail security refers to the protection of personal or business e-mail accounts and traffic from potential misuse and malicious attacks. Various measures can be taken to prevent unauthorized access to e-mails and the manipulation or falsification of messages. Other e-mail security objectives include protection against malware such as viruses and spyware and combating spam and phishing.

Why is e-mail security important?

E-mail is ubiquitous and is used by individuals and organizations as a primary means of communication. Every day, billions of e-mails are sent around the world, many containing confidential data.

The simplicity and growing importance of e-mails is increasing the appeal for attackers and thus the risk of misuse. Cybercriminals are using imaginative methods to falsify e-mails and deceive recipients, usually with the aim of accessing confidential data, enriching themselves, gaining advantages or obtaining unauthorized access to computer systems. That’s why it’s important that you do what you can to protect your e-mail traffic from potential danger.

Dangers in e-mail communication

E-mail communication offers many benefits, but also poses some risks. The best known and most common threats are:

Spam
Spam refers to unwanted advertising e-mails that are typically sent to a large number of recipients. This makes spam different from standard newsletters, which are of interest to recipients and can be unsubscribed from at any time. Spam is annoying, but not alarming.
Phishing
Fraudsters use phishing e-mails to try to persuade recipients to transfer money or to gain access to confidential data such as login details and bank or credit card information. Perpetrators often pretend to be a known organization in order to gain their victims’ trust. In most cases, a sense of urgency is created in order to trick victims into acting quickly and possibly carelessly.

If you’d like to learn more about this from a recipient’s perspective, read our blog post on phishing.

It’s also important for website operators to know that a phishing attack always has two victims: the recipients of the phishing e-mails and the owners of the impersonated sender domains and companies. Therefore, domain owners should also take measures that make it harder to spoof domains. This includes, for example, enabling SPF, DKIM and DMARC.
Malware
Malware means “malicious software” – in other words, computer programs (e.g. viruses and spyware) that are installed on devices without an owner’s knowledge and perform unwanted or even harmful functions there.
E-mail spoofing
In e-mail spoofing, scammers pretend to be someone else by falsifying the e-mail sender and especially the domain. E-mail spoofing is often used in spam and phishing attacks.

All these risks can cause significant damage to both individuals and businesses. Depending on the type of attack and the fraudsters’ intent, devices or entire networks may be disabled, confidential data may be stolen or destroyed, or large ransoms may be demanded. The reputational damage and expense that can result from misuse of a poorly protected sender domain should not be underestimated.

What steps can be taken?

E-mail technology is based on the SMTP, IMAP and POP protocols. These do not offer any special protection in themselves. For example, e-mails are transmitted without end-to-end encryption by default and senders are not authenticated. Anyone wishing to better secure their e-mail traffic must therefore take additional steps.

These and other technical measures can help to increase e-mail security:

Software updates
Software updates are the simplest and most important technical measure. Regularly update your devices and their software. No software is error-free. It’s therefore important to install updates quickly after they are released. This applies to all your devices – smartphones, tablets and computers – as well as your websites with the content management systems (CMS) and plugins used.
Transport encryption (TLS)
This refers to encryption during transmission between the systems involved. Hostpoint recommends that you always use TLS in your e-mail application. Hostpoint’s mail servers always use transport-encrypted connections for communication with external mail servers where possible. However, the messages themselves can be read by all mail servers involved (see “end-to-end encryption”).
Spam scanner
A spam scanner (also known as a “spam filter”) is software that analyses e-mails and tries to detect spam messages. Such messages are marked as spam and moved to the spam folder. Spam scanners therefore help to reduce the flood of fraudulent advertising messages. You can find more information about these in our detailed article on spam scanners.
E-mail authentication
This is an umbrella term that refers to technologies that can be used to check that senders are who they claim to be. It includes different authentication methods such as SPF, DKIM and DMARC. Using these methods, receiving mail servers can check whether e-mails originate from an authorized server and have not been falsified. E-mail authentication increases security for both you as a domain owner and your e-mail recipients.
Virus scanner
Virus scanners are software that check e-mails and their contents for malicious attachments and links. They can help reduce the risk of downloading malware. However, virus scanners do not detect all hazards, so it’s important to remain vigilant.
End-to-end encryption
This technology is used to encrypt the messages themselves. End-to-end encryption prevents the content of messages from being read and from being altered by attackers at all stages from transmission to reception. Special software is needed on both the recipient and sender side for this. Unfortunately, such software is still complex to deploy and therefore not widely in use. Usually the S/MIME or OpenPGP standard is used.
Digital signatures
Digital signatures allow recipients to reliably check the sender and integrity of a message. As with end-to-end encryption, this requires special software. However, the message is not encrypted end to end and therefore remains readable, even for recipients who do not have special software.

Recommendations for the safe handling of e-mails

Hostpoint has the following tips for ensuring e-mail security:

General

  • Encryption: Enable transport encryption for e-mails. This will mean that your e-mails and your e-mail password are transmitted to our servers in encrypted form.

  • Passwords: Use unique and strong passwords for your e-mail accounts. Only save them in a password manager and never share them with third parties. The National Cyber Security Centre has further recommendations on password security.

  • Regular software updates: Make sure that the operating system of your devices as well as the software installed by you (e.g. browsers and e-mail applications) are always up to date. This reduces the risk of known security loopholes that can be exploited.

For senders and owners of domains

  • SPF/DKIM/DMARC: Enable SPF, DKIM and DMARC to send e-mails with your domain. These authentication methods reduce the risk of your domain being misused to send fraudulent emails.

  • Sender policies: Configure strict sender policies for your domains in the Hostpoint Control Panel. This allows you to set out the circumstances under which Hostpoint’s mail servers receive and send e-mails on behalf of your domain.

  • Software updates for your website: Also update your CMS, including the plugins used, regularly and promptly. Known security vulnerabilities are often exploited very quickly.

  • Confidential data: Never send confidential information by e-mail.

For recipients

  • Exercise caution: Be careful and vigilant when dealing with e-mails. Check the sender and content of e-mails carefully. Don’t let yourself be put under pressure and don’t open any suspicious links or attachments. If you don’t trust a message, your options include calling the sender by phone and asking them about it. Find out more in our separate Support Center article on phishing and on our phishing info page.

  • Spam scanner: Enable the spam scanner and spam box in the Hostpoint Control Panel. The spam scanner can detect many malicious messages and move them from the inbox directly to the spam folder.

  • Virus scanner: Use a virus scanner and make sure that it scans e-mail attachments for malicious files. However, remain vigilant and bear in mind that virus scanners do not detect all hazards.
Please use this form only to provide feedback on the above guide.
For support requests please use this form instead.

 

 

© 2001 - Hostpoint AG