E-mail security

Also available: Deutsch (Deutschland) Français (France) Italian

Would you like to know how you can best protect your e-mail communication from misuse and attacks? In this article, we answer this and other frequently asked questions about e-mail security.

What is e-mail security?

E-mail security refers to the protection of personal or business e-mail accounts and traffic from potential misuse and malicious attacks. Various measures can be taken to prevent unauthorized access to e-mails and the manipulation or falsification of messages. Other e-mail security objectives include protection against malware such as viruses and spyware and combating spam and phishing.

Why is e-mail security important?

E-mail is ubiquitous and is used by individuals and organizations as a primary means of communication. Every day, billions of e-mails are sent around the world, many containing confidential data.

The simplicity and growing importance of e-mails is increasing the appeal for attackers and thus the risk of misuse. Cybercriminals are using imaginative methods to falsify e-mails and deceive recipients, usually with the aim of accessing confidential data, enriching themselves, gaining advantages or obtaining unauthorized access to computer systems. That’s why it’s important that you do what you can to protect your e-mail traffic from potential danger.

Dangers in e-mail communication

E-mail communication offers many benefits, but also poses some risks. The best known and most common threats are:

Spam
Spam refers to unwanted advertising e-mails that are typically sent to a large number of recipients. This makes spam different from standard newsletters, which are of interest to recipients and can be unsubscribed from at any time. Spam is annoying, but not alarming.
Phishing
Fraudsters use phishing e-mails to try to persuade recipients to transfer money or to gain access to confidential data such as login details and bank or credit card information. Perpetrators often pretend to be a known organization in order to gain their victims’ trust. In most cases, a sense of urgency is created in order to trick victims into acting quickly and possibly carelessly.

If you’d like to learn more about this from a recipient’s perspective, read our blog post on phishing.

It’s also important for website operators to know that a phishing attack always has two victims: the recipients of the phishing e-mails and the owners of the impersonated sender domains and companies. Therefore, domain owners should also take measures that make it harder to spoof domains. This includes, for example, enabling SPF, DKIM and DMARC.
Malware
Malware means “malicious software” – in other words, computer programs (e.g. viruses and spyware) that are installed on devices without an owner’s knowledge and perform unwanted or even harmful functions there.
E-mail spoofing
In e-mail spoofing, scammers pretend to be someone else by falsifying the e-mail sender and especially the domain. E-mail spoofing is often used in spam and phishing attacks.

All these risks can cause significant damage to both individuals and businesses. Depending on the type of attack and the fraudsters’ intent, devices or entire networks may be disabled, confidential data may be stolen or destroyed, or large ransoms may be demanded. The reputational damage and expense that can result from misuse of a poorly protected sender domain should not be underestimated.

What steps can be taken?

E-mail technology is based on the SMTP, IMAP and POP protocols. These do not offer any special protection in themselves. For example, e-mails are transmitted without end-to-end encryption by default and senders are not authenticated. Anyone wishing to better secure their e-mail traffic must therefore take additional steps.

These and other technical measures can help to increase e-mail security:

Software updates
Software updates are the simplest and most important technical measure. Regularly update your devices and their software. No software is error-free. It’s therefore important to install updates quickly after they are released. This applies to all your devices – smartphones, tablets and computers – as well as your websites with the content management systems (CMS) and plugins used.
Transport encryption (TLS)
This refers to encryption during transmission between the systems involved. Hostpoint recommends that you always use TLS in your e-mail application. Hostpoint’s mail servers always use transport-encrypted connections for communication with external mail servers where possible. However, the messages themselves can be read by all mail servers involved (see “end-to-end encryption”).
Spam scanner
A spam scanner (also known as a “spam filter”) is software that analyses e-mails and tries to detect spam messages. Such messages are marked as spam and moved to the spam folder. Spam scanners therefore help to reduce the flood of fraudulent advertising messages. You can find more information about these in our detailed article on spam scanners.
E-mail authentication
This is an umbrella term that refers to technologies that can be used to check that senders are who they claim to be. It includes different authentication methods such as SPF, DKIM and DMARC. Using these methods, receiving mail servers can check whether e-mails originate from an authorized server and have not been falsified. E-mail authentication increases security for both you as a domain owner and your e-mail recipients.
Virus scanner
Virus scanners are software that check e-mails and their contents for malicious attachments and links. They can help reduce the risk of downloading malware. However, virus scanners do not detect all hazards, so it’s important to remain vigilant.
End-to-end encryption
This technology is used to encrypt the messages themselves. End-to-end encryption prevents the content of messages from being read and from being altered by attackers at all stages from transmission to reception. Special software is needed on both the recipient and sender side for this. Unfortunately, such software is still complex to deploy and therefore not widely in use. Usually the S/MIME or OpenPGP standard is used.
Digital signatures
Digital signatures allow recipients to reliably check the sender and integrity of a message. As with end-to-end encryption, this requires special software. However, the message is not encrypted end to end and therefore remains readable, even for recipients who do not have special software.

Recommendations for the safe handling of e-mails

Hostpoint has the following tips for ensuring e-mail security:

General

  • Encryption: Enable transport encryption for e-mails. This will mean that your e-mails and your e-mail password are transmitted to our servers in encrypted form.

  • Passwords: Use unique and strong passwords for your e-mail accounts. Only save them in a password manager and never share them with third parties. The National Cyber Security Centre has further recommendations on password security.

  • Regular software updates: Make sure that the operating system of your devices as well as the software installed by you (e.g. browsers and e-mail applications) are always up to date. This reduces the risk of known security loopholes that can be exploited.

For senders and owners of domains

  • SPF/DKIM/DMARC: Enable SPF, DKIM and DMARC to send e-mails with your domain. These authentication methods reduce the risk of your domain being misused to send fraudulent emails.

  • Sender policies: Configure strict sender policies for your domains in the Hostpoint Control Panel. This allows you to set out the circumstances under which Hostpoint’s mail servers receive and send e-mails on behalf of your domain.

  • Software updates for your website: Also update your CMS, including the plugins used, regularly and promptly. Known security vulnerabilities are often exploited very quickly.

  • Confidential data: Never send confidential information by e-mail.

For recipients

  • Exercise caution: Be careful and vigilant when dealing with e-mails. Check the sender and content of e-mails carefully. Don’t let yourself be put under pressure and don’t open any suspicious links or attachments. If you don’t trust a message, your options include calling the sender by phone and asking them about it. Find out more in our separate Support Center article on phishing and on our phishing info page.

  • Spam scanner: Enable the spam scanner and spam box in the Hostpoint Control Panel. The spam scanner can detect many malicious messages and move them from the inbox directly to the spam folder.

  • Virus scanner: Use a virus scanner and make sure that it scans e-mail attachments for malicious files. However, remain vigilant and bear in mind that virus scanners do not detect all hazards.
Please use this form only to provide feedback on the above guide.
For support requests please use this form instead.

 

Contact Form Write us a message
0844 040404 Mon – Sun, 8 am – 6 pm
< 1 min.
Waiting time
Check our Status page
WhatsApp Mon – Sun, 8 am – 6 pm
E-mail around the clock
Check-in Make an appointment

 

© 2001 - Hostpoint AG
Cookie

Wir verwenden Cookies  🍪

We use Cookies  🍪

Nous utilisons des cookies  🍪

Utilizziamo dei cookie  🍪

Die digitalen Auftritte von Hostpoint (Website, Control Panel, Support Center etc.) verwenden Cookies. Diese werden dazu verwendet, um Daten über Besucherinteraktionen zu sammeln. Wenn Sie auf «Akzeptieren» klicken, stimmen Sie der Verwendung dieser Cookies für Werbezwecke, Website-Analyse und Support zu. Gewisse essenzielle Cookies sind jedoch für eine ordnungsgemässe Funktion dieser Seiten unerlässlich und können deshalb nicht deaktiviert werden. Auch ohne Ihre Zustimmung können gewisse Daten in anonymisierter Form für statistische Zwecke und zur Verbesserung unserer Websites verwendet werden. Bitte beachten Sie unsere Datenschutzerklärung.

Hostpoint's digital presences (website, Control Panel, Support Center, etc.) use cookies. These are used to collect data on visitor interactions. If you click “Accept”, you agree to the use of these cookies for advertising purposes, website analysis and support. However, certain cookies are essential for the proper functioning of these pages and therefore cannot be disabled. Even without your consent, certain data may be used in anonymized form for statistical purposes and to improve our websites. Please note our Privacy policy.

Le sites Web de Hostpoint (site Web, Control Panel, Centre d'assistance, etc.) utilisent des cookies. Ces cookies servent à collecter des données sur les interactions des visiteurs. En cliquant sur «Accepter», vous consentez à l’utilisation de ces cookies à des fins de publicité, d’analyse du site Web et d’assistance. Certains cookies essentiels sont cependant indispensables au bon fonctionnement de notre sites Web et ne peuvent donc pas être désactivés. Même sans votre consentement, certaines données peuvent être utilisées sous forme anonymisée à des fins statistiques et pour améliorer notre sites Web. Veuillez prendre connaissance de notre Déclaration de protection des données.

Le presenze digitali di Hostpoint (sito web, Pannello di controllo, Support Center, ecc.) utilizzano i cookie. Questi vengono utilizzati per raccogliere dati sulle interazioni dei visitatori. Facendo clic su «Accetta», acconsente all’utilizzo di questi cookie per scopi pubblicitari, di analisi del sito web e di supporto. Alcuni cookie essenziali sono tuttavia indispensabili per il corretto funzionamento di questi siti web e pertanto non possono essere disattivati. Anche senza il Suo consenso, determinati dati potrebbero essere utilizzati in forma anonima per fini statistici e per l’ottimizzazione dei nostri siti web. Si prega di tenere conto della nostra Dichiarazione per la pivacy.

Ablehnen
Decline
Refuser
Rifiuta
Akzeptieren
Accept
Accepter
Accetta