Five years ago, a busy medical office in a Seattle suburb began observing strange behavior across its local area network. Computers slowed to a crawl. Apps began to freeze or crash. Connections to the encrypted, HIPAA-compliant portal were failing. An anti-virus scan was performed on a number of the desktop workstations and several were found to be infected with malware. The medical staff was in dire need of first aid!
How did this happen? The staff did not surf suspicious sites online. This wasn’t a phishing expedition that tricked an unsuspecting user into revealing a password. User access was closely monitored.
The network was basically a “walled garden.” There was but one opening in the wall that afforded safe passage to incoming traffic — electronic mail!
The infiltrator in this case was a “trojan horse,” an email package carrying a pixel detonator that triggered a malicious payload. By clicking on a counterfeit link to “view image,” a tracking pixel unleashed the download of the offending code. The first workstation had been compromised and was ready to spread the virus internally.
Could the medical office have prevented the infiltration? The default Web server’s Spam Assassin software had not detected the email as being spam. Neither had the anti-viral software on the desktop. And besides, by that
Triage & Diagnosis
For starters, the clinic had NOT taken the basic steps to prevent Sender Fraud by implementing three methods of
These records are considered to be the “3 Pillars of Email Authentication” for preventing spoofing of outbound email. If you haven’t done so already you should ask your Web hosting provider to plant these pillars as cornerstones of your email server. Do it ASAP!
SPF, or Sender Policy Framework, is a way for recipients to confirm the identity of the sender of an incoming email. The record includes all IP addresses (mail servers) that are authorized to send mail on behalf of this domain.
A typical SPF record will look something like this:
v=spf1 ip4:184.108.40.206 ip4:220.127.116.11 ip4:18.104.22.168/24 include:magnetmail.net ~all
When an email is sent, the receiving server checks the DNS records for the domain in the FROM: field. If the IP address is listed in that record (as seen above), the message passes SPF. If SPF exists, but the IP address isn’t in the record, it’s a hard fail. This can often cause mail to be rejected or routed to the spam folder. If no SPF record exists, it’s a soft fail. These are most likely to cause messages to be routed to spam but can lead to a message being rejected as well.
DKIM, short for DomainKeys Identified Mail, also allows for the identification of “spoofed” emails but uses a slightly different process. Instead of a single DNS record that keys off the FROM: address, DKIM employs two encryption keys: one public and one private.
The private key is housed in a secure location that can only be accessed by the owner of the domain. This private key is used to create an encrypted signature that is added to every message sent from that domain. Using the signature, the receiver of the message can check against the public DKIM key, which is stored in a public-facing DNS record. If the records “match,” the mail could only have been sent by the person with access to the private key, aka the domain owner.
DMARC (Domain-based Message Authentication, Reporting, & Conformance) builds on those technologies by providing directions to the receiver on what to do if a message from your domain is not properly authenticated.
Like SPF and DKIM, DMARC also requires a specific DNS record to be entered for the domain you wish to use in your FROM: address. This record can include several values, but only two are required: (v) tells the receiving server to check DMARC and (p) gives instructions on what to do if authentication fails.
So now that you have taken steps to harden your email authentication, what can you do about the avalanche of spam mail and bulk mail that clogs your inbox each day?
Of the 200 billion email messages sent and received every day, 90% of worldwide email is spam according to a Cisco security report cited in VNUNET.com. Spam, including virus and other threats, continues to be a serious problem for organizations and a drain on IT resources.
That’s where Securence comes in.
The Securence Solution
Securence is a proactive “Signature-Based” email filtering and management solution offered by U.S. Internet and supported by free, 24/7 telephone tech support anytime you need it.
Instead of relying on a single filtering method, Securence takes a dynamic approach that incorporates the best and most relevant of all effective filtering techniques.
Signature-Based means that the Securence team develops signatures that identify, flush out and counter all of the latest spamming techniques and viruses as they evolve and appear. Not only does this produce the most effective and efficient email filtering possible, but it does so with the lowest possible number of false positives.
Trusted by over 5 million users worldwide, including RE/MAX International, ShopNBC, TCF Financial Corporation, Malt-O-Meal Company, Panera Bread Company, and Interstate Companies, to mention a few, Securence provides highly effective email security and anti-spam services all under one roof for small businesses, large enterprises, government and educational institutions, and non-profits.
Securence scans all incoming and outgoing email to eliminate threats before reaching end users, including viruses, worms, malicious file attachments and other junk mail.
In case a mail server or Internet connection fails, Securence will queue incoming and outgoing mail for 7 days with a debug message queue interface enabling all mail in
An Enterprise Solution to Fit Your Budget
In addition to having all the bells and whistles, and utilizing the industry’s top performing anti-spam technology, Securence is the lowest priced enterprise solution available.
Additional savings come from reduced bandwidth usage, low IT administration, and no end user involvement required to managing their spam.
What’s more, because Securence has the largest utilization of signature-based detection on the market and only uses proven capture technology, it boasts the lowest false positive returns in the industry.
Offering an industry exclusive, Securence Shadowing redelivers any inbound email received in the past 30 days, assuring delivery and fast recovery of any missing or deleted message. Emails in the shadow interface are stored in a secure and encrypted state with restricted access.
To sign up for a free, 30-day trial, visit Securence online and click on the Free Trial button When signing up, be sure and mention Seattle24x7 for extra special treatment. We give it two thumbs up! [24×7]