Why are there email security standards?Email is a widely used form of communication that many organisations depend on. Most organisations use their own email domain so that email addresses are recognisable and traceable. But email is not the most secure and reliable form of communication. Without additional setup in your email environment, you run the following risks:
- It is fairly easy to 'spoof' (in Dutch) your organisation's email domain. This means that someone can send emails with an email address of your organisation as the sender. Phishing attacks have a greater chance of success this way because the recipient (wrongly) trusts the sender's email address. Employees within your own organisation as well as other email recipients can become victims of this;
- Lack of or wrong application of email security standards can prevent emails sent by your organisation from being trusted by the receiving email environment. Depending on how strict the receiving mail server is set up, the emails may not reach the recipient or may be marked as ‘spam’;
- The communication between the sending mail server and the receiving mail server is unencrypted, so that the content of email messages is open, and messages can be modified before they reach the recipient.
Email securityWhen talking about email security, often attention is paid to protection against phishing, spam or malware on the receiving end. This is of course important, but email security goes beyond having a good spam filter and training employees to recognise ’wrong’ emails. The risks described above affect the availability, integrity and confidentiality of emails your organisation sends. By taking measures against these risks, you also contribute to making email more secure on the part of the recipient.
What can I do?
Did you know that it is possible to check remotely which email security standards have been set up? It does not depend on whether you manage your organisation's email environment yourself or have outsourced it to an IT service provider. There are several websites on the internet that can easily perform this check. All you have to do is enter the mail domain of your organisation in the appropriate input field.
You will find the email test on the internet.nl website (in Dutch). This email test looks at the most important email security standards. After completing the test, you will receive a report and a score that give you an idea of the status of your email domain. This overview can help you to make adjustments or additions yourself or to start a conversation with your IT service provider. Such a test cannot see everything, but it does give you a good starting point. Below, we will briefly describe different email security standards. It is important to be aware of these standards and consider setting them up, possibly together with your IT service provider.