Email completely changed the way we communicate and the way we do business. While it makes us more efficient, it comes with a cost. And that is the risk of a data breach. There are a myriad of studies that reach the same conclusion year after year. The majority of cyberattacks begin when someone clicks on a link in a phishing email.
Even as cyberattacks continue to evolve and expand, it’s unlikely that email will be going away anytime soon. The Radicati Group predicts that by the end of 2022, over 333 billion business and consumer emails will be sent and received per day.
There are some techniques out there that could reduce the cyber risk of email. The following is a discussion of a few.
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
DMARC is an internet protocol (RFC 7489) that is focused on stopping the spoofing of email domains, a typical tactic of cybercriminals. It allows senders to mark their legitimate messages with a technical tag that the receiver can validate. DMARC gives the technologies a way to communicate with each other to validate whether the messages that are received are valid messages. All parties must enable the protocol for it to work.
This can have a huge impact on reducing the number of spam or potentially malicious emails we receive because emails with fake sender addresses can be quickly and easily eliminated through technology. However, DMARC only tackles one aspect of bad email traffic.
Closing Open Email Gateways
Email security gateways are used to block spam or malicious emails from being delivered. An open gateway is a service that allows all messages through, regardless of where they are coming from or where they are going. Recognizing what a risk they are, open gateways are being identified by the Internet community, and the people who own those gateways are being asked to shut them down or modify them, so they don't act as gateways anymore.
Going After the Highest Volume Offenders
The authorities around the world are now more effective at identifying the root operators of spam campaigns. They are being arrested and their technologies were being seized. Priority has been raised on prosecuting them, which has resulted in a reduction of spam volumes for periods of time.
Educating Unaware Offenders
Spammers are adept at infecting other people’s systems to use as launching points for their campaigns. Many of these users may have no idea that they are being used in that way. Internet Service Providers (ISPs) are working on plans to help their customers become more aware. If they see this type of traffic, they let them know there is an issue and help them clean it up. Some ISPs will block identified machines from accessing the Internet until they are cleaned up.
Closing Open Email Doors
Using the open Internet to accept and send email is not the only way to communicate. Pretty much every social media platform has their own integrated messaging system. Organizations of all sizes can easily accept communication from the general public through an online form on a portal or website instead of traditional email.
Some organizations are also using a whitelisting technique where their email system has a list of all the people who are preapproved to send an open communication to them over the Internet. A message that is sent from someone not on the list is typically quarantined until the appropriate person can identify that it’s a legitimate message.
This may sound like an administrative burden, but it doesn't have to be. The idea is that you're putting in protective practices so that you don't suffer a business email compromise. You don't receive the spam or malicious email because you're only accepting email from people that have a legitimate reason to be communicating with you.