Summary

Email is one of the oldest protocols on the Internet, but being old doesn’t mean that it can’t learn new tricks. Because of its popularity as a communication medium, it’s popular for fraudulent abusers who stand to gain from exploiting individual’s trust of domains and websites they know. SMTP doesn’t specifically address the authenticity of senders, but recent proposals, like SPF and DKIM, attempt to rectify that. We discussed how SPF and DKIM works, what you need to do to use the standards, and how the ESA fits into an authentication strategy.

Another challenge with email that stems from its ease is that it’s easy to mistakenly or deliberately expose confidential information. Good business practice dictates keeping intellectual property and confidential data from being disclosed. Industry groups have created standards for handling financial information. Legislators and regulators in many jurisdictions have crafted laws to prevent the disclosure of private personal and financial data. This chapter showed how to configure DLP policies on the ESA to detect and act on potential regulatory and disclosure policy violations and how to enforce the use of encryption when sensitive information must be sent outside of your organization.