E-Mail Security


E-Mail Security

ZIMBRAMAILBOX provides multi layered spam protection system which consists of Cloud Based Spam and Malware gateway and Local Zimbra based Malware scanning services. We provide all this services FREE of charge to our subscribers.

Secure Zimbra Mailbox hosting


E-mail is one of the most widely and commonly used Internet services. The e-mail infrastructure employed on the Internet is primarily made up of e-mail servers using the Simple Mail Transfer Protocol (SMTP) to accept messages from clients, transport those messages to other servers, and deposit messages into a user’s server-based inbox. In addition to e-mail servers, the infrastructure includes e-mail clients. Clients retrieve e-mail from their server-based inboxes using the Post Office Protocol, version 3 (POP3) or Internet Message Access Protocol (IMAP). Clients communicate with e-mail servers using SMTP

E-mail is the most common delivery mechanism for viruses, worms, Trojan horses, documents with destructive macros, and other malicious code. The proliferation of support for various scripting languages, auto-download capabilities, and auto-execute features has transformed hyperlinks within the content of e-mail and attachments into a serious threat to every system.

The first step in deploying e-mail security is to recognize the vulnerabilities specific to e-mail. The protocols used to support e-mail do not employ encryption. Thus, all messages are transmitted in the form in which they are submitted to the e-mail server, which is often plain text. This makes interception and eavesdropping an easy task. However, the lack of native encryption is one of the least important security issues related to e-mail.

E-mail offers little in the way of source verification. Spoofing the source address of e-mail is a simple process for even the novice hacker. E-mail headers can be modified at their source or at any point during transit. Furthermore, it is also possible to deliver e-mail directly to a user’s inbox on an e-mail server by directly connecting to the e-mail server’s SMTP port. And speaking of in-transit modification, there are no native integrity checks to ensure that a message was not altered between its source and destination.

E-mail itself can be used as an attack mechanism. When sufficient numbers of messages are directed to a single user’s inbox or through a specific STMP server, a denial of service (DoS) can result. This attack is often called mailbombing and is simply a DoS performed by inundating a system with messages. The DoS can be the result of storage capacity consumption or processing capability utilization. Either way the result is the same: legitimate messages cannot be delivered. Like e-mail flooding and malicious code attachments, unwanted e-mail can be considered an attack. Sending unwanted, inappropriate, or irrelevant messages is called spamming. Spamming is often little more than a nuisance, but it does waste system resources both locally and over the Internet. It is often difficult to stop spam because the source of the messages is usually spoofed.

About the author