This white paper provides useful background information on email security issues.
It will help you examine the security threats facing your corporate email system
and determine what kind of email security solution your company needs.
Corporate email: A mission-critical
Email is well-established as a prime means of communication for business purposes
that is quicker and cheaper than more traditional methods. Yet it brings with
it the necessity to make one's corporate messaging system as secure as possible.
Email-related threats to
A variety of different elements weaken your corporate email system and while
some are widely known - such as email viruses - others tend to be ignored. Emails
carrying offensive messages or confidential corporate information can create
immense inconvenience and expense for a company that has not equipped its mail
server with the appropriate tools. The same goes for spammers who use the email
system at work to send thousands of unsolicited email messages. And what about
the vast damage and time-loss caused by email viruses, which seem are making
ever more frequent appearances these days?
Some companies lull themselves into a false sense of security upon installing
a firewall. This is a wise step to protect their intranet, but it is not enough:
Firewalls prevent network access by unauthorized users. But they do not check
the content of mail being sent and received by those authorized to use the system,
for instance. More targeted measures are needed to counteract this and other
security loopholes in a corporate network.
The threat of
Organizations often fail to acknowledge that there is a greater risk of
crucial data being stolen from within the company rather than from outside.
Various studies have shown how employees use email to send out confidential
corporate information. Be it because they are disgruntled and revengeful, or
because they fail to realize the potentially harmful impact of such a practice,
employees use email to share sensitive data that was officially intended to
FBI statistics, for example, reveal that among Fortune 500 companies, most data
thefts in 1998 were by internal users. Again, research results carried in PC
Week in March 1999 report that, out of 800 workers surveyed, 21-31% admitted
to sending confidential information - like financial or product data - to recipients
outside the company by email. Ten per cent of those surveyed disclosed that
they had received email containing company-confidential information.
The threat of
emails containing malicious or offensive content
Emails carrying sensitive information, or unsolicited mail messages sent
out by corporate users are not the only problem a company has to tackle with
regard to employees' email use. Emails sent by staff containing racist, sexist
or other offensive material could prove equally troublesome, not to mention
embarrassing - and expensive!
This factor hit the headlines during the much-publicized antitrust case against
Microsoft Corp., when the US government presented as evidence the contents of
emails written by top Microsoft executives describing plans to topple competitors.
On a similar note, Chevron recently had to pay $2.2 million to settle a lawsuit
resulting from an email message bearing sexist contents.
Under British law, employers are held responsible for emails written by employees
in the course of their employment, whether or not the employer consented to
the mail. The insurance company Norwich Union was asked to pay $450,000 in an
out-of-court settlement as a result of emailed comments relating to competition.
Besides, offensive emails can cause considerable damage to the work environment
simply by generating an unpleasant, hostile or unprofessional atmosphere.
The threat of viruses
Viruses are a major email security hazard that companies simply cannot afford
to ignore. Over 11,000 different computer viruses exist to date and some 300
new ones are created each month. Their effects range from negligible to bothersome
The extent of the problem is so great that today many companies have even begun
to prohibit the use of email attachments, as this is where viruses are often
embedded. Unless forewarned, users are generally unaware that they have received
a virus until they open the infected attachment. By this time, it is too late:
the virus is activated and starts to take over, completely infecting the hard
drive and the messaging network.
The danger of viruses transmitted through macros, another common form of virus
transmission, is that they allow the user to continue working and sharing documents.
This way, the virus spreads faster, infecting more and more users. One such
macro virus, known as Melissa, reared its ugly head on March 26, 1999. Melissa
forced organizations the world over - among them Microsoft and Intel - to suspend
all email transactions. This may well have been an effective response to the
new viral onslaught, when timely action was taken - but it also signified incalculable
productivity loss, despite stemming data loss. As a result, Melissa left a huge
dent in corporate coffers: "It is responsible for millions of dollars worth
of damage", an April 1999 issue of InfoWorld reported.
Other fiercely destructive viruses followed fast on Melissa's trail, such as
the Chernobyl (CIH) virus and the Explore Worm, both of which wipe out files,
resulting in data loss. Again, companies like Microsoft, Intel, Boeing and Forrester
Research were reported in the press as having shut down their mail servers when
hit by the Explore Worm outbreak in June 1999. And, as if all this were not
enough, anti-virus researchers predict that more damaging email viruses are
yet to come.
The threat of spam
About 90 per cent of email users receive spam - or unsolicited commercial
mail - at least once a week, a survey conducted by the Gartner Group shows.
The research results, issued in June 1999, revealed that almost half those surveyed
were spammed six or more times a week. The study surveyed 13,000 email users.
Although the U.S. Congress and state legislatures are seeking to ban spam, and
the Federal Trade Commission sues spammers whose junk mail deceives consumers,
unwanted mail is on the increase.
As well as consuming bandwidth and slowing down email systems, spam is a frustrating
time-waster, forcing employees to sift through and delete mounds of junk mail.
It also proves irritating and offensive to recipients who feel their privacy
has been invaded. However, there is a third aspect to spam: it constitutes a
Spammers can use a corporate mail server to send out their unsolicited messages,
often bringing trouble upon the unwitting organization. Virgin Net recently
underwent such an experience when one of its subscribers apparently used its
network to send out 250,000 junk messages. As a result of this individual's
actions, Virgin Net was put onto the Real-time Blackhole List (RBL), an undesirable
listing which leads other ISPs to reject mail coming from that company.
The security menaces are many, but effective solutions do exist. The first
step to enhance security recommended by cyber-security consultants is the formulation
of a corporate email policy document. This is used to inform all members of
the organization which messaging practices are deemed unacceptable.
Without being overly restrictive, such documents should provide guidelines and
procedures to be followed by employees in their use of email at the workplace.
Examples of the kinds of email messages that could prove detrimental to the
organization should be supplied. The overriding point to be emphasized is that
by adopting this policy, the company and its staff stand to gain by benefiting
from messaging security that is as watertight as possible.
Next, the organization must acquire new security tools to help enforce these
regulations, informing all users that this measure is being taken.
Corporations may choose from a selection of email security packages. Some
solutions are created to tackle a particular menace alone while others contain
a convenient bundle of tools to deal with the various hazards. It is up to each
organization to select the software that best suits their needs.
As always, price is bound to be one of the determining factors in making the
right choice. Another essential characteristic to seek is a product that is
as transparent to the user as possible. A package that installs on the existing
corporate email system and is easy to use means that a company can enjoy the
security benefits offered immediately upon installation. This section examines
the different email security features available on the market, either separately
or as part of a solution.
A content checking tool is a must to prevent users from sending out confidential
or sensitive corporate information via email. This tool automatically scans
the contents of each message being mailed.
To be effectual, this tool should link to a quarantining feature that isolates
emails with suspect content and prevents them from being sent unless an authorized
person within the organization has approved the message.
Likewise, a content screening tool is necessary to prevent corporate users
from sending or receiving malicious, offensive, or inappropriate emails. This
should be coupled with a tried and tested quarantining feature that bars emails
with suspect content from being sent or received unless an authorized person
within the organization has approved the message first. (For more information,
please see Protecting
your network against email threats: How to block email viruses and attacks.)
A reliable virus scanner screens all incoming and outbound messages and
attachments for email viruses and worms.
Of course, it is not enough for a package to detect a virus. A good security
tool must be able to block the infected documents or clean them before the email
reaches the addressee. Additionally, the anti-virus solution should notify the
recipient and/or network administrator of the email-borne virus. This way, viruses
are stopped in their tracks before they do any harm and senders can be alerted
that their systems are infected.
An efficient anti-spam tool will pick up words and phrases that usually
appear in unsolicited commercial emails and block the unwanted message from
entering the system. While preventing inconvenience to recipients, this saves
the corporation time that employees would otherwise have wasted reading and
deleting junk mail - paid work time that could be better applied.
Advanced anti-spam features include the detection of incorrect 'From' headers
and addresses in the email body, typical spam practices, as well as the facility
to be programmed to block emails containing any phrases the company chooses.
Another essential ingredient is the ability to prevent spammers from using the
corporate system to send out vast quantities of mail, a practice known as mail
Also effective against spam is a quarantining feature that deters email messages
with dubious content from going through. This feature acts as a kind of clearinghouse,
allowing an authorized person to approve the filtered messages before they are
sent or received.
A powerful solution
that arms your Exchange Server 2000
GFI MailSecurity for Exchange/SMTP
Your only true defence is to install a comprehensive email security solution
to safeguard your mail server and network. GFI MailSecurity for Exchange/SMTP
provides email content checking, exploit detection and anti-virus for Exchange/SMTP.
it can be deployed at the gateway level, or at information store level (based
on the Exchange 2000 VS API).
Key features include: Multiple virus engines - Don't depend on 1 only;
Email content & attachment checking - Quarantine dangerous emails; Exploit
shield - Email intrusion detection & defence; Email threats engine
- Analyses & defuses HTML scripts, .exe files & more. Other features
- Automatic removal of HTML scripts
- Automatic quarantining of Microsoft Word documents with macros
- Detects attachment extension hiding
- Rules-based configuration
- Apply rules to AD users or groups
- Approve/reject quarantined mail using the moderator client/email client/public
- Lexical analysis
- Seamless integration with Exchange Server 2000 through VS API
- Anti-spam (gateway version)
- Great value
An evaluation version can be downloaded from: http://www.gfi.com/mesindex.htm
is a leading provider of Windows-based messaging, content security and network
security software. Key products include the GFI FAXmaker fax connector for Exchange
and fax server for networks; GFI MailSecurity email content/exploit checking
and anti-virus software; and the GFI LANguard family of network security products.
Clients include Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants,
NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has six offices in
the US, UK, Germany, France, Australia and Malta, and has a worldwide network
of distributors. GFI is a Microsoft Gold Certified Partner and has won the Microsoft
Fusion 2000 (GEM) Packaged Application Partner of the Year award.
For more information
Please email email@example.com or contact one of the GFI
© 2002 GFI Software Ltd. All rights reserved. The information contained in
this document represents the current view of GFI on the issues discussed as
of the date of publication. Because GFI must respond to changing market conditions,
it should not be interpreted to be a commitment on the part of GFI, and GFI
cannot guarantee the accuracy of any information presented after the date of
publication. This White Paper is for informational purposes only. GFI MAKES
NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. GFI FAXmaker, GFI MailEssentials,
GFI MailSecurity and GFI LANguard and the GFI FAXmaker, GFI MailEssentials,
GFI MailSecurity, GFI DownloadSecurity and GFI LANguard logos and the GFI logo
are either registered trademarks or trademarks of GFI Software Ltd. in the United
States and/or other countries. Microsoft, Exchange Server, VS API, Word, and
Windows NT/2000/XP are either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries. Other product or company
names mentioned herein may be the trademarks of their respective owners. GFI.
http://www.gfi.com firstname.lastname@example.org 1-888-2GFIFAX / +44-(0)870-770-5370