Explaining the Terminology of Email Security
Displays a brand's logo next to authenticated emails in inboxes, helping recipients recognize legitimate messages and reducing phishing risk.
A targeted attack where fraudsters impersonate executives or business contacts to trick employees into transferring money or data. Highly damaging and difficult to detect.
A DNS record that specifies which certificate authorities (CAs) are allowed to issue SSL/TLS certificates for a domain. Prevents unauthorized certificate issuance.
Occurs when a Canonical Name (CNAME) record points to a domain that has expired or is unclaimed. Attackers can hijack the destination, potentially intercepting or spoofing email.
Refers to the Domain Name System components that support domain resolution. Secure DNS is foundational to all email security protocols.
Manipulation of DNS records to redirect traffic to malicious sites. Can be used to intercept or alter email delivery.
Incorrect DNS settings can break email authentication protocols (e.g., SPF, DMARC), making it easier for attackers to spoof emails.
Maintains a list of IPs/domains known to send spam or malicious content. Email servers check against these lists to block unwanted traffic.
Adds cryptographic signatures to DNS data to prevent tampering (e.g., cache poisoning). Helps ensure authenticity of DNS records used in email authentication.
When an attacker forges the "From" address in emails to appear as a legitimate domain. Often used in phishing and BEC attacks.
- SPF: Sender Policy Framework – defines IPs allowed to send on behalf of a domain.
- DKIM: DomainKeys Identified Mail – uses cryptographic signatures to verify email content integrity.
- DMARC: Domain-based Message Authentication, Reporting & Conformance – tells receiving servers how to handle failed SPF/DKIM emails.
A denial-of-service attack where an inbox is flooded with a massive number of emails, disrupting operations and masking other attacks.
An attacker resends previously captured email messages to confuse recipients or bypass security filters. A threat when emails lack cryptographic protections.
Mail servers that allow anyone to send email through them. Often exploited to send spam or phishing emails, leading to blacklisting.
A subdomain used for sending email (e.g., mail.example.com). Needs separate authentication records (SPF, DKIM, etc.) to prevent abuse.
Forces email servers to use TLS encryption when delivering messages to a domain. Prevents downgrade attacks and interception.
Generic fraudulent emails designed to trick recipients into clicking malicious links or sharing sensitive information. Common vector for initial attacks.
Maintains real-time databases of IPs/domains involved in spam. Used by mail servers to block or flag suspicious messages.
A highly targeted form of phishing aimed at specific individuals, often using personal details. Harder to detect than mass phishing.
A somewhat outdated but still widely used protocol for encrypting data in transit. Still commonly referenced, but TLS is its modern successor.
Improper SSL setup can lead to weak encryption, expired certificates, or exposure to attacks. Weakens email transport security.
When a certificate authority issues a certificate to an unauthorized entity. Can be exploited for domain impersonation and man-in-the-middle attacks.
- Downgrade attacks: Force email servers to use unencrypted or older protocols.
- Mis-issuance: Bad certificates from certificate authorities (CAs) can enable impersonation.
Allows domain owners to receive reports on failed attempts to deliver email over TLS, helping them detect and fix encryption issues.
