Authentic Certified & Secured Corporate Email System

14 Jan

Current business email system used by most of the corporations works like normal post office, it  travels like a postcard i.e. There are good chances that other people can open and read & modify your message before it reaches to destination. These systems don't verify sender authenticity and anyone can send E-mail stating it has come from you. 

Email through Encrypted Channels

There is no verification that it is sent by you only, as anyone can use  your  id. Your spoofed id mail can contain information that may be harmful to your organization. E-mail id spoofing is one of the most weakest component of corporate Communication systems. The mail you receive travels through various networks, Internet and servers before it reaches you mail box. There is no way it can be confirmed that it is intact and there is no modification of any kind to the content.

Most corporate communication solutions ensure security of your mail box and security of Internet link while you download emails from your mail box to your client like outlook express. This is good way to secure email channel between your client and server and provide very limited security.

To solve these issues of lack of verification, authentication and confirmation and hacking protecting there are many solutions available as discussed below. Each solution has its own advantages and limitations. To avoid people intercepting your email and reading it on network and Internet it is advised to use ssl secured channel between your client and server and from your server to other servers. Most of corporate systems support and use ssl based secured channels for email communication.

Sender Domain Verification

Second method is using SPF (Sender policy frame work). In SPF the hosts and ips that will be sending mail from your domain are listed in Domain name system. Whenever a mail is delivered, spf records are verified and it is certified as SPF compliance. This certifies that email has come from senders mail server for sender domains. It doesn't provide any further protections. Many corporate server work with SPF support. This solution adds one step to security.

Sender Domain Keys

Addition to SPF another method that can be deployed are using Domain Keys technology. A pair of private/public key is generated for each server that your organization uses and public key is published using your Domain Name System, i.e. Public key is added to DNS records as text filed. All mails passing through these servers are checked for Domain Keys. If it is sent by local users a header is added for domain keys to the mail and it is delivered. If email is coming from outside users, Its verified using Domain Keys information in email header and certified OK using public key of sender domain using sender domain DNS records.

E-mail Certification

The content of mail sent by local users are certified by adding check-sum information using domain keys to the headers of the mail. If it has come from outside check-sum is compared using Domain keys of sender domain and it is certified as OK if check-sum verification passes. This method provides double security of sender id verification as well as mail content verification. This system is much more secured and authenticated compared to SPF and can provide very high level of security when used jointly with SPF.

Simple Secured System

It is very important that the sender servers are very secured. i.e. All mails sent by them are authenticated, verified and certified. Most of corporate servers don't have this system in place. Most of cases there is no authentication for local users sending mails. Many cases any user can send email pretending any other users. Even with authenticated system any user can log-in with one id and can send mail pretending any other user in organization. All these security issues to be addressed while deploying corporate secured communication system. Following steps should be performed by servers before accepting any mail from local users:

  1. User is authenticated using his id and password.
  2. Sender user id is matching  authenticated user id.
  3. Once step1&2 are OK add domain keys to mail header.
  4. Add check sum to the header. 
  5. Add line confirming it is sent by authenticated user only.

Easy Deployment

There is no modification required in this case at user end for any software. This is very simple and easy solution that can be deployed easily using add-on wrapper to existing mail servers of any kind. This solution provides a reasonable security and delivers certified emails to your system and can be deployed in very short time. 

User based Security

There are more complicated solutions available using GNUPG or MIME Encoding using public & private key pair PKI for each user. Each user has his own key pair. Public keys are published on CA key servers. When user sends any mail, it is encrypted using private key of user. When recipient receives it he can decrypt the message using sender's public key. Even higher security can be used by encrypting sender's encrypted message using recipient's public key. In this case only recipient can decrypt the message and read it. Though this looks like ultimate security for communication system, it has following issues.

  1. Each Email clients at sender and recipient has to modified to support GNUPG or MIME. This is very difficult task.
  2. Security is a chain; it's only as strong as the weakest link. The security of any CA-based system is based on many links and they're not all cryptographic. People are involved.
  3. There is no protection of your keys, you store your private key on a conventional computer. There, it's subject to attack by viruses and other malicious programs.
  4. How did the CA identify the certificate holder.

Therefore with simple use of authentication, authorization, verification and digitally certification of mail you can achieve reliable email security to serve your corporate communication.

This is really very simple and easy to deploy as there is no need for any modification to user lavel and security is integrated to your existing system seamlessly to your existing mail servers. Here you can get more details about email verifier.

* The email will not be published on the website.