EMAIL SECURITY - BEGINNERS GUIDE (Terms and Definitions)

I want to appreciate you for following our Email Security Series on Building a Career in Microsoft Security Beginners Pathway.

We have looked at the architecture and communications of an on-premises Exchange infrastructure, the Microsoft Cloud Exchange services (Exchange Online) communication and how both the online and on-premises are integrated (Hybrid).

As we prepare to delve more into the Security components of Microsoft Exchange Online which is Microsoft Defender for Office 365, it is important we get familiar with some key terms and definition used.

Every country has its regulation on how to register a business. If you wanted your business to show seriousness, easy to identify and verifiable, one of the things, you would do is give it a business name, right? And as the business grows you would register it with your countries business name regulator, am I correct?

Now in the Online world, same principle applies. Your business needs an online business name and that is what we call your Domain Name. The regulator that you register this name with is the Domain Registrar and what is provided for you to manage this Doman Name is the Public Domain Name services.

Great, now note that when you build an email infrastructure, you want to broadcast who is responsible for receiving mails on your behalf. Have you ever wondered how do people or systems know how to route the emails to different organizations? Well, that brings us to one of the functions of the Domain we created earlier.

When you create a domain, your domain registrar gives you a management portal that now allows you to manage your Domain Name services. This is where you need to create a record called the MX.

The MX is known as Mail Exchanger, and it is responsible for receiving your inbound mails. Back to our real-life examples, when you want to receive a post, you provide a mailing address and for specific delivery to your doorpost you would add your postal code which is unique. I found this interesting when I relocated newly, we were staying in an apartment block of over 18flats. Every single one of them had a unique Eircode.

Therefore, if anyone sent you a physical post, the postal services would deliver to your doorstep because the postal address directs them to the right location. Now same applies in the digital world, your Public DNS will provide your MX for anyone who does a broadcast on your domain suffix e.g., @xyz.com to confirm who is responsible for receiving mails and the response gotten directs them to the right point of delivery.

I found a great MX article that would help you understand the role of the MX (Drop a comment or question if you still need further clarification).

Note: you can have many MX entries depending on your architecture design and communications flow, but they will be assigned a unique number called “priority”. The MX with the lowest priority is the preferred and the others will only be considered if the preferred is not reachable.

Is this beginning to clear some of your curiosities as to how mails are sent, let us look at the SPF (Senders Policy Framework), which has similarities with the MX but with a flip.

If I were to receive a mail (Paper base) or a parcel. One of the ways to know who did send me that letter or parcel would be through the Senders address right? This also is a key requirement from the delivery company or post office in other to be able to trace the originator of the message.

Now, let us apply same approach for electronic messaging, it is also very important to verify a sender and ensure that the e-mail is originating from the displayed source. This therefore brings to view the importance of an SPF (Senders Policy Framework).

What is an SPF (Senders Policy Framework)? - A TXT record you create on your Public DNS, which propagates the mail servers you provided (IP addresses or hostnames) that are approved to send mails on the behalf of your organization. Get more details here

There are so many intelligent tools online that can allow you initiate an email by Changing the from address to anything and sending that email out “impersonating” someone, we call this "email spoofing". The receiving organization can therefore use the SPF list of the appended domain suffix e.g., xyz.com to validate inbound mails from an organization.

Here is a great Microsoft Learn on using SPF to prevent email spoofing.

It's time for coffee or tea or water break whichever is your preference while you watch out for part 2 on Terms and Definition needed in Email Infrastructure and Security.

Make sure to drop your comments, feedback and questions. Also do share if this was in any way helpful.

#cybersecurity #emailsecurity #cloudsecurity #microsoftsecurity #microsofto365 #microsoftdefender