Running your own mail server?
Make sure it's secure and trusted. In my latest blog post on OpenTech Pulse, i cover the four essential building blocks:
✅ SPF
✅ DKIM
✅ DMARC
✅ MTA-STS
Learn how to protect your domain from spoofing, phishing, and delivery issues.
#EmailSecurity #SelfHosting #SPF #DKIM #DMARC #MTASTS #OpenTechPuls
https://www.opentechpulse.org/Securing-Your-Self-Hosted-Mail-Server
Tip of the week: Think before you click. Don’t let too-good-to-be-true links and buttons fool you into having your information stolen.
#emailsecurity #cybersecurity #simplifieditconsulting #itcompany #msp #tipoftheweek #informationtechnology #business
I monitor a handful of mistyped domains for clients and it is interesting and scary how much sensitive data is transmitted over email, and how much of that ends up in typo squatted domains.
Maybe AI (machine learning) could provide a solution where email clients would check email domains for spelling errors and warn the user.
It could use the employee company domain as a starting point then check a list of previous emails as a reference, etc. It would not be perfect, but it could help. I am sure this approach has issues but maybe something would help.
Great news for UK organisations! 🇬🇧 The #NCSC Mail Check service, part of their Active Cyber Defence programme, is now available free to any UK organisation.
With the recent high-profile cyber attacks against M&S, it's more important than ever to be vigilant, and Mail Check can help businesses continuously monitor for vulnerabilities that make them susceptible to mail spoofing and phishing scams.
Security Pattern: Email Spoofing Protection via DMARC, SPF, and DKIM
This post outlines a practical email security pattern using SPF, DKIM, and DMARC to stop spoofing and protect your domain’s reputation.
https://islandinthenet.com/security-pattern-email-spoofing-protection-via-dmarc-spf-and-dkim/
Email Security: The Legacy Risk We Still Rely On
Email is still a go-to attack vector—and it's no surprise. The core protocols (SMTP, IMAP, POP) were never built with modern privacy or security in mind.
Key issues:
No true end-to-end encryption by default
Weak auth and legacy access (basic auth, no MFA)
Rampant spoofing despite SPF/DKIM/DMARC
Phishing is evolving faster than filters
Inboxes often hold the keys to everything else
Use aliasing, enforce MFA, monitor your domain records, and consider client-side encryption. Providers like ProtonMail, mailbox.org, and Skiff offer better privacy out of the box.
What else should be on this list? What are you doing to keep your email secure?
#privacy #infosec #emailsecurity #cybersec #phishing #degoogle
📢 Mail relays | Are you forwarding mail without checks, validation, or spam filtering? You could be creating a real mess. 😵💫
Typos, spamtraps, and forged senders can quickly snowball into blocklistings and delivery failures.
In part two of our short series on mail relays, we jump into the chaos careless forwarding can cause, and what you can do to avoid it:
👉 https://www.spamhaus.org/resource-hub/deliverability/mail-relays-part-2-problems-with-forwarded-mail
1. Hacker News, a #CyberSecurity newsletter, is sent from a domain where DMARC policy is p=none, which tells email providers, like gmail, to deliver all email that is screaming, "I am a Hacker News spoof email sent by a POS scammer" to the intended recipient anyway. p=none means take no action, even if you know it's a scam. Spam folder optional. Email services and clients will oblige. WTF Hacker News?
2. Hacker News is also using an insecure signature algorithm for signing their newsletter.
3. An extremely well-known Cybersecurity expert is sending the newsletter from a domain that has no DMARC record at all, so all spoof emails claiming to be from them will be delivered. And likely this is being constantly exploited. A DMARC policy of p="reject" would have those spoof emails trashed and not delivered. But no DMARC policy means "whatever, and I don't want to know". So, spoof emails go through unstopped and no reports of abuse are being sent to this person either. And it's their job to tell us how to stay secure and not be fooled by spoof emails. WTF?
Sometimes I don't understand how things work in the world.
🚨 New in SecPoint® Protector v66 – Smarter Anti-Spam with Enhanced RBL Management
We’ve released the latest firmware update for the SecPoint Protector UTM firewall! 🎉
With improved RBL (Reputation Block List) handling, v66 ensures faster, more accurate spam filtering and fewer delays — even in complex DNS setups.
#CyberSecurity #SecPoint #Protector #UTM #AntiSpam #RBL #EmailSecurity #Firewall #NetworkSecurity #ITSecurity
Tip of the week: It’s tempting, but avoid using public wireless networks as any information you send can be accessed by others on the network. Stay safe out there!
#emailsecurity #cybersecurity #simplifieditconsulting #itcompany #msp #tipoftheweek #informationtechnology #business
I received an "important email" from #Dreamhost about my domain registration. You'd think that #email security would be paramount for them.
They have no DKIM setting, so it's impossible to see if the email was tampered with in transit and if it was sent by the claimed sender. And, their DMARC policy is p=none, which tells email providers, "don't do anything special if you can't verify me".
Their dreamhostregistry.com domain is wide open for spoofing because they've configured it to be wide open for spoofing.
How can a web hosting company be so lax about email security? How can I trust emails they send to me if I have no assurance they sent it, and it wasn't modified in transit?
Overkill. With many receivers treating no SPF as a blanket '-all' it does very little to make it explicit.
However, if you really feel that you must give SPF records to every subdomain, make sure to also give them null MX records to drive the point home that the subdomain is not for #email.
#InfoSec #EmailSecurity https://infosec.exchange/@ais_security/114556032057865718
Any thoughts or feedback on Material.security and/or Abnornal.ai with regards to at least email security? Broader functionality they both provide?
We keep being asked why Findalyze suggests SPF records for all (sub)domains of an org, so we wrote a blog post about it.
TL;DR: spoofing does not care from which domain you normally send emails because receivers don't know this either
Tuesday again already? Stay safe with Koko with his IT tips!
Tip of the week: Do you know what your digital footprint looks like? Search for information about yourself to see what is public and should remain private.
#emailsecurity #cybersecurity #simplifieditconsulting #itcompany #msp #tipoftheweek #informationtechnology #business
A faulty machine learning model in Exchange Online caused Gmail emails to be wrongly flagged as spam and quarantined starting April 25, 2025. Microsoft fixed the issue by reverting to a previous model and recommends ongoing ML improvements. #EmailSecurity
🔐 Email authentication used to be something only big players worried about. Not anymore. While small senders may not feel the heat yet, it’s only a matter of time before it reaches them...
Want to stay ahead of the curve?
Learn how authentication can be implemented at the relay level to improve deliverability, prevent abuse, and protect your reputation before problems hit.
Happy Tuesday! Get some more tips from Koko!
Tip of the week: It might be tempting to share a password with friends or family over text, but remember to only share passwords with those who truly need them using a secure password sharing software.
#emailsecurity #cybersecurity #simplifieditconsulting #itcompany #msp #tipoftheweek #informationtechnology #business
When Strong Passwords Fail: Lessons from a Silent, Persistent Attack
1,038 words, 5 minutes read time.
Pro Git 2nd Edition, Kindle EditionToday’s affiliate link features Pro Git, 2nd Edition — available for free at the time of this post. Be sure to grab your copy before the offer ends!
As an IT professional, I pride myself on maintaining robust security practices. I use unique, complex passwords, enable two-factor authentication (2FA), and regularly monitor my accounts. Despite these precautions, I recently experienced a security breach that served as a stark reminder: even the most diligent efforts can fall short if certain vulnerabilities are overlooked.
The Unexpected Breach
I maintain a Microsoft 365 Developer account primarily for SharePoint development. This account isn’t part of my daily workflow; it’s used sporadically for testing and development purposes. To secure it, I employed a 36-character random password—a combination of letters, numbers, and symbols. This password was unique to the account and stored securely.
Despite these measures, I received a notification early one morning indicating a successful login attempt from an unfamiliar location. Fortunately, 2FA was enabled, and the unauthorized user couldn’t proceed without the second authentication factor. This incident prompted an immediate investigation into how such a breach could occur despite stringent password security.
The Silent Persistence of Attackers
Upon reviewing the account’s activity logs, I discovered a disturbing pattern: months of failed login attempts originating from various IP addresses. These attempts were methodical and spread out over time, likely to avoid triggering security alerts or lockouts. This tactic, known as a “low and slow” brute-force attack, is designed to fly under the radar of standard security monitoring systems.
Such persistent attacks underscore the importance of not only having strong passwords but also implementing additional security measures. According to the Cybersecurity and Infrastructure Security Agency (CISA), 2FA is essential to web security because it immediately neutralizes the risks associated with compromised passwords. If a password is hacked, guessed, or even phished, that’s no longer enough to give an intruder access: without approval at the second factor, a password alone is useless .
The Vulnerability of Dormant Accounts
One critical oversight on my part was the assumption that an infrequently used account posed less of a security risk. In reality, dormant accounts can be prime targets for attackers. These accounts often retain access privileges but are not actively monitored, making them susceptible to unauthorized access. As noted by security experts, dormant accounts often fly under the radar, making them perfect targets for threat actors. Since they aren’t actively monitored, cybercriminals can exploit them for weeks—or even months—before being detected .
This realization led me to reassess the security of all my accounts, especially those not regularly used. It’s imperative to treat every account with the same level of scrutiny and protection, regardless of its frequency of use.
Immediate Actions Taken
In response to the breach, I took several immediate steps to secure the compromised account and prevent future incidents:
First, I changed the account’s password to a new, equally complex and unique one. Recognizing that the email address associated with the account might have been targeted, I updated it to a more obscure variation, reducing the likelihood of automated credential stuffing attacks.
Next, I thoroughly reviewed the account’s security settings, ensuring that all recovery options were up-to-date and secure. I also examined the activity logs for any other suspicious behavior and reported the incident to Microsoft for further analysis.
Finally, I conducted a comprehensive audit of all my accounts, focusing on those that were dormant or infrequently used. I enabled 2FA on every account that supported it and closed any accounts that were no longer necessary.
Lessons Learned
This experience reinforced several critical lessons about cybersecurity:
Firstly, password strength alone is insufficient. While complex passwords are a fundamental aspect of security, they must be complemented by additional measures like 2FA. According to research, implementing 2FA can prevent up to 99.9% of account compromise attacks .
Secondly, dormant accounts are not inherently safe. Their inactivity can lead to complacency, making them attractive targets for attackers. Regular audits and monitoring of all accounts, regardless of usage frequency, are essential.
Thirdly, attackers are persistent and patient. The “low and slow” approach to brute-force attacks demonstrates a strategic method to bypass traditional security measures. Staying vigilant and proactive in monitoring account activity is crucial.
Strengthening Security Measures
In light of this incident, I have adopted several practices to enhance my cybersecurity posture:
I now regularly audit all my accounts, paying special attention to those that are dormant or infrequently used. I ensure that 2FA is enabled wherever possible and that all recovery options are secure and up-to-date.
Additionally, I have started using a reputable password manager to generate and store complex, unique passwords for each account. This tool simplifies the process of maintaining strong passwords without the need to remember each one individually.
Furthermore, I stay informed about the latest cybersecurity threats and best practices by subscribing to security newsletters and participating in professional forums. This continuous learning approach helps me adapt to the evolving threat landscape.
Conclusion
This incident served as a sobering reminder that no one is immune to cyber threats, regardless of their expertise or precautions. It highlighted the importance of a comprehensive security strategy that includes strong passwords, multi-factor authentication, regular account audits, and continuous education.
I encourage everyone to take a proactive approach to cybersecurity. Regularly review your accounts, enable 2FA, use a password manager, and stay informed about emerging threats. Remember, security is not a one-time setup but an ongoing process.
If you found this account insightful, consider subscribing to our newsletter for more cybersecurity tips and updates. Share your thoughts or experiences in the comments below—we can all learn from each other’s stories.
D. Bryan King
Sources
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
Related Posts
#2FA #accountHacking #accountMonitoring #accountTakeover #bruteForceAttack #cloudAccountProtection #cloudSecurity #compromisedAccount #compromisedCredentials #compromisedMicrosoftAccount #credentialStuffing #credentialTheft #cyberattack #cybercrime #cybersecurity #cybersecurityAwareness #cybersecurityLessons #developerAccountSecurity #dormantAccounts #emailSecurity #hackerPrevention #howHackersBypassMFA #identityProtection #infosec #ITProfessionals #ITSecurity #ITSecurityIncident #loginSecurity #lowAndSlowAttack #MFA #MFAImportance #Microsoft365Security #MicrosoftLogin #passwordAloneNotEnough #passwordBreach #passwordEntropy #passwordHygiene #passwordManagement #PasswordSecurity #passwordVulnerability #persistentThreats #phishingProtection #randomHashPassword #realWorldBreach #realWorldCybersecurity #securePasswords #securingDormantAccounts #securityAudit #securityBestPractices #securityBreach #SharePointDeveloperAccount #SharePointSecurity #strongPasswords #techSecurityBreach #tokenHijacking #TwoFactorAuthentication
Gmail Sunsets 3DES Triple Data Encryption: Security Upgrade Impacts Email Senders May 30
#Gmail #3DES #Encryption #CyberSecurity #EmailSecurity #Google #TechNews #SMTP #TLS #Alphabet #BigTech
