Securing email

Because thesimple mail transfer protocol (SMTP)^[1] was formed without security in mind, securing an email server is rather difficult. Newer SMTP servers often offer security features, such as reverse domain name system (DNS) lookup, to help ensure that the email sender is actually who he or she claims to be. Whenever possible, use such authentication^[2] measures.

• Encryption: For securing email itself, encryption is the key. Several popular tools, including the proprietary encryption methods found in Microsoft servers and common public key encryption methods, are the most useful for ensuring that the information sent through your server will be secure.
• Melissa virus: An example of how a virus can take advantage of email client applications, the Melissa virus is explained in the following series of images below.

The Melissa Virus was one of the first widespread viruses, which spread by infecting Microsoft Word files. When the Word files were opened, the virus code would run and infect the Normal.DOT template file used by the Microsoft word program. Now any Word document saved contained the Melissa virus. Melissa used the autorun macros in a Word document and ran a VB script when an infected Word document was first opened. Microsoft now has a feature called Macro Virus Protection that can stop macros from running and this protection should not be disabled. If the virus has attached itself to an application, the code in the virus is run every time the application runs. The virus code will have the same privileges as the host application.
Commercial anti-virus programs can scan email attachments before a user activates an embedded virus. However, these programs operate only on individual machines.

The Melissa virus, which first appeared in 1999, was a macro virus that spread via Microsoft Word documents sent through email. It exploited Microsoft Office's macro functionality, specifically Word's ability to run automated scripts. After the virus spread and caused significant damage, Microsoft implemented several key measures to prevent similar future occurrences:

1. Macro Security Enhancements in Microsoft Office:
   • Default Macro Settings: Microsoft Office applications, such as Word and Excel, had their macro settings adjusted. By default, macros were disabled or set to a high-security level, requiring users to explicitly enable them if needed. This reduced the risk of viruses like Melissa, which relied on macros running automatically when a document was opened.
   • Macro Warning Prompts: Microsoft added warning prompts to alert users whenever they opened a document containing macros. This allowed users to make an informed decision on whether to enable or disable the macro, reducing the likelihood of executing malicious scripts unknowingly.
2. Microsoft Outlook Security Updates:
   • Email Security Patch: After Melissa exploited Microsoft Outlook's address book to spread itself, Microsoft issued a patch to tighten security in Outlook. This patch included features to prevent automated emails from being sent without user consent or action, and it restricted access to the address book from untrusted applications.
3. Improved Antivirus Integration:
   • Microsoft worked closely with antivirus vendors to improve detection and response to macro viruses. Office files were better integrated with antivirus software so that documents with embedded macros could be scanned more effectively before being executed.
4. Security Focused Updates and Patches:
   • Microsoft increased the frequency and emphasis on delivering security patches and updates for its products. The company took a proactive approach in identifying vulnerabilities and providing timely updates to its customers to avoid the spread of malware like Melissa.
5. User Awareness and Education:
   • Microsoft also invested in user education to raise awareness of macro viruses and phishing tactics. Many organizations began training users to recognize suspicious email attachments and not to enable macros unless absolutely necessary.

These actions, particularly around macro security and email security, played a significant role in preventing future outbreaks of similar macro-based viruses.

A relatively new security feature available in some SMTP servers is automated virus scanning at the network level. Email messages do not carry viruses. A virus may be sent only through attachments. Advanced SMTP servers can scan email transparently by placing the email messages in a temporary holding area. The server scans the files, then forwards the email as appropriate. Usually, this process takes little extra time, but is well worth the delay. You can also scan email through your firewall. However, such scanning, either by an SMTP server or by a firewall, slows performance.

• SMTP access Restrictions: Another security feature of newer SMTP servers is a setting that allows email to originate only from inside your network. In other words, the server can verify that mail purporting to be sent from your system actually comes from a legitimate user.

[1] Simple Mail Transfer Protocol (SMTP): The Internet standard protocol to transfer electronic mail messages from one computer to another. It specifies how two mail systems interact, as well as the format of control messages they exchange to transfer mail.

[2] Authentication: The process of identifying an individual, usually based on a username and password.