Home Page

Firewalls

Email & Spam

Security Terminology

Security Topics

VPN & Cryptography

Wireless

 

Email Security and Spam Terminology

Zero Day Window

BATV

Bayesian Algorithm

Content and Connection control

Directory Harvesting Attacks

Email Encryption

Email Archiving

File attachments

Image scanning

Email Load balancing

Port forwarding and MX records

Reputation filters

Encrypted attachments

Grey Listing

Email Monitoring

Internal Email Security

Open Relay

Outbound email filtering

Per user quarantine area

Reverse DNS lookup & SPF

RFC Compliant emails

SMTP IMAP4 or POP3

Spoofed email

Stopping spam for Networks guide

Email Throttling

What is Spam

Which Spam filter

Whitelists and Blacklists

 

Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?

 

What is Guide

What is a Firewall?

What is a Virus?

What is Spam?

 

Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security

 

Other

Top 8 Internet Security Tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?

 

 

 

 

Email Encrypted Attachments

 

In the past spammers and hackers used to hide their malware in encrypted attachments which could not be scanned. This was one of the common ways and common threats. Some companies do not control these types of threats, simply because they are not educated enough, do not have the resources to handle such threats, or their work is far too important to be blocking and filtering of encrypted email. If you’re not scanning for encrypted mail you can be risking confidential data leakage, virus threats, and a whole lot of other threats.

For these reasons it is important to ensure your spam proxy firewall can at least quarantine encrypted attachments for further manual analysis. Clearswift's MIMEsweeper software can block encrypted attachments. Also a user can setup a rule to explicitly allow some users to send encrypted attachments. For example a company can set their policy up so that all encrypted emails are quarantined, however another rule saying directors from this company can send encrypted attachments to directors at another company.

Further Reading

Wikipedia's guide to Email Encryption