Phishing - Exploiting Human Weakness

Technical Measures to Combat Phishing

Rule of thumb: Never click that link or open an attachment, unless you are 200% sure.

Mailserver Framework Protections

• Antimalware scanning
• Antispam algorithm
• Blacklist filtering
• DANE
• Digital Signatures
• DMARC
• DKIM
• DNSSEC
• GeoIP filtering
• MTA-STS
• Sandbox for attachments and links
• SPF
• STARTTLS
• Strong ciphers only. Here is my preferred list: "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384"
• TLS 1.3 and 1.2 only. No TLS 1.1, 1.0, SSL 3.0, 2.0, please. We should change the mailserver settings and drop all plaintext email. I know this is a violation of the RFC. This decision requires intelligence and courage.
• TLS-RPT

The above measures should be implemented for outgoing emails. They should also be used for incoming emails to the maximum extent your framework can handle it.

How to measure success?

After doing all this, you should aim to get 100% on internet.nl, all greens on Hardenize.com and 5/5 on all scores of EU's MECSA.

We use a strictly necessary technical cookie (__Host-PHPSESSID) to ensure secure browsing. No consent is required under GDPR. See our Cookie Policy and Privacy Policy for details.