Anti-Phishing: Email Client Security Features

December 29, 2017 by Stephen Moramarco


An employee’s email is an indispensable feature of the workplace but also a company’s greatest weakness. It is estimated that more than 90% of phishing attacks begin with an email, so it’s very important that every inbox is shielded as much as possible without affecting legitimate messages. Here are some of the most important security features to consider for any email system.


Standard emails can be intercepted and altered by a third party; therefore, protecting emails from intruder access begins with some sort of validation and encryption. Authenticating the user via login information is the most basic form of protection. On the user end, source verification (i.e. making sure the email client is connecting to a legitimate server and not an intermediary) is another important tool; this is sometimes done in the form of “secret” messages sent between client and server that can’t be replicated in the event of a hijack.


Encrypting the session information and/or the messages itself is also important. Dynamic encryption keeps the emails scrambled when sending or receiving from the server. More sophisticated email encryption involves encoding every individual message; this involves both the sender and recipient having public and private keys to lock and unlock.

Encryption on this level is a good way to verify the legitimacy of an email, but it involves a little bit more sophistication; however, many email programs have tried to make this as easy and user-friendly as possible.

Antivirus Scan

All emails received should be scanned, looking for malicious attachments. The antivirus program should have access to a constantly updated list of malware and viruses. If an attachment matches the list, it is neutralized or removed.

Log Files

The log files contain all attempts to access the network. Properly configured systems analyze log files and send alerts when there is suspicious activity. These can then be used as part of the forensics and recovery in case of a successful attack.

Email Filters

To combat the more than 14.5 billion spam messages sent per day, one of the key security components of every system is the email filter. Indeed, there are Outlook filters, Gmail filters, and Apple Mail filters that are commonly used in both personal and business accounts.

Generally speaking, a good email filtering system has several different layers and uses different criteria to determine what should be delivered and what should not. The first layer begins before it hits the server, then it is analyzed and filtered again, and finally it goes through a third pass in the user’s mailbox, with survivors being placed in the inbox.

Email filters have a series of rules that look at:

  • Mail headers. Legit senders have unique messageIDs and usually use traditional software to send, which are listed in the header. Spammers may try to emulate these, but often end up using the same header over and over again.
  • Content of subject and message. Keywords like “viagra” and “sex” are commonly flagged of course, but filters also scan for image-only messages or unusual colors or fonts.
  • The sender. Certain ISPs are known for sending spam, and these are put on an email blacklist. (Conversely, an ISP can be put on an email whitelist to not be blocked.)
  • Messages from ISPs or senders flagged by other recipients as spam.

From all this information, a Bayseian algorithm determines the probability it is spam and either labels it as such or removes it altogether.

A spam filter needs to be dynamic as the methods hackers use are constantly changing; it also can’t be too lenient nor can it be too strict (aka a false positive), as business could possibly be lost. It should be able to block images and detect malicious scripts. There are many different choices, but some of the most popular enterprise email filters are SpamAssassin, FireEye, and SPAMfighter Pro.

Email Plugins

There are also a number of email plugins that can further protect on a user level.

Challenge-response filters:

This sends the sender a “challenge,” usually in the form of a captcha or puzzle, that proves they are a real person who sent the message and not a bot. If successful, the sender is put on an email whitelist so they don’t have to do the challenge again.


The concept of “sandboxing” allows the email program to work in a separate environment and prevent any attachments making changes to your computer. For example, if you received a malicious .exe file and accidentally clicked on it, if you had a sandbox plugin, it would prevent the virus from infecting your system.


To further protect against false-positives, a quarantine plugin is also a good idea. This is intended to specifically isolate emails that have been flagged with malware or viruses (as opposed to Junk and Spam). Quarantine emails can then be later reviewed by the recipient or IT and retrieved if necessary.

Last Line of Defense

In the end, the most important email security feature is in the wetware, aka the human brain. It is crucial that employees know how to recognize a phishing email and what to do instead of clicking. To this end, InfoSec Institute has introduced SecurityIQ, an education and simulation platform designed for all types of companies seeking to reduce risk from cyber crime.

AwareEd is the education part of the platform and is comprised of modules containing videos and short tests. These can be configured for different groups (such as telecommuters, new hires, management or accounting) and administered remotely. Employees are sent an email invitation; once they accept, their progress can be monitored remotely.

PhishSim is a simulation program that allows you to automatically send a selection of “phishing” emails to staff. These emails, instead of linking to dangerous websites or containing malicious attachments, link to a custom landing page; if the user clicks, they are taken to this page and informed of their mistake.

Email security depends upon not only good security features, but also a staff that is aware, alert, and knows how to spot a phishing email before it’s too late. Right now, InfoSec Institute is offering a free 30-day membership, which includes unlimited phishing emails and learning modules. Sign up for access today!



Posted: December 29, 2017
Stephen Moramarco
View Profile

Stephen Moramarco is a freelance writer and consultant who lives in Los Angeles. He has written articles and worked with clients all over the world, including SecureGroup, LMG Security, Konvert Marketing, and Iorad.