Managed Email SecurityLets GET talking about email.
Features
Secure upto 10 Domains
3 Months Data Retention
DMARC Aggregation
SMTP TLS Aggregation
Hosted MTA-STS
BIMI asset hosting
DNS monitoring
On-Going Technical Assistance & Consulting
Electronic Mail - SPF, DKMI and DMARC
Hardening Your Email Systems & Services
Email has existed for over 40 years, and by design, email on the internet makes no effort to validate that the message sender is who they claim to be. We must accept that email is not, and will never be completely secure. Hence, we use the term hardening and not securing.
As the adoption of email grew, its users became more vulnerable to fraud than ever before. The email standard was expanded with several mechanisms that aim at reducing fraudulent and spam emails. These standards are often not fully understood and offer a lot more features than commonly applied. Moreover, most of these techniques require the domain owner to make certain adjustments to the domain before it can be used, so these systems are not enabled by default.
By adopting the SPF, DKIM and DMARC email security standards for your domain, you can reduce fraud, while improving deliverability of your email.
Check your current email setup with this FREE NCSC tool
What Managed Email Security Services Offers
Hardened Configurations
The goal of this service is to prevent fraudulent actors from sending email on behalf of your domain name, protecting your reputation and brand. We do this by giving the receiver of your email as much information as possible on the authenticity of your email. This helps the receiving system with making an informed decision on the likelihood of the email being fraudulent or spam.
You want to give the receiver as much information as possible on whether:
- The sender was allowed to send email on behalf of your domain (authorisation)
- The email really came from your domain (authentication)
The more information is supplied, the better the receiving service will be at evaluating if the email is real or fraudulent (spam). This reduces both false positives (legitimate email being marked as fraud or spam), as well as false negatives (spam or fraudulent email being passed as legitimate).
The service consists of the following steps:
- Deploying a monitoring system for email sent on behalf of your domain
- Verifying that all your email services are correctly set up to pass authentication using the monitoring system. Adjust if needed
- Enable a strict policy for your domain, instructing all receivers to block any email that does not pass authentication inspections
Lets also not forget your email must have a signature and disclaimer.
Report, Protect and Detect
- ACME UC will provide monthly aggregate email hardening reports for the configured domains.
Microsoft Defender for Microsoft 365 is a cloud-based email filtering service that helps protect your organisation against advanced threats to email and collaboration tools (for example, phishing, business email compromise, and malware attacks). Defender for Office 365 also provides investigation, Threat Hunting, and remediation capabilities to help security teams efficiently identify, prioritize, investigate, and respond to threats.
- Based on the acquired Defender licence levels, ACME UC will configure:
| Protection level | Description |
|---|---|
| EOP | Prevents broad, volume-based, known attacks. |
| Defender for Office 365 P1 | Protects email and collaboration from zero-day malware, phish, and business email compromise. |
| Defender for Office 365 P2 | Adds post-breach investigation, hunting, and response, as well as automation, and simulation (for training). |
Zero Trust is a security strategy for designing and implementing the following set of security principles:
| Verify explicitly | Use least privilege access | Assume breach |
|---|---|---|
| Always authenticate and authorize based on all available data points. | Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection. | Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses. |
Defender for Office 365 is a primary component of the Assume breach principle and an important element of your extended detection and response (XDR) deployment with Microsoft Defender XDR. Defender for Office 365 consists of three levels of protection based on your subscription level and starts with built-in Exchange Online Protection (EOP). EOP is present in any Microsoft 365 subscription where there are Exchange Online mailboxes.
- ACME UC will deploy and configure the Report Message add-in to OUTLOOK users
The Report Message and Report Phishing add-ins for Outlook make it easy to report phishing to Microsoft, the NCSC and its affiliates for analysis, along with easy triage for admins on the Submissions page.
Depending on whether you're licensed for Defender for Office 365, you also get added functionality such as alerting & automated investigation and response (AIR), which removes the burden from your security operations staff.
M365: DNSSEC & DANE
In May 2024 Microsoft is releasing a Public Preview for Inbound SMTP DANE with DNSSEC for Exchange Online mail flow. This will complete Exchange Online’s support for SMTP DANE with DNSSEC, as outbound SMTP DANE with DNSSEC has been supported since March 2022.
SMTP DANE is a security protocol that uses DNS to verify the authenticity of the certificates used for securing email communication with TLS and protecting against TLS downgrade attacks. DNSSEC is a set of extensions to DNS that provides cryptographic verification of DNS records, preventing DNS spoofing and adversary-in-the-middle attacks to DNS.
(Updated) Microsoft Exchange Online: Support for inbound SMTP DANE with DNSSEC
If your current DNS doesn't support DNSSEC, contact us and we'll resolve it.