Email security

• Implement these security tools for all email domains in your organization:
  • Domain-based Message Authentication
  • Domain Keys Identified Mail
  • Sender Policy Framework 
• Install anti-virus, anti-spam, anti-phishing, and policy-based rules
• If you are a California government agency, migrate from your existing domain name to a .CA.gov domain name

You are at increased risk of spoofing attacks without Domain-based Message Authentication, Domain Keys Identified Mail, and Sender Policy Framework. When combined, they add these to email messages:

• Authentication
• Policy
• Reporting
• Digital signatures

You are at increased risk of malicious attacks if you do not filter for malware, spam, and phishing messages. 

Unless you protect all of your email domains, cyber criminals can:

• Send emails using the organization’s domain
• Infect systems with malware 
• Steal employee credentials
• Launch attacks that may lead to system downtime, data loss, security breaches, and reputational harm

Implement DMARC, DKIM, and SPF to protect email domains from spoofing attacks. 

Perform the initial implementation in passive and monitoring mode. This will help you focus on the configuration changes needed for sending emails through authorized third-party providers. 

Change the configuration to active and enforcement mode once you have addressed the requirements. 

In addition to standard antivirus and anti-spam tools, roll out safeguards to detect and block or encrypt outgoing emails that contain sensitive information, such as:

• Personally Identifiable Information (PII)
• Protected Health Information (PHI)
• Date of birth
• Social Security number
• Driver License number

For government agencies, migrate to a .CA.gov domain name. This provides enhanced security and reassures the public that they are communicating with a legitimate government agency.