Professional Documents
Culture Documents
10/09/2014
NT2670 Unit 4 Assignment 1
directories. During a DHA, spammers attempt to deliver messages to multiple addresses, such as
johndoe@yourcompany.com, jdoe@yourcompany.com, and john@yourcompany.com. Addresses
that are not rejected by the receiving mail server are determined to be valid. A successful DHA
can net a spammer thousands of corporate email addresses in just a few minutes. These addresses
are compiled and sold to other spammers worldwide; companies who have had their email
addresses harvested are vulnerable to an ever-growing amount of junk mail. Unwittingly, a
company's own mail servers can compound the network traffic problem by generating thousands
of bounce messages in response to invalid email addresses. The increase in activity creates traffic
spikes that are essentially self-inflicted denial-of-service attacks that can completely shut down
mail servers. By the time log analysis identifies a suspect IP address barraging an email server
with invalid delivery attempts, the valid addresses have long been harvested. The sobering reality
is that on average, 10 percent or less of SMTP connections handled by corporate mail servers are
legitimate email. An estimated 30 to 40 percent of inbound SMTP connections through the
corporate mail gateway can be traced to DoS and DHA attacks. These threats can overwhelm
mail transfer agents (email servers) to the point of shutdown. (Top 5 email security threats)
List three suggestions to harden SMPT server security.
Limit the size of permitted messages
Limit the total size of a single session
Limit the number of messages per connection (Four ways to secure your SMTP servers)
In what scenario would you require TLS encryption?
TLS is encryption for the e-mail transmission while it is going across to another mail server. The
other mail server could be across the internet or across your WAN.
Use TLS for example is you are going to allow your remote users to relay mail via your mail
server across the internet, as this will encrypt the username and password too for the smtp
connection (if you implement this).
If you send sensitive e-mails to your partners on a regular basis use TLS to send e-mail to them
as this ensures the e-mail transmission from your smtp server to their smtp server is encrypted.
Finally use TLS to further protect your ActiveSync, OWA or RPC/HTTPS as opposed to using
the weaker SSL.
Pros: the transmission is encrypted and hence a bit more secure; also you get a sort of
confirmation especially between partners that the e-mail did come for the partner's server.
Cons: Slight load due to the encryption (but very slight), if you use an Internal CA to get the
certificates from you need to give your public root cert to your partner so that they can trust your
certs and vice versa. (TLS pros and cons)
Works Cited
Four ways to secure your SMTP servers. (n.d.). Retrieved from search exchange tech
target: http://searchexchange.techtarget.com/tip/Four-ways-to-secure-SMTPservers-and-improve-performance
TLS pros and cons. (n.d.). Retrieved from ms exchange forums:
http://forums.msexchange.org/TLS_Pros_%26_Cons/m_1800457023/tm.htm
Top 5 email security threats. (n.d.). Retrieved from intra-focus.com:
http://www.intra-focus.com/smtpsecure/897955AB-65BE-CC3C119E6CFA7B220083.htm