Hornetsecurity releases new feature for protection against encrypted malware attachments

Hornetsecurity releases new feature for protection against encrypted malware attachments

Hanover (01.07.2019) – With the help of encrypted email attachments, cyber criminals are currently trying to circumvent classic antivirus programs. Encryption prevents filter mechanisms from detecting the underlying malware. Since the beginning of the year, for example, the ransomware GandCrab has been spreading this way. In view of the increasing threat situation, the cloud security provider Hornetsecurity has developed a unique feature that recognizes this procedure and blocks the malicious email before it arrives in the email inbox.

“Nowadays, companies are investing much more in IT security than they did 5 years ago. Through AI and other intelligent defense mechanisms, attackers can no longer reach their target with simple methods. Therefore, cybercriminals are increasingly developing more detailed strategies to circumvent these mechanisms. Hornetsecurity technology enables us to react to targeted attacks at any time”, says Daniel Hofmann, CEO of Hornetsecurity. “With the new function Malicious Document Decryption we react quickly to the systematic approach of cybercriminals. The capabilities of Malicious Document Decryption are unique to the market.”

So that the encrypted document can be opened by the selected recipients in order to install the underlying malware unnoticed in the system, the fraud email contains the corresponding password in plain text.
Malicious Document Decryption analyzes the content of incoming emails with encrypted attachments for the appropriate password to remove the encryption. Using static and dynamic analysis techniques, the behavior of the decrypted file is examined. This ensures that the underlying malware is detected immediately and does not reach the recipient’s email inbox.

The new feature is part of the Advanced Threat Protection service and complements the protection for secure email communication against particularly intelligent and systematic cyber attacks. Hornetsecurity customers who already use the ATP service can rest assured: The feature was already integrated and activated in the service for all ATP users since the beginning of June.

About Hornetsecurity:

Hornetsecurity is the leading German cloud security provider in Europe, which protects the IT infrastructure, digital communication and data of companies and organizations of all sizes. The security specialist from Hanover provides its services worldwide via 9 redundantly secured data centers. The product portfolio covers all important areas of email security, including spam and virus filters, legally compliant archiving and encryption, as well as defense against CEO fraud and ransomware. With around 200 employees, Hornetsecurity is represented globally at 10 locations and operates in more than 30 countries through its international distribution network. The premium services are used by approximately 40,000 customers including Swisscom, Telefónica, KONICA MINOLTA, LVM Versicherung, DEKRA, Claas, and the Otto Group.

Hornetsecurity mobile – on the move with the Progressive Web App

Hornetsecurity mobile – on the move with the Progressive Web App

In recent years, the number of apps downloaded from app stores to mobile devices has steadily decreased. According to a forecast by the IT consulting firm Gartner, half of all apps used in 2020 will be Progressive Web Apps (PWA). Hornetsecurity reacted to this trend and released a Progressive Web App for the Hornetsecurity Control Panel.

A Progressive Web App is a combination of a responsive website and a native app. Since February 2019, a Progressive Web App is available to all Hornetsecurity customers, enabling them to access the control panel from a mobile device in a simple way. Since the release of the control panel version 6.5.2.0 at the end of June 2019, the Progressive Web App has also been available as a white label version with which Hornetsecurity customers and partners who have booked the white label option can customize the app name, icon and splash screen.

Advantages of the Progressive Web App from Hornetsecurity

With the Progressive Web App, it is possible to create an icon on the home screen, allowing easy access to the control panel. In comparison to a responsive website, the Control Panel does not has to be opened in a browser but is accessed directly by clicking on the icon. With the white label version, the icon, app name and logo on the splash screen can also be adapted to the company’s design.

Another advantage is that, unlike native apps, the Progressive Web App does not need to be downloaded and therefore does not consume any storage capacity on the mobile device. The Progressive Web App software also updates automatically. Furthermore, the use of the Progressive Web App saves time, as the user name and password can be saved and thus prevent the time-consuming, repeated input of user data.

So, if you want to access the control panel quickly and conveniently from home or on the train, install the Progressive Web App and benefit from better usability.

How to

1. Open the Internet browser on your smartphone and enter “cp.hornetsecurity.com” in the address bar.
2. At the bottom of your browser, a pop-up opens with the instructions for installing the Web App.
3. After installing the Web App on your home screen, open the app and log in with your login data.

ATP update – Introducing the new feature Malicious Document Decryption

ATP update – Introducing the new feature Malicious Document Decryption

In order to spread ransomware, viruses or spyware into the systems of companies and organizations, cybercriminals are constantly developing new methods: Now they are focusing on a simple but very effective way, in which their distributed malware attached to an email can bypass antivirus scanning. The infected attached document is encrypted with a password, which prevents the filtering mechanisms of antivirus programs from detecting the hidden malware.
The current threat situation requires an update of the existing filtering mechanisms: “Malicious Document Decryption”fulfills these requirements perfectly.

Just a few weeks ago, we reported about a “fake application mail” campaign that targeted HR departments in companies. This attack was performed by the ransomware GandCrab 5.2. The Hornetsecurity Security Lab still detects incoming malicious emails with encrypted and malware-infected attachments. The password for the decryption of the malicious file is visible to the recipient in the message of the email. However, decrypting the attachment downloads the hidden virus and infects the computer system.

“Malicious Document Decryption” adds another elementary feature to Advanced Threat Protection to prevent the increasing threat of hidden malware. Emails with encrypted attachments are analyzed for their potential passwords within the email in order to decrypt the attachment in the sandbox. The file is then scanned using static and dynamic analysis methods and the behavior of the file is examined during execution. This makes it possible to detect malware in encrypted files and block the corresponding emails before they reach the recipient.

The “Malicious Document Decryption” feature decrypts all encrypted Microsoft Office file types and will be extended to decrypt PDF and archive files (RAR, ZIP, etc.).
Since the beginning of June, “Malicious Document Decryption” is included in the ATP service and already activated for all existing ATP customers..

Social engineering – How hackers get at your data without programming skills

Social engineering – How hackers get at your data without programming skills

“There’s no technology today that can’t be overcome through social engineering.” (Kevin Mitnick, former hacker and social engineering expert)

Even with the best technical security precautions, every company has a risk factor that is difficult to control: the human one. To get hold of important data or gain access, a hacker needs to understand not only computers but also people. What exactly is social engineering and how can you protect yourself? We will answer key questions about this in the article below.

What’s behind “social engineering”

Social engineering is all about manipulating individuals on an interpersonal level. It involves the hacker trying to gain their victim’s trust and persuade them to reveal confidential information, for example, or to share credit card details and passwords.

The method is not something that only occurs on the Internet, but a scam tactic that has been used for many decades. One of the best-known ploys is the “grandparent” scam, where a fraudster telephones an elderly person and passes themselves off as a relative in desperate need of money (German police program for crime prevention, 2017).

Criminals also regularly use social engineering for financial gain through online dating services. A seemingly young, attractive woman will contact a man who is obviously looking for a new partner. The imposter plays their single-woman-in-love role well enough to win the victim’s trust in a relatively short time. Then the criminal asks the victim to help them with money for something like visiting their “new partner” – after which they often cut off contact.

Social engineering attacks on companies

If social hacking works in the private sphere, then businesses are the next target up for criminals – chiefly because there are often higher sums of money up for grabs here. Hackers follow much the same approach as with private individuals, although obtaining the information needed for a professional attack takes significantly more time. This makes the following information especially relevant for cybercriminals:

  • Who is the head of the company (CEO) and which individuals are in leadership positions?
  • Who is authorized to make bank transfers?
  • When is the CEO on vacation or out of town for a work trip?
  • What business activities are currently happening?

Hackers will usually target an employee who is authorized to carry out financial transactions, sending them an urgent message from a fake email address that looks like it has come from the boss.

Examples of Social Engineering:

Due to the apparent urgency of the request, the email recipient then finds themselves rushing to follow their superior’s instructions without asking any significant questions. Once the data has been sent, the cybercriminal goes straight to work or money is transferred directly to the social hacker’s account. In 2016, large enterprises like Austrian aeronautics supplier FACC and Nuremberg-based cable manufacturer Leoni learned hard financial lessons about this modus operandi when they suffered losses of several million euros.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

But be warned – CEOs and people in accounting are not the only ones who are vulnerable:

“Hey,
Felix from IT here. I’ve noticed a couple of irregularities with your account on our system. Can you give me your login details so that I can check it out?

Regards, Felix”

How would you react to a message like this? Would you reply? You may not know everyone in IT, but Felix appears to be a coworker and looking to help you safeguard internal IT security.

In large firms especially, most employees will not be familiar with the whole IT team. Anyone trusting such an email makes it possible for sensitive data to be stolen and puts many other areas of a business besides IT security at immense risk.

Phishing: the impersonal form of social engineering

A less laborious type of social engineering is the classic phishing email. This usually involves fake PayPal emails containing a link to a simulated website so much like the original that it is difficult to notice any deception. The email will ask people to update or verify their login details on this website, but doing so delivers the data directly into the hands of the scammers.

Unlike a personalized email, these messages are highly generic. The classic phishing email is based on a simple and less costly method, which means huge volumes of emails are sent. Even if only a fraction of the recipients fall for the ruse, hackers will have found the social engineering attack worthwhile..

Social engineering needs no programming expertise

Technical obstacles are overcome simply by employing psychological tricks, with hackers exploiting people as the weakest link in the IT security chain. Even the most secure vault in the world can be opened if the access details are handed over to unauthorized individuals. This saves the criminal a great deal of technical effort and lessens the chance of them being detected by IT security measures.

If you had replied to the email from Felix above, the hacker would have infiltrated the company network within a few minutes. No effort, no programming skill, no great risk. Criminals leverage employees’ fundamental trust and curiosity in order to steal data or money.

How can I protect myself and my company against social engineering?

Organize preventive training sessions on a regular basis to educate yourself and your colleagues about the dangers of fake emails. Regular information emails can also help to raise awareness of the issue.

As long as criminals have not gained access to an employee’s or the CEO’s email account, there are several different ways to recognize fake emails:

  • Verify the sender address: Check the sender address carefully. Is the email address really correct? Have any letters been swapped, maybe? Or an upper-case I replaced with a lower-case L? There will often be an automatically generated and untraceable second email address behind the first one. If you think an email is suspicious, you can take a closer look at the header. Information like the actual sender and the server that the message was sent from can all be found in an email’s header. In most cases, the sender is the clearest criterion for identifying a fraud attack.
  • Check first hand: Contact colleagues directly if you’re unsure. Call the person in question or speak with them face to face.
  • Rhetoric: With CEO fraud attacks especially, it is important not to let yourself be intimidated. Ask yourself whether the boss really wants to transfer €20,000 into an unknown account without anyone’s knowledge. Or consider whether your IT colleague Felix could in fact have noticed “unusual activity” and why that would make him require your login anyway. And even as a private individual – if you receive a surprising email from a company where you are a customer, it can help to make a brief call to their support team.
  • Pay attention to spelling mistakes: Phishing emails, in particular, are full of misspelled words; from an incorrectly written name to sloppy language that suggests the text was not written by a native speaker but perhaps translated by automated language software.
  • Don’t click on links directly: If the content of an email leaves you in any doubt, the best thing is not to click on any links inside it and instead to access the website concerned directly through your browser. For example, if Amazon asks you to update your details, then you should go directly to Amazon.com and look for a corresponding message there. If there is nothing to be found, you have likely received a phishing email.
  • Hover over links: Before you open a link, mouse over it. With most browsers, a small window will open in the bottom left. This is the URL which will be accessed when the link is clicked. Checking the URL provides information about the true destination of the displayed web address.

Google phishing quiz: Your free awareness check

A few weeks ago, Google created a security quiz in response to the sharp growth in phishing attacks. This quiz challenges you to try and spot a phishing email. Can you see through any social engineering attack? Find out now!

Additional safeguards with Hornetsecurity Advanced Threat Protection

Classic phishing emails will generally be identified and weeded out immediately by a good spam filter. A personalized social engineering attack, however, is not much different from a perfectly ordinary email. These unwanted emails will therefore end up in your inbox in spite of spam filtering.

Advanced Threat Protection goes a step further: various deep filters and heuristic detection mechanisms will uncover almost any fake email. With the help of AI, the filter learns from every attack and thus improves its detection rate on a daily basis. Advanced Threat Protection covers many of the above points completely automatically.
Ultimately, though, you should always question every email and be cautious about sharing data.

Blockchain explained easily

Blockchain explained easily

Over and over again in recent times the subject of blockchains has made the headlines. Probably the best-known representative of this technology is the Bitcoin cryptocurrency. Yet the uses to which a blockchain can be put are more diverse and are hotly discussed in the financial and insurance industries and in IT. So what exactly is a blockchain and what is the technology behind it? This blog entry looks at this question and goes on to examine the advantages that blockchains bring and the scenarios in which they can be used.

What is a blockchain?

A blockchain is essentially a decentralized digital database for the storage of data. This technology can be used to perform what are known as transactions and to verify and automate them. Transactions are data collections that are distributed to all participants (or ‘nodes’) within a particular network and subsequently collected together in blocks.

The origin of the name ‘blockchain’ is as follows. A ‘block’ is a body of stored transactions, while a ‘chain’ is formed by stringing together a number of blocks. The result is a ‘blockchain’ that is formed of multiple information blocks and is further extended by additional blocks. When this happens, the new block is always attached to the most recent block of the existing chain.

How does a blockchain work?

The individual blocks of a blockchain are created in a decentralized peer-to-peer network by means of a process called ‘mining’. In mining, transactions are verified by a consensus mechanism, validated and then joined together to form a block. The block thus formed is then chained to the existing blockchain.

The commonest consensus mechanism is the ‘proof of work’ algorithm. This is used in the Bitcoin blockchain, for example, and serves to ensure that a consensus prevails in the affected network about an identical version of the blockchain. To generate a new block, the miners must use a mathematical function – known as the hash function – to find the correct outcome of a given character string. This is done by entering various values into the hash function. The outcome of this function is predetermined, and therefore no conclusions can be drawn about the values contained within it. If the predetermined outcome and the result of the hash function employed are identical, the newly formed block is accepted and adopted by all nodes of the network.

The data of a blockchain is redundant and secure, since the data is stored on all the nodes within the network. As a result, the failure of one or more nodes does not pose the hazard of potential loss of data. Data contained within a blockchain can be neither changed nor deleted. Any manipulation would result in all subsequent blocks being invalid.

What types of blockchain are there?

Blockchains can basically be divided into three main types: public, private and consortium or federated. There are also other mixed forms that are not examined in this entry.

Public blockchain

In a public blockchain, the network is entirely decentralized. There is no central point of responsibility, so that everybody in the blockchain participates on all nodes of the network and can access the blockchain data distributed within it. Before a new transaction can be added to a block, it must be verified and synchronized by every node. This type is therefore relatively slow and resource-intensive. Public blockchains are often used with cryptocurrencies such as Bitcoin or Ethereum. All nodes within the network agree the transactions. They therefore decide which transactions are included in a new block and added to the chain.

Private blockchain

In this type there is a responsible party that operates the blockchain and undertakes the verification of the transactions. The responsible party can be a person or a company. This party also decides who may perform actions such as reading or writing. This form of blockchain has a higher level of data protection than the public variant, but it loses the fundamental notion of decentralization. The private blockchain is suitable for companies that do not wish to make their data freely accessible. Daimler and LBBW tested the use of a private blockchain in a pilot project for processing a bonded loan, from initiation through placement, allocation and conclusion of contract through to the interest payment and repayment confirmations.

Consortium or federated blockchain

This is an extension of the private blockchain in which responsibility for the blockchain is shared among several parties. For example, a group of persons or companies can share in the responsibility for verification of transactions and distribution of access rights.

A consortium blockchain is faster than the public type, but unlike a private blockchain, is not dependent on a single person or company. Since a number of participants are involved who must decide on the transactions to be performed, wrong decisions, fraud attempts and the like are also less likely to occur. Consortium blockchains are likewise suitable for companies and are used in the banking industry, for example. Here there are alliances of multiple companies.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

Within these alliances are what are known as ‘smart contracts’. Here a supplier, say, is automatically paid once he has supplied the correct quantity at the agreed time.

Use of blockchains in IT security

Blockchain technology can be used in a wide range of scenarios. In cyber security, the risk of cyberattacks can be minimized by means of secure encryption mechanisms. Data that has been verified in a consensus mechanism can then no longer be altered. The redundant infrastructure of a blockchain increases the failure safety of sensitive data and constantly increases user acceptance in the company.

More information:

 

High email security standard through SPF, DKIM and DMARC

High email security standard through SPF, DKIM and DMARC

Hornetsecurity offers secure protection against spyware and malware in email authentication through standardized sender reputation procedures.

Emails are still regarded as the most commonly used medium for the transmission of electronic messages. They are inexpensive, with unlimited distribution and offer the possibility of sending and receiving texts and file attachments in real time. Yet precisely these characteristics make email communication so vulnerable. Cyber criminals are constantly expanding their range of threats and developing new strategies to overcome security mechanisms. The authorization of permitted domains using a corresponding SPF record in the DNS zone is therefore no longer sufficient to successfully protect incoming email traffic from phishing and spam.

For this reason, Hornetsecurity’s email service has been expanded including further important sender reputation procedures in the fight against widespread attack patterns. In addition to SPF, procedures such as DKIM and DMARC are implemented against spam, spoofing, phishing and malware attacks as well as targeted CEO fraud attacks. Hornetsecurity has thus been applying the current recommendation for email security from the Federal Office for Information Security (BSI) and the Federal Association for IT Security (TeleTrusT) and thus offers a high security standard in email communication.

Secure from attacks with SPF, DKIM and DMARC

The SPF, DKIM and DMARC authentification procedures operate interconnected as a secure instrument to prevent from attacks on a company’s email communication. In the following, the used standards for sender and recipient reputation are presented and their functionalities are explained.

Sender-Policy-Framework (SPF)
[RFC 7208]

SPF is a method by which unauthorized sender addresses of domains can be recognized and the delivery of their mails can be prevented. Authorized servers that are allowed to send emails in the name of a domain are entered in the so-called SPF record of the DNS zone. When an email is dispatched, the receiving server takes the sender domain from the envelope sender of an email and uses a DNS query to check whether the domain is registered in the SPF record. If the domain is not registered, the server is not authorized to send emails in the name of the domain. Emails from unauthorized servers, for example, can be classified as spam. Due to insufficient cryptographic security mechanisms that could ensure the senders authenticity, SPF should not be used as spam or phishing prevention. Despite successful SPF authentication, the sender ID of the envelope sender can be changed in the Body-From field, making it easy to manipulate the sender address.

Sender-Policy-Framework (SPF)

Domain-Keys-Identified-Mail (DKIM) [RFC 6376]

For a more comprehensive email protection, SPF can be usefully supplemented with DKIM. The main intention is to prevent spoofers from accessing sensitive data. As a special feature for email authentification, DKIM adds a digital signature with cryptographic encryption (SHA-256) to the email header. This signature operates as a kind of fingerprint and must have the same hash value in the checksum as calculated before sending. Any change to the data, no matter how small, would change the hash value and indicate an intervention in the message during transport.

To decrypt the signature, a key pair is needed which consists of a public key and a private key and is required for successful authorization of the sending server. The public key is entered as a TXT record in the DNS zone analog to the SPF entry. The secret key remains exclusively on the server that is authorized to send emails.

In the authorization procedure, the receiving server first determines the sender domain of the email and then checks for the name under which the matching public key can be found in the DNS zone of the sender domain. A successful signature check ensures that the decoded hash value corresponds to the original checksum before sending and that the email has not been modified during transmission.

Domain-Keys-Identified-Mail (DKIM)

Domain-based Message-Authentification, Reporting and Conformance (DMARC)
[RFC 7489]

A constant verification of the authenticity of emails cannot be guaranteed by SPF and DKIM on its own. This gap is closed by the DMARC test procedure, which complements the SPF and DKIM methods in their combined appearance to form a safe test procedure for sender reputation. DMARC ensures that the envelope sender address matches the body form address. This verification is important because traditional email programs only display the body-from information of an email and the actual sender information remains hidden.

DMARC also establishes certain guidelines for the SPF and DKIM procedures, which are stored in the TXT record of a DNS zone in form of requirements. These guidelines determine the instructions for the further handling of received emails. Thus for SPF the verification must be positive and the envelope sender address of the domain must match the address stored in the SPF record. For DKIM it is required that the signature is valid and that the domain matches the body-from address of the mail.

Domain Based Authentification Reporting and Conformance (DMARC)

If one or more requirements are not met, the check is negative and the email can be quarantined or rejected depending on the matrix.

DMARC offers the option to send reports in the versions of “Aggregated Reports” and “Failure Reports” (The reports may only be transmitted in compliance with the Federal Data Protection Act in the context of the detection and limitation of spam and phishing as well as for the protection of telecommunications systems and in accordance with the principle of proportionality. An authentication and verification system must be used to avoid misuse. ) The reports can help the domain administrator to keep track of his own email traffic and to check the DNS entries for syntactical correctness. Furthermore, the results can be used to support other systems. For example, the ZIP file of an undisputedly identified sender can be delivered without further effort, while for unidentified senders it is quarantined or rejected. This way, Hornetsecurity supports its own product Content Filter for fast and secure delivery of attachments in emails.

*The reports may only be transmitted in compliance with the Federal Data Protection Act in the context of the detection and limitation of spam and phishing as well as for the protection of telecommunications systems and in compliance with the principle of proportionality. An authentication and verification system must be used to avoid misuse.

Further technologies and encryption methods at a glance

 

The so-called Domain Name System (DNS) is responsible for the connection with servers and can be used to convert host names into IP addresses. Sending and receiving messages to one or more recipients is made possible with the User Datagram Protocol (UDP). A connection between sender and receiver is not established and the data is delivered to the receiver without further control mechanisms. Therefore, even the sender is unable to determine whether his message has arrived successfully. Various security techniques such as TLS, DNSSEC and DANE are used to solve the security problem of outdated DNS. In the area of “secure email communication”, however, no standard has yet been able to establish itself. The latest standard is called MTA-STS and promises to successfully protect e-mails during transmission from electronic eavesdropping and manipulation.

Transport Layer Security (TLS)
[RFC 5246 ]

TLS is a popular encryption protocol that has been developed further and standardized on the basis of the Secure Sockets Layer (SSL). The TLS protocol is used to ensure confidentiality, authenticity and integrity when transmitting data in insecure networks. The TLS protocol, divided into two levels, is a hybrid encryption method that uses both symmetric and asymmetric algorithms. It encrypts an end-to-end connection using symmetric algorithms. The TLS Handshake Protocol is based on the TLS Record Protocol and negotiates security parameters between sender and receiver. Connections to email servers can be initiated and encrypted via STARTTLS. TLS is used nowadays in many applications in which data, in particular access data, PINs and passwords can be transferred securely. These include applications such as e-commerce, home banking and e-government.

DNSSEC (Domain Name System Security Extensions)

[RFC 4035 ]

DNSSEC is an extension of DNS. It verifies the authenticity of the information stored in the DNS zone and ensures that an attacker cannot manipulate the DNS responses in his favour. With two different keys and a corresponding signature, the DNS data is protected. The recipient can verify the sender on the basis of the signatures used. If the signature is not valid, the DNS server of the provider blocks the response. DNSSEC cannot be applied to every domain and is therefore not commonly used.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

DNS-based Authentification of Named Entities (DANE)
[RFC 6698]

The DANE protocol is another technique based on DNSSEC. This technique extends the basic protection of TLS connections by a cryptographic combination of certificates with DNS names. Thereby it should be verified whether an email server can establish and authenticate encrypted connections. This is to prevent a man-in-the-middle attack in which the message first reaches an attacker’s server. The DANE entry is stored in the DNS zone under a TLSA record which contains different characteristics of the respective TLS connection. These features define the certificate which a server must expect when connecting to the email service of the particular email server. For many domain administrators, however, DANE cannot be implemented since not every domain can be resolved via DNSSEC.

SMTP MTA Strict Transport Security (MTA-STS) [RFC 8461 ]

The connections between the servers so far are mostly unprotected. Thus, an important component for secure transport encryption is missing. This problem was apparently also recognized by large mailhosters such as Google, Microsoft and Verizon Media Company (Yahoo, AOL) as well as 1&1, which are participating in the development of the new MTA-STS standard. MTA-STS is intended to replace the often unrealisable DANE as well as the common STARTTLS, since attacks on the procedures cannot be excluded with absolute certainty. The new standard offers a similarly secure standard as DANE, but a much easier implementation than DNSSEC. For the implementation of the standard, email server operators can define a policy that can be retrieved by the sending mail transfer agent (MTA) using HTTPS [RFC2818]. The current version is displayed by a TXT data record in the Policy. In addition, these TXT data records contain an ID field which the sending MTA can use to check the temporarily stored policy for actuality without having to request an HTTPS connection. To find out if a receiver domain implements MTA-STS, the sender only needs to resolve a TXT dataset and identify the TXX record with the label “_mta-sts” (e.g. “_mta-sts.example.com”). The main difference to DANE and STARTTLS is that the results of DNS queries are stored in a cache so that manipulations by later connection attempts during the retention period are very likely to be detected.

Conclusion – Hornetsecurity offers highest email safety

Recent events show that widespread security protocols such as TLS by itself cannot guarantee safe connections between email servers. Previous improvements, such as DANE and DNSSEC, have so far not been applied worldwide, partly due to technical difficulties in implementation.

With standardized sender reputation procedures such as SPF, DKIM and DMARC, Hornetsecurity’s email service offers reliable protection against cyber attacks on email communication. The recommended standards of the BSI and TeleTrusT for secure email authentification have already been fully implemented and are successfully applied in the products of Hornetsecurity such as the spam filter and the content filter. For secure email communication, it is advisable to rely on the additional protection of content encryption using S/MIME (Secure / Multipurpose Internet Mail Extensions) or PGP (Open Pretty Good Privacy). The PKI-based email encryptions ensure the confidentiality of the transmitted messages between sender and recipient and protect the transferred data using cryptographic encryption methods. The Hornetsecurity encryption service offers this security solution directly in the cloud and thus completely secures the transmission process.

The new MTA-STS standard is supposed to provide better protection for the transmission process of emails with the help of already known techniques such as HTTPS and to provide methods for the detection of irregular access.

The ease of implementation and the rapid distribution are currently increasing the acceptance of this standard, which is currently being used by more and more mail administrators for its security potential.