SANDIP UNIVERSITY, SIJOUL

School of Computer Science & Engineering

Name of Student:
Date of Performance: Date of Completion:
EXPERIMENT NO. : 06

TITLE: Study and Implementation of Email Security Measures

AIM: o understand email security threats and implement techniques to secure email
communications.

SOFTWARE REQUIRED: · Email Clients: Gmail, Outlook, Thunderbird

· Email Security Tools:
SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail)
DMARC (Domain-based Message Authentication, Reporting & Conformance)
· Encryption Tools:
PGP (Pretty Good Privacy)
GnuPG (GNU Privacy Guard)
· Phishing Email Detection Tools:
Google Safe Browsing
PhishTank (Phishing Database)

THEORY:mail security is crucial in preventing phishing attacks, spam, and unauthorized

access to sensitive information.
1. Common Email Threats:
Phishing Attacks: Fraudulent emails trick users into revealing personal data.
Spoofing: Attackers forge the sender’s email address to appear legitimate.
Man-in-the-Middle Attacks (MITM): Interception of email messages during transmission.
Spam and Malware: Unwanted emails containing malicious links or attachments.
2. Email Security Measures:
Authentication Mechanisms:
SPF (Sender Policy Framework): Prevents spammers from sending emails on behalf of
your domain.
DKIM (DomainKeys Identified Mail): Adds a digital signature to verify email integrity.
DMARC (Domain-based Message Authentication, Reporting, and Conformance):
Combines SPF and DKIM to prevent email spoofing.
Encryption Techniques:
SSL/TLS Encryption: Secures emails during transmission.
PGP/GnuPG: Encrypts email content end-to-end.
Awareness and Detection:
Verifying email sender addresses.
Avoiding suspicious links and attachments.
Using multi-factor authentication (MFA) for email accounts.
Practical Task:
Objective:
To analyze email security threats and implement authentication and encryption
techniques.
Procedure:

Check Email Spoofing Protection (SPF, DKIM, DMARC):

Use online tools like:

https://mxtoolbox.com/SPFRecordLookup.aspx
https://www.dmarcanalyzer.com/
Enter your email domain and check authentication settings.

Analyze a Suspicious Email for Phishing Indicators:

Look for sender email inconsistencies.

Hover over links to check actual URLs.
Use https://www.phishtank.com/ to verify links.

Encrypt an Email using PGP/GnuPG:

Install GnuPG (GPG)
Generate a key pair
Encrypt an email message:
Set up Multi-Factor Authentication (MFA) for Email Accounts:
Enable MFA on Gmail, Outlook, or other services.
Use authentication apps like Google Authenticator or Authy.

CONCLUSION:

QUESTIONS:
· How do SPF, DKIM, and DMARC prevent email fraud?
· What are some tools used for detecting phishing emails?
· How can PGP/GnuPG be used for encrypting emails?
· How does multi-factor authentication (MFA) enhance email security?
REFRENCES:
Government & Cybersecurity Agencies:
Indian Computer Emergency Response Team (CERT-In) – Email Security Guidelines
https://www.cert-in.org.in/
National Cyber Security Centre (NCSC) – Email Security Best Practices
https://www.ncsc.gov.uk/
National Institute of Standards and Technology (NIST) – Email Security Framework
https://www.nist.gov/

NAME & SIGN OF TEACHER: