More About Email Security

You've set up secure (encrypted) email sending on all your email accounts. You've updated the anti spam & anti malware software on your work computers and smartphones. So all's well?

Sadly, no. There are still many ways that people can infiltrate your email and make life miserable.


If someone spoofs your mail account (sends out spam in your name), there's loss of business reputation. It's worse if they steal or guess your email password: you could also face privacy breaches, identity theft and blacklisting of the server that hosts your email. Ouch.

Spam getting into your mailbox isn't just a nuisance, it can also be dangerous.

Crises like the coronavirus epidemic stir cybercriminals and cranks into frantic activity. In a single week in April 2020, Gmail blocked >240 million COVID-19 spam emails and an additional >18 million COVID-19 phishing & malware emails.

SSL/TLS encryption for secure sending is great, if both recipient and sender use TLS. Otherwise there are 'gaps' where incoming or outgoing mail is not protected. Thankfully, SSL/TLS is now the norm.

Even with SSL/TLS, there are vulnerable points where hackers can spy on an email or alter it (eg insert malware). Emails have to be decrypted at some point; anti spam and anti malware scanners can't do their job on an encrypted email, & neither can you.

  • Your own computer/phone stores your emails unencrypted.
  • Mail servers decrypt emails before checking them with anti-virus ware, etc.


Regardless of how much security software you install, you are still responsible for sensible, cautious behaviour. That's your most important protection. If you & your staff think that there's plenty of tough technology safeguarding them, you can too easily let down your commonsense guard. Strange but true: when phishing or malware emails arrive less often, they have a greater chance of success! They acquire a gloss of credibility.

If you search online for 'email security solutions', you'll find a stableful, free or paid. They sport helpful names such as DMARC, BIMI, TLS-RPT, SPF... Eg there are tools that help protect you from incoming spam, or that verify your emails as genuinely coming from your organisation.

We've read authoritative-sounding web reviews which tout Product X as a must-have solution; then we find articles exposing its serious downsides. No mail security software does a perfect job. If it did, it would probably be outside the financial or administrative reach of small business!

  • Our main email host uses DMARC protection for clients' emails. It stores emails in encrypted format on mail servers.
  • Basic inhouse security procedures are vital. Try the Australian Cyber Security Centre or the ASBFEO Small Business Cyber Security Guide.
  • If you or your staff need motivation to take security seriously, check out some of the small business IT security statistics on those or other websites.
  • Home businesses may share networks with devices that are less secure, or share devices with users who are not security-conscious.
  • Some email security features require professional help (by us or your IT consultant) to set up at your end.
  • Right choice of product and the right settings differ for each business. This means serious discussion with us about your needs. Like your desktop spam filter, a new system might need to be 'trained'. Depending on the protocol, this can take weeks or months of attention by client and email host provider.
last updated 27 September 2022