Blog

How Hackers Bypass Secure Email Gateway?

Written by Blair Technology Solutions Inc. | Apr 19, 2021 8:04:00 PM

What is MX record

 

A mail exchanger record (MX record) specifies the mail server responsible for accepting email messages on behalf of a domain name.  If you use Office 365 or Gmail as your email service provider and your public email domain is @company.com, your internal root domain that is managed by Microsoft or Google may look like this:

  • Office 365: company.onmicrosoft.com or company.mail.protection.outlook.com

  • Gmail: company.com.test-google-a.com

This information can be found publicly through sites like MXToolbox, which means hackers can also use this information to design targeted attacks. 

What is a Secure Email Gateway (SEG)

A Secure Email Gateway (SEG) is a product or service that is designed to prevent the transmission of emails that break company policy, send malware or transfer information with malicious intent. It acts as a gateway which monitors all incoming and outgoing emails as they pass through.

How can hacker bypass traditional SEG?

If you use a traditional SEG, you probably have to change your MX records to point to the gateway so it can scan your emails. However you can't change the MX records of internal root domains, because they aren't managed by your organization. As a result, your email gateway doesn't scan messages sent directly to the root domain. Hackers are taking advantage of this loophole to send phishing emails directly to end users.

As mentioned above, hackers can easily find what email security service you are using by checking places like MXtoolbox and send you malware that they know eventually can bypass your security measures.

 

 

Hackers can bypass your SEG by sending email directly to your internal email domain.

 

How to prevent this?

 

An API-based cloud email security solution like Avanan doesn’t change the MX record, so the mail flow from the sender to Microsoft or Google does not change and there is no bypass. It catches sophisticated attacks that default and advanced security tools miss, while adding an invisible layer of security for cloud-based emails.

 

Your may have invested heavily in cybersecurity technologies such as firewalls and intrusion detection systems; yet the most significant security risk remains the human factor.  Blair Technology Solutions provides best-in-class email security tools and cybersecurity awareness programs to help you fight security attacks and build cyber resilience. Contact us to schedule a demo.

 

Avanan uses Microsoft and Google’s built-in security as the first layer of protection. It deploys inside the suite, and is able to scan and quarantine all emails before it reaches the inbox.