How to Effectively Mitigate Spoofing, Phishing, Malware and Other Email Security Threats

Archived Published: 22 November 2016 ID: G00312986


Not a Gartner Client?

Want more research like this?
Learn the benefits of becoming a Gartner client.

contact us online


Email is the most commonly used channel for both opportunistic and targeted attacks on client endpoints. This assessment analyzes how technical professionals can use email security technologies to protect against attacks such as business email compromise, advanced malware and spoofing.

Table of Contents

  • Comparison
    • Email Threats and Countermeasures
  • Analysis
    • Why Attackers Use Email
    • Reality Check: How Big Is the Email Security Problem?
    • Dissecting Example Email Threats
      • Example Threat: Ransomware Spreading Through Spam
      • Example Threat: Business Email Compromise
      • Example Threat: Scammers Spoofing Your Domain Externally
    • Learning From Email Security Incidents
    • Countermeasures to Email Threat Techniques
      • Don't Be an Obvious Target — Deterring Target Identification
      • Countering Infrastructure/Preparation: Harden Your Email Infrastructure
      • Simple Tricks and More Advanced Anti-Spoofing to Counter Identity Deception
      • Protection Against Nefarious Messages
      • Postdelivery Protection: Thwarting the Attacker's Objective
    • Actions: Options for Disruptions
    • The Impact of Cloud and Mobile on Email Security
    • Email Security Architecture
      • Secure Email Gateway
      • Email Server Security Solutions
      • Anti-Phishing Behavior Management
      • Email Authentication
      • Brand Protection
      • Endpoint Security
    • Doubling Down on Ransomware, BEC and Email Domain Spoofing
      • Mitigating New Ransomware in Email
      • Countermeasures Against BEC
      • Preventing Scammers From Spoofing Your Domain
  • Guidance
    • Revisit Your Layered Email Security Architecture in the Light of Modern Email Threats
    • Tighten Your Email Security Solution Policies
    • Implement Email Authentication
    • Protect Your Email Servers and Inboxes
    • Prefer Solutions That Use Anomaly Detection
  • Gartner Recommended Reading
© 2016 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Free Research

Discover what 12,000 CIOs and Senior IT leaders already know.

Free Access

Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more

Call +1 855-515-4486 or contact us

to become a Gartner client.