[THEME] Email Protection
The Email Protection theme hardens the email configuration in your Microsoft 365 environment. Most security incidents start with an email, making this one of the most impactful security themes.
What does Attic do?
Attic checks and monitors a comprehensive set of email security settings to block unwanted and malicious messages.
The checks in this theme cover:
- Inbound spam filter is properly configured
- Malware policy filter is active
- Outbound spam filter is enabled to prevent your domain from being used for spam
- Content filter policy is correctly set
- Calendar sharing settings are restricted
- Contact synchronization to LinkedIn is disabled
- Plus addressing is enabled for enhanced email management
- Remote domains do not allow automatic forwarding
- Outbound forwarding policies are properly restricted
- Additional storage providers are disabled in Outlook
- Mail transport rules are reviewed for whitelisting/blacklisting
- Spam notification is configured for administrators
- Transport rules sending mail outside the organization are monitored
Why is this important?
Email is the primary attack vector for phishing, malware delivery, and business email compromise. Properly configuring email protection settings blocks the majority of threats before they reach end users. Additionally, monitoring forwarding rules and transport rules prevents data exfiltration through email.
Checks in this theme
| ID | Check |
|---|---|
| CHK-1024 | Malware notifications (outgoing) |
| CHK-1025 | Malware notifications (incoming) |
| CHK-1026 | Outbound spam filter |
| CHK-1028 | Content Filtering Policy |
| CHK-1031 | External calendar sharing |
| CHK-1046 | LinkedIn Synchronization |
| CHK-1054 | Email plus-addressing |
| CHK-1036 | Remote domains and automatic forwarding |
| CHK-1049 | Auto-forwarding policy |
| CHK-1060 | External storage in Outlook |
| CHK-1061 | Spamscanning exception |
| CHK-1065 | Spam notifications to administrator |
| CHK-1068 | Transport Rule redirects email |