ITU-T X.1236 Security Requirements
Types of Targeted Outbound Email Attacks
Targeted Outbound Email Attacks
Security requirements for countering intentional information leakage
Hold Email Sending
Delay Email Sending
Hold Email Sending
Hold Email Sending
Importance: Required / Reference to ITU-T X.1236 8.3.1 (1)
- It is recommended that, if specific conditions set by the security administrator are met, email sending should be put on hold or blocked. This is an important security requirement to enhance the protection of emails containing confidential or sensitive data.
- For example, conditions may relate to the email’s recipients, attachment types, email subject, content, or the trustworthiness of the sender. When these conditions are met, the email is automatically held or blocked, allowing the security administrator to take additional actions.
- Email holding or blocking enables organizations to protect against potential security threats and prevent sensitive information from being leaked to external sources.
Delay Email Sending
Targeted Outbound Email Attacks
Security requirements for countering unintentional information leakage
Block Replies to Categorized Phishing Emails
Convert Large Attachments for Safe Delivery
Retrieve Safely Converted Large Attachments
Recall Email
Encrypt Conditional Email Content
Block Replies to Categorized Phishing Emails
Block Replies to Categorized Phishing Emails
Importance: Required / Reference to ITU-T X.1236 8.3.2 (1)
- When an incoming email is identified as originating from a malicious email address, the system should issue a warning to the recipient or automatically block the email.
- This helps prevent users from engaging with potentially harmful or phishing emails, reducing the risk of data leakage and security breaches.
Convert Large Attachments for Safe Delivery
Retrieve Safely Converted Large Attachments
Recall Email
Encrypt Conditional Email Content
Targeted Outbound Email Attacks
Security requirements for countering attacks using account take-over (ATO)
Restrict Access for Specific IP Addresses and Countries
Detect Malware Identical to Inbound Email
Restrict Access for Specific IP Addresses and Countries
Restrict Access for Specific IP Addresses and Countries
Importance: Recommended / Reference to ITU-T X.1236 8.4.1 (1)
- It is recommended to provide administrators and users with the ability to manage access to email accounts based on specific IP address ranges and countries. Both administrators and users should have control over the security of their accounts.
- IP Address Restriction Setting: Provide email service administrators and users with the ability to specify specific IP addresses or IP address ranges to allow access. This allows access to the account only from specific geographic locations or network environments.
- Country Restriction Setting: Allow the configuration of countries or regions from which account access is allowed. This helps prevent account abuse from specific countries or regions.
- The system should log access attempts to email accounts and provide warning notifications to administrators and users for access attempts from IP addresses or countries outside the configured settings. This allows for the rapid identification and response to unauthorized access attempts to email accounts.
Detect Malware Identical to Inbound Email
Targeted Outbound Email Attacks
Security requirements for countering unauthorized email server access
Block Unregistered SMTP and Country Access
Identify Details of Unauthorized Mail Server Attack
Verify Matching SMTP Information Between the Sender and Recipient
Block Unregistered SMTP and Country Access
Block Unregistered SMTP and Country Access
Importance: Required / Reference to ITU-T X.1236 8.4.2 (1)
- To enhance the security of email services, unregistered SMTP servers and access from specific countries must be blocked.
- Allowing only registered SMTP servers ensures a secure path for accessing the email server, preventing access from malicious email servers or other illicit servers.
- Blocking access from specific countries helps defend against attacks at a national level and controls geographically restricted access.
Identify Details of Unauthorized Mail Server Attack
Verify Matching SMTP Information Between the Sender and Recipient