Cloudflare Takes a Shot on Email Security
Cloudflare, The internet infrastructure company, with the fingers of many customer security pots, from DDoS protection on browser separation in a mobile VPN. Now the company is taking on a classic enemy of the web: email.
On Monday, Cloudflare announced a couple of email security and safety offers that it sees as the first step toward catching more targeted phishing attacks, reducing the effectiveness of address spoofing, and minimizing fall if a user clicks on a malicious link. The features, which the company will offer for free, are primarily prepared for small business and corporate customers. And it’s made for use with any email hosting by a customer, whether it’s provided by Google Gmail, Microsoft 365, Yahoo, or even relics like AOL.
Cloudflare CEO Matthew Prince says that since its inception in 2009, the company has deliberately avoided going anywhere near the thorny email problem. But he added that email security issues have not stopped, so it has become necessary. “I think what I’m thinking is that host providers like Google and Microsoft and Yahoo are going to solve this issue, so we’re not sure there’s anything to be done for us in the space,” Prince said. “But what has become clear over the past two years is that email security is still an unresolved issue.”
Prince said Cloudflare employees were “amazed at how many targeted threats were obtained through Google Workspace,” the company’s email provider said. That’s not for the lack of progress on Google or other major providers of anti-spam and anti-malware efforts, he added. But with many types of email threats faced at once, tactical phishing messages will still infiltrate. That’s why Cloudflare decided to build additional defense devices that could be used by the company itself as well as customers.
On Monday, the company launched two products: Cloudflare Email Routing and Email Security DNS Wizard. The tools allow customers to put Cloudflare in front of their email hosting provider, essentially allowing Cloudflare to receive and process emails before sending them to Microsofts and Googles around the world. This is somewhat similar to Cloudflare’s long-standing role as a “content delivery network” for websites, where the company is a proxy that can serve data or capture malicious activity in the flow of web traffic. .
Cloudflare Email Routing enables individuals or organizations to manage an entire email domain, such as @ coolbusiness.com, from a consumer email account, such as a personal Gmail address. The tool also allows you to consolidate multiple addresses—email@example.com, firstname.lastname@example.org — so they all precede one inbox. This way, small businesses can better reap the benefits of a dedicated, custom email domain without having to manage an entirely separate platform.
The second tool, the Security DNS Wizard, aims to make both aspects of email security accessible for Cloudflare customers and easy to use. The Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) both use important combinations of caller IDs and filtering schemes for email: They aim to reduce email address spoofing by setting up public records that must match the information of the sender of an email for the message to be transmitted. This significantly reduces how easy it is for attackers to, say, send an email to employees as if it were from the “Cool Business CEO.”
SPF and DKIM have been around for over a decade, but they’re not anywhere, because they’re hard to set up without errors that can result in problems like lost legitimate emails. The purpose of Cloudflare with Email Security DNS Wizard is to make it easier for users to set up one or the other protection without any flub.