Skip to Main Content
Best practices Security & Privacy

Email security for education: Mitigating risks and implementing best practices

June 5, 2024 Devyn Lackner

As educational institutions increasingly rely on digital communication, email security has become a critical concern. Schools face unique challenges in protecting sensitive information and maintaining trust within their communities. In Clever’s Cybersecure webinar, “Enhancing Email Security and Vulnerability Disclosure in Schools,” Jim Siegl from the Future Privacy Forum discussed the pressing risks and effective strategies to bolster email security and manage vulnerability disclosure.

Email security: Challenges and risks

Email remains one of the most widely used systems in schools, making it a significant target for cyberattacks. One prevalent threat is email spoofing, where attackers forge email headers to make messages appear as if they are from trusted sources. This can lead to recipients unwittingly clicking on malicious links, opening malware attachments, or even transferring sensitive data or school funds.

Jim highlighted the vulnerability of school districts to such attacks, emphasizing that the risk is exacerbated by the extensive use of third-party services for email communication. The need for comprehensive email security protocols is paramount to safeguarding school data and maintaining operational integrity.

Implementing comprehensive email security protocols like SPF, DKIM, and DMARC isn’t just a technical necessity—it’s a fundamental step in protecting our schools from cyber threats. By adopting these measures, we can safeguard our communications, ensure the integrity of our data, and maintain the trust of our communities.

photo of Jim Siegl
Jim Siegl
Senior Technologist, Future Privacy Forum

Email security: Strategies and solutions

Jim outlined three key DNS-based email security protocols that can significantly mitigate the risk of email spoofing: SPF, DKIM, and DMARC.

  1. SPF (Sender Policy Framework): This protocol restricts who can send emails from your domain by allowing the recipient’s mail server to verify the sender’s IP address against an authorized list. While effective, SPF has limitations and works best in conjunction with other protocols.
  2. DKIM (DomainKeys Identified Mail): DKIM adds a digital signature to the email, ensuring that the content has not been tampered with during transit. This tamper-proof seal is critical for maintaining the integrity of email messages.
  3. DMARC (Domain-based Message Authentication, Reporting & Conformance): DMARC ties SPF and DKIM together, providing a consistent policy for handling emails that fail authentication. It also generates reports for domain owners, helping them monitor and improve email security.

It is important to implement all three protocols for a holistic approach to email security.

Adoption of email security tools in schools

How are schools approaching adoptions of these strategies? Jim analyzed data of all Virginia school districts to provide context. 

SPF, the first protocol, is widely used, with 84.6% of Virginia districts having implemented it, up from 60% in 2016. However, nearly 28% of these districts do not identify any additional IP addresses for sending mail, which could indicate a critical omission. 

Bart chart: SPF, a key email security protocol, is widely implemented in Virginia school districts, with 84.6% adoption, up from 60% in 2016. However, nearly 28% of districts are not identifying additional IP addresses for sending mail, which could indicate a critical omission.

DKIM uses digital signatures to authenticate email origins and ensure the integrity of the email content, but it is harder to scan for due to the need to know the DKIM selector name. 

DMARC, which ties SPF and DKIM together, is much less common, with only 16% of Virginia districts implementing it, and just 8% having a policy to quarantine or reject impersonated emails.

Email security for education: Takeaways and recommendations

  1. Adopt comprehensive email security protocols: Schools should implement SPF, DKIM, and DMARC to protect against email spoofing and enhance overall email security. These protocols work together to verify the authenticity of emails and ensure message integrity.
  2. Regular monitoring and gradual rollout: Implementing DMARC should be done gradually, with regular monitoring of reports to fine-tune spam filters and ensure that legitimate emails are not inadvertently quarantined or rejected.
  3. Evaluate vendor security: When evaluating edtech vendors, schools should consider the adoption of these email security protocols as part of their vetting process. High adoption rates among vendors can indicate a stronger commitment to cybersecurity.
  4. Use available tools: Utilize tools such as MX Toolbox to test the implementation of email security protocols. Schools can input their domain and those of their vendors to check the status and effectiveness of these protocols.

In conclusion, enhancing email security is a critical step in protecting school districts from cyber threats. By adopting comprehensive email security protocols and maintaining vigilant monitoring and evaluation practices, schools can create a safer digital environment for their communities.

To learn more about email security, you can watch Jim Siegl’s presentation and refer to his slides below.

More to read

5 Insights into Classroom MFA: A Message from Mohit, Director of Product

June 21, 2024

5 Insights into Classroom MFA: A Message from Mohit, Director of Product

In an interview with the hosts of the K12 Tech Talk podcast, our Director of Product provides the answers to questions about Classroom MFA.

New survey from Clever finds technology integration as a top classroom challenge for teachers
Company Districts

June 21, 2024

New survey from Clever finds technology integration as a top classroom challenge for teachers

Clever’s latest surveys find opportunities to make Learning Management Systems and edtech applications work better together. SAN FRANCISCO, June 21, 2024 /PRNewswire/ — Clever, the platform providing secure, seamless access to learning applications for 100,000 schools worldwide, released findings on the impact of data incompatibility on classroom learning and teacher experience. In internal surveys conducted from October 2023 through April 2024, […]

Cybersecurity for schools: Everything you need to know

May 23, 2024

Cybersecurity for schools: Everything you need to know

Ensure data security and meet regulatory compliance. Discover the cybersecurity essentials for K-12 schools, including strategies to protect student information.

Subscribe to receive news and updates from Clever.

This field is for validation purposes and should be left unchanged.