Secure Your Local Authority’s Email System

Protect staff, elected officials, and citizens against phishing, address spoofing, and ransomware.
This page provides a foundation of operational measures, ready-to-use templates, and reference resources.

1) Block Common Attacks

Enable multi-factor authentication (MFA) and anti-phishing filters on service mailboxes and privileged accounts..

2) Authenticate Your Domain

Deploy SPF, DKIM, and DMARC with a quarantine policy, then reject, to prevent domain spoofing.

3) Prepare for Incidents

Document a simple procedure: who to alert, how to isolate affected accounts, how to notify users, and how to log evidence.

Main Risks

Phishing

Emails impersonating public institutions (tax office, social services, prefecture); malicious attachments.
Compromise of the trust chain (fake suppliers, CEO fraud).

Domain Spoofing

Emails sent from collectivite.fr without authorization when DMARC is not deployed.
Loss of user trust and spam relay risks.

Ransomware via Email

Malicious macros, links to infected sites, password theft ➜ system encryption.
Service interruption for users and costly remediation.

Recommanded Policies

Inbound

    • Mandatory SPF/DKIM to mark trusted senders

    • Blocking of links to newly created domains

    • Attachment isolation through sandboxing

Outbound

    • DKIM enabled for all sending domains

    • DMARC set to reject on the primary domain

    • Quotas & DLP rules on service mailboxes (data leak prevention)

Key Features

Strong Authentication

    • MFA / 2FA (authenticator app, FIDO2 hardware key, SMS as last resort)

    • Risk-based authentication (suspicious sign-ins, unusual geolocation)

Encryption

    • TLS encryption for emails in transit

    • End-to-end encryption (E2EE) using S/MIME or PGP

    • Encryption of sensitive attachments

Anti-Phishing & Anti-Malware Protection

    • Detection of phishing / spear-phishing attacks

    • Link and attachment sandbox analysis

    • Warnings for unknown or suspicious senders

Domain Authentication

    • SPF (Sender Policy Framework)

    • DKIM (DomainKeys Identified Mail)

    • DMARC (Domain-based Message Authentication, Reporting & Conformance)

Access & Permission Management

    • Strengthened password policies

    • Session control and automatic time-outs

    • Role-based access control (RBAC)

Logging & Anomaly Detection

    • Access and activity logs

    • Detection of unusual behavior

    • Real-time alerts for potential compromise

Data Loss Prevention (DLP)

    • Automatic blocking or encryption of sensitive data

    • Rules preventing unauthorized external sending

Backup & Continuity

    • Regular email backups

    • Protection against accidental or malicious deletion

    • Fast restoration in case of incident

User Training & Awareness

    • Phishing simulation campaigns

    • Best practices: passwords, suspicious links, attachments

Best Practices for Staff

✔ Enable MFA on all email accounts
✔ Verify the real sender, domain, and URL before clicking
✔ Never share passwords or codes by email
✔ Use a password manager and unique passwords
✔ Report suspicious messages using the Report button or to the IT team