This paper is intended to be used as a tool for information security professionals to assess risks associated with email infrastructure. Email vulnerabilities can harm organizations in two key ways:
1. Sensitive content in emails leaked to unintended recipients can disclose trade secrets, undermine business relationships, and destroy competitive advantage.
2. Email is the primary way attackers penetrate an organization, whether by causing unwitting recipients to download malware onto PCs or give up passwords (phishing). Email can also enable an attacker to to appear to be a trusted colleague (spoofing).