Cloudflare, Internet The infrastructure company, which has already put its finger in many consumer protection packages, ranges from DDoS protection to browser isolation to mobile VPN. Now the company is receiving a classic web enemy: email.
On Monday, CloudFlare is announcing a pair of email security and safety offers that it considers the first step toward catching more targeted phishing attacks, reducing the effectiveness of address spoofing and reducing results if a user clicks on a malicious link. The features, which the company will provide for free, are primarily designed for small business and corporate customers. And they’re designed to be used on top of any email hosting a customer has already provided by wreckage like Google’s Gmail, Microsoft 365, Yahoo, or even AOL.
Matthew Prince, chief executive of Cloudflare, says that since its inception in 2009, the company has deliberately avoided going anywhere near the complex problem of email. But he added that email security issues are unnecessary, so it has become necessary. “I think what I assumed was that hosting providers like Google and Microsoft and Yahoo were going to solve this problem, so we weren’t sure we had anything to do in space,” Prince said. “But what has become clear over the last two years is that email security is still not a problem to be solved.”
Prince said Cloudflare employees were “surprised to see how many targeted threats were received through the Google workspace”, the company’s email provider said. This is not because of the lack of progress from Google or other big suppliers in anti-spam and anti-malware efforts, he added. But with so many types of email threats to deal with, strategically created phishing messages still slip. So Cloudflare has decided to create additional defense equipment that both the company itself and its customers can use.
On Monday, the company is launching two products: CloudFlare Email Routing and Email Security DNS Wizard. The tools allow customers to place CloudFlare in front of their email hosting provider, essentially allowing CloudFlare to receive and process emails before sending them to Microsoft and Google around the world. This is somewhat similar to CloudFlare’s long-standing role as a “content delivery network” for websites, where the company is a proxy that can serve data or catch malicious activity as web traffic passes.
Cloudflare email routing makes it possible for individuals or organizations to manage a completely custom email domain, such as @ coolbusiness.com, a single consumer email account, from a single personal Gmail address. The tool lets you combine multiple addresses – email@example.com, firstname.lastname@example.org— so that they all move forward in a single inbox. In this way, small businesses in particular can benefit from a dedicated, custom email domain without having to operate a completely separate platform.
The second tool, the Security DNS Wizard, aims to make two email security features readily available and easy to use for CloudFlare customers. The Sender Policy Framework (SPF) and Domainize Identified Mail (DKIM) are two tools that basically combine caller IDs and email screening schemes: they aim to reduce email address spoofing by setting public records that match email sending information. This significantly reduces how easy it is for attackers to send an email to employees who think it came from a “cool business CEO”.
SPF and DKIM have been around for more than a decade, but they are not ubiquitous, as they are difficult to set up without mistakes, which can lead to problems such as losing valid emails. Email Security CloudFlare’s goal with the DNS Wizard is to make it easier for users to install one or the other protection without any flab.