Spam filters, dynamic code analysis tools like FireEye that analyze email attachments, blacklisting known malicious domains and senders, blackholing malicious domain redirects, and security awareness training to help identify spam and malicious links and attachments, are some of the security controls that an organization can employ to protect their email systems from phishing attempts, malicious links, and virus attachments. A number of policies including email configuration policies, email service policies, and security awareness program policies can be employed to help fulfill the objective of safeguarding the email server and system. These policies will help system administrators configure and maintain the email servers, patch and update software and filters as well as mandate security personnel to deploy security awareness programs and quantify their effectiveness.