E-mails are the soul of communication for any corporate. Therefore, it is important to set up prudently thinking of any eventualities of risk aspects. Email security is paramount for any business.

1. Always create emails of your people instead of having generic names. 

For example - Keeping the email business@example.com may invite countless spam to the email id and you would spend countless hours in reading through those. It's better to have emails like FirstNameLastName@example.com to have unique emails and the risk would be limited to that email id/ person might know how spammers know the email id. 

2. Always set up DKIM - that is critical as it adds a kind of signature that the original of the email was indeed one of your mail servers. 

3. Restrict external email services (sending emails to outside the organisation) unless required for particular roles. Add disclaimer as default to all emails going outside the firm.

4. Don't use "catch-all" for your domain name to get all misspelled email ids as most of the spammers will learn about it and start submitting malicious forms using your email ids and you would start receiving random updates/ spams/ fraud emails/