Email Security and Authentication

5 Tips on How to Secure Your Mail Server

minute read

Post Image

It should go without saying that the security of your mailing infrastructure is closely tied to your sender reputation and is a building block for establishing long-lasting relationships with your customers.

If you are hacked and spam lands in your subscribers’ inboxes, there are multiple risks, each having a different impact on your email program:

  • Spam creates a lot of complaints against your domains and IP addresses
  • Spam will lead to a drop in subscriber engagement with your legitimate email

  • Both subscribers and Mailbox Providers (MBP’s) could block your mail

  • Malicious actors will likely send spam to random email addresses that are not your subscribers, which usually includes a high number of spam traps

  • If unauthorized content is being sent from your infrastructure and you are hitting spam traps, then you are likely to be listed on publicly available blacklists

The various factors I’ve mentioned above matter because major MBP’s are checking performance and security parameters to make filtering decisions before accepting a connection from your email server.

The time it takes for performance metrics to normalize varies based on the scale of the spam run, but no matter how long it takes, it will have a detrimental effect on email deliverability and ROI.

Based on our experience with Certified Clients, we put together 5 tips on how to secure your mail server. Share this information with your IT department to be better protected from malicious actors:

  1. Encryption: When securing your mail server, make sure you are using secure connections. Encrypt POP3 and IMAP authentication and use SSL and TLS.
  2. Mail relay configuration: Avoid being an open relay for spammers by specifying which domains/IP addresses your mail server will relay mail for.

  3. Connections and default settings: To avoid DoS attacks, limit the number of connection and authentication errors that your systems will accept. Remove unneeded server functionality by disabling any unnecessary default settings. Have a dedicated mail server and move other services like FTP to other servers. Keep total, simultaneous, and maximum connections to your SMTP server limited.
  4. Access Control: To protect your server from unauthorized access, implement authentication and access control. For example, SMTP authentication requires users to supply a username and password to be able to send mail from the server. Make sure access to your servers is on a need-to-have basis and is shared with as few people as possible.

  5. Abuse prevention: Check DNS-based blacklists (DNSBLs) and reject email from any domains or IPs listed on them. Check Spam URI Real-time Blocklists (SURBL), and reject any messages containing invalid or malicious links. Also, maintain a local blacklist and block any IP addresses that specifically target you. Employ outbound filtering and use CAPTCHA/reCAPTCHA with your web forms.

Keeping your mail server secure is not only a prerequisite for a successful email program but also for making the most of the Certification program. The benefits include improved email deliverability at major MBP, bypassing critical MBP filters, unblocked images, and active links. If Compliance team detects spam on your Certified IP address/domain, they suspend your IP address/domain from the Certification Program, and it may take 30 days or more for performance metrics to comply with Certification thresholds.

Want to get more tips and advice on how to secure your email program? Stay tuned for the follow-up blog posts where I will be looking at how to be protected against common cyber attacks that can jeopardize your email program.