Secure email is vital." > Secure email is vital." /> Secure email is vital." >
Story image

Going postal

01 Jul 2009

Secure email is vital.

Since the beginning of the year, we have received a lot of queries regarding best practice and requests for information on how to set up best practice around a public mail server or mail transport agent (MTA). To me, mail server administration best practice fits into two main categories: setting up an MTA to ensure that users can safely receive email and can also send email reliably. These two factors require different configurations, but once they have been set up you will be able to reduce downtime and issues relating to email.

Sending email is often an overlooked area of administration. While there have been a few advances in email server best practice over the past few years, the protocol used to send email, simple mail transfer protocol (SMTP), was created in the 1970s when the Internet was in its infancy. Back then, spam, email viruses and phishing attacks did not exist, and as a result email protocol was designed to be open and trusting.

The SMTP protocol has not changed much over the past four decades, which is why it is still a trivial matter to spoof another email user. I recommend people with a domain name implement good sender policy framework (SPF) records. SPF allows domain owners to specify which hosts or IP addresses are allowed to send email from your domain. SPF will not only stop back-scatter by preventing spammers from using your domain name, but it will also help with delivery rates.

Delivery rates can also be improved by using the services of a reputable software as a service (SaaS) email provider. Any large email specialist should have a good reputation which helps ensure their customers’ emails are successfully delivered to the intended recipient.

A good SaaS email provider should also be able to provide expert assistance to you and your IT staff in the event of any delivery issues. If you are not using a SaaS email provider, ensure your forward and reverse domain name system (DNS) hostnames match each other and that your MTA uses the same name when delivering email.

Having good anti-spam and anti-virus filters on your outgoing and incoming email is vital these days, particularly if you run Windows programs in-house. The tendency for Windows programs to become infected these days is truly scary, so running anti-virus best practice on desktops is essential.

Receiving email is the main function people associate MTA with. Given the inherent insecurity in the SMTP protocol, having good anti-abuse protection on your incoming email is important. Rather than keeping up with the latest threats, and given the amount of effort required to stay protected these days, I would strongly recommend outsourcing your email security to a third party.

Another advantage of using a dedicated managed email services provider is backup mail exchanger (MX). If you cannot afford to pay a commercial provider, talk to Google, as they host domains. Ideally, I would recommend customers have a second site under their own control. Even a virtual private server (VPS) hosted in a data centre somewhere could really save your company further down the line.

Another part of the email process that is often neglected is DNS. Managing major email changes, such as changing MX or the provider, can be simplified by changing the time to live (TTL) on your DNS records. Your TTL defines how long DNS servers on the Internet will cache your records before going back to the hosts. Many sites do not reduce their TTL before embarking on a major email architecture change and then wonder why their changes are not being propagated. A lot of sites still have the default 24 hours TTL (86400 seconds), which means their changes will not fully propagate around the Internet for a day.

While setting up and managing a mail server on the Internet is fraught with risks, if you follow best practice and keep up with the security patches, and anti-spam and anti-virus filters, you will be able to provide a stable reliable environment for your staff to use.

If you are running a mail server you need to be aware of the risks, so you can prepare for them. 

Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
HPE launches 'right mix' hybrid cloud assessment tool
HPE has launched an ‘industry-first assessment software’ to help businesses work out the right mix of hybrid cloud for their needs.
ADLINK and Charles announce multi-access pole-mounted edge AI solution
The new solution is a compact low profile pole or wall mountable unit based on an integration of ADLINK’s latest AI Edge Server MECS-7210 and Charles’ SC102 Micro Edge Enclosure. 
How Dell EMC and NVIDIA aim to simplify the AI data centre
Businesses are realising they need AI at scale, and so enterprise IT teams are increasingly inserting themselves into their company’s AI agenda.