Best Practices | Entries from November 2023

MTA-STS and TLS-RPT

Email Anti Spoofing - DMARC

Note: Navigation options above may not work on this devices screen size, if requiring link access, please switch to Desktop layout for this session.

Posted by NoelB on Sunday, November 19. 2023

MTA-STS and TLS-RPT are security-type mechanisms that go hand-in-hand which we use to make declarations to other Mail Servers (via DNS) that we only want to accept encrypted connections for MTA transactions.

It tells others that they shouldn't try deliver mail to us if a secure TLS connection can't be established to our Mail Servers. For this to be effective, you must first configure DNSSEC.

Continue reading "MTA-STS and TLS-RPT"

November '23

Posted by NoelB on Wednesday, November 1. 2023

Moving on to the third article in our securing Email to stop spoofing series we configure DMARC, or Domain-based Message Authentication, Reporting, and Conformance.

DMARC, defined in RFC 7489, is in simple terms an alignment test using DKIM and SPF, so it's important that you first configure both SPF and DKIM.

Continue reading "Email Anti Spoofing - DMARC"