Ooops - Navigation options above may not work on this device, please switch to Desktop layout if you need them.
If you just need to contact me privately click here
MTA-STS and TLS-RPT are security-type mechanisms that go hand-in-hand which we use to make declarations to other Mail Servers (via DNS) that we only want to accept encrypted connections for MTA transactions.
It tells others that they shouldn't try deliver mail to us if a secure TLS connection can't be established to our Mail Servers. For this to be effective, you must first configure DNSSEC.
Moving on to the third article in our securing Email to stop spoofing series we configure DMARC, or Domain-based Message Authentication, Reporting, and Conformance.
DMARC, defined in RFC 7489, is in simple terms an alignment test using DKIM and SPF, so it's important that you first configure both SPF and DKIM.
Continuing with the second article in our securing Email to stop spoofing series we take a look at DKIM, or Domain Keys Identified Mail, which is an Email authentication method to detect forgeries, it allows the receiving Mail Server to check if an Email that claims to have come from a specific domain, actually did.
it does this is by the senders Mail Server adding a digital signature to each outbound message, then the receivers Mail Server looking up that domains public key in DNS to verify the signature.
I kind of started this series off with my recent DNSSEC article, saying with tongue in cheek Now you can move onto properly securing your Email with SPF, DKIM, and DMARC, after some feedback, I now find myself starting a mini series First up is SPF!
Not all VoIP or SIP providers, also known as VSP's or Voice Service Providers, are equal. In recent years there has been a number of new VoIP providers appearing to take advantage of the move from POTS to VoIP in the populous areas serviced by NBN, some of these recent ventures claim they have been selling services for years, but it quickly becomes apparent who are honest, and who are full of it.
I am often asked why is DNSSEC such a PITA to implement, well, if you asked me this question ten years ago, I'd agree, maybe even five years ago, as then it was better, but still convoluted, so I get why many still are hesitant to use it, it's DNS, and nobody wants to mess up DNS, but Bind, since version 9.16 makes it very easy, it's even at the set and forget stage, so enabling DNSSEC in 2023 is child's play.
MTA-STS and TLS-RPT are security-type mechanisms that go hand-in-hand which we use to make declarations to other Mail Servers (via DNS) that we only want to accept encrypted connections for MTA transactions.
Moving on to the third article in our securing Email to stop spoofing series we configure DMARC, or Domain-based Message Authentication, Reporting, and Conformance.
Continuing with the second article in our securing Email to stop spoofing series we take a look at DKIM, or Domain Keys Identified Mail, which is an Email authentication method to detect forgeries, it allows the receiving Mail Server to check if an Email that claims to have come from a specific domain, actually did. 
I kind of started this series off with my recent DNSSEC article, saying with tongue in cheek Now you can move onto properly securing your Email with SPF, DKIM, and DMARC, after some feedback, I now find myself starting a mini series 
First up is SPF!
Not all VoIP or SIP providers, also known as VSP's or Voice Service Providers, are equal. In recent years there has been a number of new VoIP providers appearing to take advantage of the move from POTS to VoIP in the populous areas serviced by NBN, some of these recent ventures claim they have been selling services for years, but it quickly becomes apparent who are honest, and who are full of it.
I am often asked why is DNSSEC such a PITA to implement, well, if you asked me this question ten years ago, I'd agree, maybe even five years ago, as then it was better, but still convoluted, so I get why many still are hesitant to use it, it's DNS, and nobody wants to mess up DNS, but Bind, since version 9.16 makes it very easy, it's even at the set and forget stage, so enabling DNSSEC in 2023 is child's play.