The Sender Policy Framework (SPF) is a foundational email authentication technology. It enables a domain owner to specify, via a special DNS record, which hosts are authorized to send mail on behalf of their domain.
Continue reading Restored Article: SPF: The Foundation of Email Sender AuthenticationTag: Mail Security
Advanced Mail Filtering: A Deep Dive into Amavisd-new and Amavisd-milter Policy Banks
Amavis isn’t new; in fact, AMaViS started as a shell program back in 1997. It has since evolved into a powerful, flexible tool for content filtering. This article will be a hands-on guide to setting up Amavisd-new with a milter and multiple policy banks. I’ll explain the critical difference between after- and before-queue filtering in Postfix, demonstrate how to use both, and show you how to split your mail traffic for a robust, multi-layered defense.
Continue reading Advanced Mail Filtering: A Deep Dive into Amavisd-new and Amavisd-milter Policy BanksEmail Signing and Verification with Amavisd-new and DKIM
I recently had a moment of “why did I do that?” when I temporarily disabled DKIM signing on my mail server. A quick email to a mailing list triggered a flood of DMARC authentication failure reports. It was a clear reminder that a surprising number of administrators have DMARC and DKIM reporting enabled.
Continue reading Email Signing and Verification with Amavisd-new and DKIMSecuring Email with MTA-STS and TLSRPT
What is MTA-STS (MTA Strict Transport Security)?
MTA-STS is a mechanism that enforces TLS encryption for your email communication. Think of it as HTTP Strict Transport Security (HSTS) for email. By instructing the sending mail server that a secure connection is mandatory, you can effectively mitigate or stop Man-in-the-Middle (MITM) attacks. The official abstract from the RFC puts it best:
Continue reading Securing Email with MTA-STS and TLSRPT