This knowledge base is where you can find anything related to email security. Whether you are an administrator, developer or marketeer, if you work with email this is the knowledge you'll need to improve your email security.
This guide explains the basics of email hardening. By adopting the SPF, DKIM and DMARC email security standards for your domain, you can reduce fraud while improving deliverability of your email.
The Sender Policy Framework (SPF) is the most basic email security method. With SPF you can publish a list of authorized sender who may use your domain name to send email.
DomainKeys Identified Mail (DKIM) is a method to cryptographically sign email. With the signature the receiver can validate that an email is authentic and the sender was allowed to send email for the domain.
Domain-based Message Authentication, Reporting and Conformance (DMARC) is an extension to SPF and DKIM and also allows monitoring. With DMARC the domain owner can publish a policy on how receivers should process email from the domain.
Brand Indicators for Message Identification (BIMI) is like verified accounts, but for email. It allows for stronger brand recognition by displaying a brand logo in the inbox of the recipient.
Mail Transfer Agent Strict Transport Security (MTA-STS) is an email security standard for secure delivery of email to your domain.
In this article we'll explain how MTA-STS works and why it is needed.
SMTP TLS Reporting (TLSRPT) is a reporting standard that allows you to monitor the secure transport of email to a domain.
In this article we'll explain how SMTP TLS reporting works and how it is used.
DNS-Based Authentication of Named Entities (DANE) is a standard aimed at augmenting (or even replacing) the Public Key Infrastructure.
In this article we'll explain how TLSA records can be used for PKI certificate pinning to protect against man-in-the-middle attacks.
An email contains multiple addresses and with the many names are used for these addresses it often leads to confusion.
In this article we'll explain the various addresses, how we call them and what they are used for.
Proper implementation of email hardening techniques can be beneficial even to (sub)domains that are not intended to be used with email.
These may be parked domains, or any other (sub)domains that are not or no longer used for sending (outbound) or receiving (inbound) email.
Ed25519 DKIM signatures offer stronger cryptography and simplifies DNS records. This guide explains how to use Ed25519 signatures with DKIM.
If you are an email server administrator or a developer of software that needs to send email you can use this guide to learn how to create DKIM keys using the popular open source OpenSSL suite.