Hardenize has joined Red Sift! Find out more in our blog post.

Hardenize Policy for Email Infrastructure

Hardenize Policy is our new effort to address the root causes of slow adoption of new security standards. We believe that the sheer number of available standards, their complexity, and the fast pace of change is a significant barrier for many. Hardenize Policy aims to provide a single comprehensive guide, in a form designed for quick and efficient knowledge transfer. Our first installment covers security of email infrastructure, with additional documents to follow. Download it below and let us know if you're finding it useful:

Here's what advice you will find inside:

  1. Support STARTTLS
  2. Configure TLS appropriately for SMTP
  3. Use valid TLS certificates issued by public CAs
  4. Keep detailed SMTP server connection logs
  5. Consider requiring STARTTLS
  6. Use DMARC reporting
  7. Use SMTP TLS Reporting
  8. Use SPF
  9. Use DKIM
  10. Use DMARC to quarantine or reject spoofed email
  11. Use DANE if using DNSSEC
  12. Use MTA-STS
  13. Monitor for look-alike domain names
  14. Be aware of BIMI