Ways to avoid e-mail leakage when using D-Fence Type – services.

Case 1: Only one e-mail server available, identical for all e-mail customers.

Check that the customer domain is not found in the mx list in d-fence PartnerAdmin.

dig clientdomain.com mx

clientdomain.com. 3600 IN MX 0 *mx1.d-fence.eu
clientdomain.com. 3600 IN MX 0 *mx2.d-fence.eu
clientdomain.com. 3600 IN MX 100 server.yourisp.com.

Even though server.yourisp.com is at its greatest, in order words lowest mx priority, senders of spam use it for sending e-mail to customer domains. Senders of spam do  not respect priorities but will try anything to get past the filter.

Check that mail.clientdomain.com. A data material does not indicate the server.

Senders of spam look for familiar names for e-mail servers. mail.clientdomain.com is as usual as www. in web site services and even if all mx’s were to refer to d-fence’s service, senders of spam anyhow send mail directly to mail.clientdomain.com servers, if it has not been particularly prevented. Other names to avoid are, for example, smtp, imap, pop, email, pop3, imap4 and post. (Or whatever term that can be added to an e-mail).

It is definitely better that names, for instance of the type mailbox.yourisp.com or such, which is not readily associated with e-mail, are used in the e-mail traffic of customers, instead of mail.clientdomain.com.

Case 2: two e-mail servers

The easiest configuration in this case is that the servers are awarded two different roles.

mailbox.yourisp.com is hidden from the internet, mail is not allowed directly from the internet. Only imap, submission (authenticated mail delivery to the customer) and other required gates for web mail, such as https are opened from the internet. D-Fence is allowed the possibility to send smpt separately through the fire wall directly to mailbox.yourisp.com servers. Sending from other places on the internet is blocked.

relay.yourisp.com is a separate mail server which receives mail for the customer and passes on the customer domains mail to the mailbox.yourisp.com servers. It is especially important that the relay does not agree to pass on mail to d-fence’s customers, but will agree to do so if the customer has not bought filter service.

Case 3: two parallel mail servers

The third alternative is to arrange for a separate server for mutual customers. In this case, all mail deliveries to the servers are only allowed by the D-Fence service. This is in a way an easy solution, in that no changes have to be made in the former e-mail system, one only adds a separate server which is blocked for exterior mail.