Topics in this area:
digitally signed email messages: spf, dkim and secure email authentication
dedicated IP addresses are important for sending email messages
use your own subdomain, such as: smtp.yourdomain.com
smooth change from your current mailserver to RealSender
To defend from email abuse, more and more email servers
check the sender’s identity before delivering the message.
Sending emails without RealSender, your recipients can’t be sure
that the message received was generated by you.
Sending emails using RealSender, all the messages you send
are digitally signed, so that the recipients can trust them.
There are two standards to check the sender’s identity: SPF and DKIM.
RealSender offers both of them:
smtp servers with dedicated ip
each customer receives a dedicated IP address
the IP address is monitored daily over 60+ blacklists
secure smtp autentication
the server accepts only messages sent with SMTP authenticated over secure connection
using TLS or SSL (the communications are encrypted using a dedicated digital certificate)
sender’s address check
the server accepts only the sending of messages from senders that have been configured and authorized
full email authentication
all messages sent through the server are authenticated using the standard protocols: SPF and DKIM
The “Internet Protocol address” or “IP address”
is similar to a telephone number on your home phone or mobile device.
It is personally identifiable information that is automatically captured
by another computer when any communications link is made over the Internet.
No other device on the Internet will have the same IP address.
This is necessary for a device to communicate with another.
“Dedicated” IP addresses are important for sending email messages
because their reputation has a strong impact on being accepted or not.
Using “shared” IP addresses for business communications
is like sending each time a different sales representative to the same customer.
Not knowing him, the recipient will treat him with suspicion.
In extreme cases, if the same seller offers different products every day,
it is very likely that he will no longer be accepted the next time he knocks on the door.
Most SMTP services on the internet provide “shared” IP addresses to their customers.
Each time you send an email, a different IP address is assigned.
Something similar happens with cloud hosting providers, who offer services on a “per minute” basis.
In this case, they give one or more “temporarily assigned” IP addresses.
Since its inception in 2009, RealSender has decided to offer only SMTP servers with “dedicated” IPs.
This means that each customer receives an IP address that will not change over time.
Linking it to the corporate domain name via email authentication, will make both of them more authoritative.
If your communications are consistent and expected,
little by little they will be recognized by the recipients, who will award them a higher reputation.
This trust can reach high levels, so that all-transmitted communications
they will be automatically accepted and considered Important or High Priority.
A corporate smtp hostname is used in multiple applications settings.
Changing it is an error-prone activity that takes time.
RealSender allows you to define your subdomain, such as:
smtp.yourdomain.comWe’ll take care of everything, including SSL certificates
that are required for secure smtp authentication.
This setup will give you complete peace of mind,
knowing that the smtp hostname is under your control.
Your IT staff won’t have to remember where it’s configured
since it will no longer be necessary to change it.
Switch from your current mailserver to RealSender safe environment.
You may use the same authentication credentials
as well as the smtp hostname, if it is under your domain name.
When needed, you can send email messages securely, even without authentication.
Topics in this area:
only the declared senders are allowed to pass through
unauthorized accesses are identified, blocked and banned after three failed attempts
optional extra security configurations
A dedicated RealSender smtp server is assigned to each customer.
This is the only way to keep control of the server’s reputation
and daily verify the senders’ domain reputation.
This approach requires that only the declared senders are given the green light to pass.
The system checks every message and accepts/rejects them based on the list of allowed senders.
The “authorized senders” for each RealSender account
must refer to one or more domain names registered by the same company.
RealSender partners and large organizations can independently update
the list of authorized senders.
RealSender relies on the Fail2ban server application to secure your dedicated smtp.
This protects against unauthorized access and DOS (Denial Of Service) attacks.
After three failed attempts, the source IP is blocked and banned.
The causes of the blacklisting could be:
authentication attempt with wrong credentials
(incorrect username or incorrect password)
authentication attempt on insecure channels
(the system requires TLS/SSL authentication)
sender’s email address is not authorized to send
(see restrictions on RealSender authorized senders)
smtp connection interrupted during the authentication process
(multiple broken connections make the smtp service unavailable for legitimate users)
The result of the block is that the smtp server no longer responds to connection attempts,
the computer making the request will receive this message:
connect to address 93.184.216.34: Connection refusedHow to deal with accidentally banned IP addresses:
2024-08-26 01:38:01,199 fail2ban.filter [19671]: INFO [smtp] Found 93.184.216.34 - 2024-08-26 01:38:00
2024-08-26 01:38:01,201 fail2ban.filter [19671]: INFO [smtp] Found 93.184.216.34 - 2024-08-26 01:38:01
2024-08-26 01:38:01,404 fail2ban.filter [19671]: INFO [smtp] Found 93.184.216.34 - 2024-08-26 01:38:01
2024-08-26 01:38:01,972 fail2ban.actions [19671]: NOTICE [smtp] Ban 93.184.216.342024-08-23 07:00:12,501 fail2ban.filter [30057]: INFO [smtp] Ignore 93.184.216.34 by ip
2024-08-23 07:00:12,501 fail2ban.filter [30057]: INFO [smtp] Ignore 93.184.216.34 by ip
2024-08-23 07:00:13,115 fail2ban.filter [30057]: INFO [smtp] Ignore 93.184.216.34 by ipTopics in this area:
security option to block all emails containing potentially harmful attachments
security option to limit the number of messages sent by sender
security option to block all emails that exceed the weight limit
security option to convert large file attachments into links
transparently bcc copy all the sent emails
The “stop bad attachments” option blocks all potentially harmful attachments
except some safe extensions that you can define, like: pdf, txt, gif, jpg and png.
The sending with an unauthorized attachments is stopped.
The message does not pass through the smtp server,
the email gets bounced back to the sender with this warning:
The attachment named "example.zip"
violates Your Company's email security policy.
The delivery been been blocked.
For more information, contact your IT Administrator.
Inspired by a comment from Phil Pennock on the SAGE mailing list:
I really wish that I'd be allowed to put a per-customer throttle on mails-per-day,
raisable if a customer has legitimate reasons to be sending mail ...High email volumes are often generated by a compromised account.
They can damage your company’s reputation and the one of your mailserver.
The “limit message number” option lets you define a maximum number of daily emails per sender,
so that any excess quantities will be blocked before going on the internet.
The sending of “extra quantity” communications are stopped.
The emails get bounced back immediately to the sender, with a warning like:
An error occurred when sending email. The mail server answered:
450 4.7.1 <>... sender@example.com has exceeded n messages per 1 day.As an antispam measure, most smtp servers introduced an option to limit the number of recipients
that can be specified for a given envelope. In Sendmail it is Called “MaxRecipientsPerMessage”.
RealSender promotes the limit on the number of recipients per message,
to reduce abuses and to avoid the risk of sending cc/bcc to many addresses.
We share a list of 300 @emailnull.com addresses for testing:
emailnull-test.txt
The messages will reach a “black-hole” mailserver.
You can use them at your convenience,
to check how many recipients per message
your smtp server allows the sending to.
If you send a large attachment to someone,
it may not go through as their incoming attachment size may be smaller.
The “limit message weight” option lets you define a maximum message weight
so that they will be blocked even before uploading them.
The sending of overweight attachments is stopped,
the email gets bounced back immediately to the sender,
with a warning like:
The message you are trying to send exceeds
the global size limit of (xxxx bytes) of the server,
reduce the size of the message and attempt to send again.
RealSender “filelink” app automatically converts
all attachments larger than the size that you define
into a link, like this:
[large file example.pdf] (43.96 MB) moved to:
http://rsXXX-realsender.com/files/e1eb3665a1a0766ea65616b6210cfd538c4950f8.pdf
The file will be DELETED after twelve months.Your recipient receives a light message.
He can download the attachment when he needs it.
The domain in the link can be any dedicated domain or subdomain you wish to use.
Email messages are the main channel of modern business communications.
Their accidental loss would great damage the company’s knowledge base.
Furthermore, business correspondence should generally be kept for up to ten years.
!! if your company is using personal mailboxes
such as name.surname@companyname.com
you must have informed the senders before activating this functionUsing the bcc (blind carbon copy) function,
RealSender transparently transfers all the sent emails
to a special pop3 mailbox
configured to receive large amounts of emails in a short time
you can automatically download it via external services
!!! stored email messages are automatically deleted after 7 days !!!
for example using the “Check mail from other accounts” setting
available within Gmail, both individual (free) and G Suite App versions
to a different email address
properly configured so that the messages are not classified as spam
Gmail G Suite App gives the option to “Set up an inbound mail gateways”