secure email gateway

"a secure email gateway in every company"

Topics in this area:

digitally signed messages

digitally signed email messages: spf, dkim and secure email authentication

dedicated IP address

IP addresses are important for sending email messages

dedicated hostname

use your own subdomain, such as: smtp.yourdomain.com

security settings

safely switch from your current mailserver to RealSender

Subsections of secure email gateway

digitally signed messages

Identity check

To defend from email abuse, more and more email servers
check the sender’s identity before delivering the message.

Sending emails without RealSender, your recipients can’t be sure
that the message received was generated by you.

Sending emails using RealSender, all the messages you send
are digitally signed, so that the recipients can trust them.


Sender authentication

There are two standards to check the sender’s identity: SPF and DKIM.
RealSender offers both of them
:

  • SPF declares which are the authorized smtp servers for a certain domain
  • DKIM digitally signs each message sent from a certain domain and its related smtp server
    All the information used to check the DKIM signed messages
    are saved and locked within the domain’s DNS settings

*RealSender also provides:*

smtp servers with dedicated ip
each customer receives a dedicated IP address the IP address is monitored daily over 60+ blacklists

secure smtp autentication
the server accepts only messages sent with SMTP authenticated over secure connection
using TLS or SSL (the communications are encrypted using a dedicated digital certificate)

sender’s address check
the server accepts only the sending of messages from senders that have been configured and authorized

full email authentication
all messages sent through the server are authenticated using the standard protocols: SPF and DKIM


Request a free trial

dedicated IP address

dedicated smtp IP address

The “Internet Protocol address” or “IP address”
is similar to a telephone number on your home phone or mobile device.

It is personally identifiable information that is automatically captured
by another computer when any communications link is made over the Internet.
No other device on the Internet will have the same IP address.
This is necessary for a device to communicate with another.

“Dedicated” IP addresses are important for sending email messages
because their reputation has a strong impact on being accepted or not.

Using “shared” IP addresses for business communications
is like sending each time a different sales representative to the same customer.
Not knowing him, the recipient will treat him with suspicion.
In extreme cases, if the same seller offers different products every day,
it is very likely that he will no longer be accepted the next time he knocks on the door.

Most SMTP services on the internet provide “shared” IP addresses to their customers.
Each time you send an email, a different IP address is assigned.
Something similar happens with cloud hosting providers, who offer services on a “per minute” basis.
In this case, they give one or more “temporarily assigned” IP addresses.

Since its inception in 2009, RealSender has decided to offer only SMTP servers with “dedicated” IPs.
This means that each customer receives an IP address that will not change over time.
Linking it to the corporate domain name via email authentication, will make both of them more authoritative.

If your communications are consistent and expected,
little by little they will be recognized by the recipients, who will award them a higher reputation.
This trust can reach high levels, so that all-transmitted communications
they will be automatically accepted and considered Important or High Priority.


Request a free trial

dedicated hostname

dedicated smtp hostname

A corporate smtp hostname is used in multiple applications settings.
Changing it is an error-prone activity that takes time.

RealSender allows you to define your subdomain, such as:

smtp.youremaildomain.com

We’ll take care of everything, including SSL certificates
that are required for secure smtp authentication.

This setup will give you complete peace of mind,
knowing that the smtp hostname is under your control.

Your IT staff won’t have to remember where it’s configured
since it will no longer be necessary to change it.


Request a free trial

security settings

Switch from your current mailserver to RealSender safe environment.

You may use the same authentication credentials
as well as the smtp hostname, when it is under your domain name.

You can send email messages securely, even without authentication.


Topics in this area:

authorized senders

only the declared senders are allowed to pass through

protected by fail2ban

unauthorized accesses are identified, blocked and banned after three failed attempts

extra security settings

optional extra security configurations

Subsections of security settings

authorized senders

sender check

A dedicated RealSender smtp server is assigned to each customer.
This is the only way to keep control of the server’s reputation
and daily verify the senders’ domain reputation.

This approach requires that only the declared senders are given the green light to pass.
The system checks every message and accepts/rejects them based on the list of allowed senders.

The “authorized senders” for each RealSender account
must refer to one or more domain names registered by the same company.

RealSender partners and large organizations can independently update
the list of authorized senders.


Request a free trial

protected by fail2ban

fail2ban secured smtp

RealSender relies on the Fail2ban server application to secure your dedicated smtp.
This protects against unauthorized access and DOS (Denial Of Service) attacks.

After three failed attempts, the source IP is blocked and banned.


The causes of the blacklisting could be:

  • authentication attempt with wrong credentials
    (incorrect username or incorrect password)

  • authentication attempt on insecure channels
    (the system requires TLS/SSL authentication)

  • sender’s email address is not authorized to send
    (see restrictions on RealSender authorized senders)

  • smtp connection interrupted during the authentication process
    (multiple broken connections make the smtp service unavailable for legitimate users)


The result of the block is that the smtp server no longer responds to connection attempts,
the computer making the request will receive this message:

connect to address 93.184.216.34: Connection refused

How to deal with accidentally banned IP addresses:

  • Sometimes legitimate IPs get banned due to new configurations or other reasons.
    RealSender provides direct access to Fail2ban logs to verify the bans, like these:
2024-08-26 01:38:01,199 fail2ban.filter         [19671]: INFO    [smtp] Found 93.184.216.34 - 2024-08-26 01:38:00
2024-08-26 01:38:01,201 fail2ban.filter         [19671]: INFO    [smtp] Found 93.184.216.34 - 2024-08-26 01:38:01
2024-08-26 01:38:01,404 fail2ban.filter         [19671]: INFO    [smtp] Found 93.184.216.34 - 2024-08-26 01:38:01
2024-08-26 01:38:01,972 fail2ban.actions        [19671]: NOTICE  [smtp] Ban 93.184.216.34
  • Once you have defined that your IP has been banned,
    contact RealSender support and request the “whitelisting”.

    New connections from the “whitelisted” IP address will be ignored and logged as follows:
2024-08-23 07:00:12,501 fail2ban.filter         [30057]: INFO    [smtp] Ignore 93.184.216.34 by ip
2024-08-23 07:00:12,501 fail2ban.filter         [30057]: INFO    [smtp] Ignore 93.184.216.34 by ip
2024-08-23 07:00:13,115 fail2ban.filter         [30057]: INFO    [smtp] Ignore 93.184.216.34 by ip

Request a free trial

Subsections of extra security settings

stop bad attachments

stop bad attachments

The “stop bad attachments” option blocks all potentially harmful attachments
except some safe extensions that you can define, like: pdf, txt, gif, jpg and png.

The sending with an unauthorized attachments is stopped.

The message does not pass through the smtp server,
the email gets bounced back to the sender with this warning:

The attachment named "example.zip" 
violates Your Company's email security policy. 

The delivery been been blocked. 
For more information, contact your IT Administrator.

Request a free trial

limit messages number

limit messages number

Inspired by a comment from Phil Pennock on the SAGE mailing list:

I really wish that I'd be allowed to put a per-customer throttle on mails-per-day, 
raisable if a customer has legitimate reasons to be sending mail ...

High email volumes are often generated by a compromised account.
They can damage your company’s reputation and the one of your mailserver.

The “limit message number” option lets you define a maximum number of daily emails per sender,
so that any excess quantities will be blocked before going on the internet.

The sending of “extra quantity” communications are stopped.
The emails get bounced back immediately to the sender, with a warning like:

An error occurred when sending email. The mail server answered: 
450 4.7.1 <>...  sender@example.com has exceeded n messages per 1 day.

As an antispam measure, most smtp servers introduced an option to limit the number of recipients
that can be specified for a given envelope. In Sendmail it is Called “MaxRecipientsPerMessage”.

RealSender promotes the limit on the number of recipients per message,
to reduce abuses and to avoid the risk of sending cc/bcc to many addresses.

We share a list of 300 @bogusemail.net addresses for testing:
bogusemail-test.txt

The messages will reach a “black-hole” mailserver.

You can use them at your convenience,
to check how many recipients per message
your smtp server allows the sending to.


Request a free trial

limit messages weight

limit messages weight

If you send a large attachment to someone,
it may not go through as their incoming attachment size may be smaller.

The “limit message weight” option lets you define a maximum message weight
so that they will be blocked even before uploading them.

The sending of overweight attachments is stopped,
the email gets bounced back immediately to the sender,
with a warning like:

The message you are trying to send exceeds 
the global size limit of (xxxx bytes) of the server, 
reduce the size of the message and attempt to send again.

Request a free trial

convert large attachments

filelink conversion

RealSender “filelink” app automatically converts
all attachments larger than the size that you define
into a link, like this:

[large file example.pdf] (43.96 MB) moved to:

http://rsXXX-realsender.com/files/e1eb3665a1a0766ea65616b6210cfd538c4950f8.pdf

The file will be DELETED after twelve months.

Your recipient receives a light message.
He can download the attachment when he needs it.

The domain in the link can be any dedicated domain or subdomain you wish to use.


Request a free trial

bcc of all sent emails

bcc email

Email messages are the main channel of modern business communications.
Their accidental loss would great damage the company’s knowledge base.
Furthermore, business correspondence should generally be kept for up to ten years.

 !! if your company is using personal mailboxes
 such as name.surname@companyname.com  
 you must have informed the senders before activating this function

Using the bcc (blind carbon copy) function,
RealSender transparently transfers all the sent emails

  • to a special pop3 mailbox
    configured to receive large amounts of emails in a short time

    you can automatically download it via external services
    !!! stored email messages are automatically deleted after 7 days !!!

    for example using the “Check mail from other accounts” setting
    available within Gmail, both individual (free) and G Suite App versions

  • to a different email address
    properly configured so that the messages are not classified as spam

    Gmail G Suite App gives the option to “Set up an inbound mail gateways


Request a free trial