Standards

General

Knowledge base

This knowledge base is where you can find anything related to email security. Whether you are an administrator, developer or marketeer, if you work with email this is the knowledge you'll need to improve your email security.

Email hardening guide

Email hardening guide

This guide explains the basics of email hardening. By adopting the SPF, DKIM and DMARC email security standards for your domain, you can reduce fraud while improving deliverability of your email.

Email security standards

SPF

SPF

The Sender Policy Framework (SPF) is the most basic email security method. With SPF you can publish a list of authorized senders who may use your domain name to send email.

 DKIM

DKIM

DomainKeys Identified Mail (DKIM) is a method to cryptographically sign email. With the signature the receiver can validate that an email is authentic and the sender was allowed to send email for the domain.

 DMARC

DMARC

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an extension to SPF and DKIM and also allows monitoring. With DMARC the domain owner can publish a policy on how receivers should process email from the domain.

 BIMI

BIMI

Brand Indicators for Message Identification (BIMI) is like verified accounts, but for email. It allows for stronger brand recognition by displaying a brand logo in the inbox of the recipient.

 MTA-STS

MTA-STS

Mail Transfer Agent Strict Transport Security (MTA-STS) is an email security standard for secure delivery of email to your domain.

In this article we'll explain how MTA-STS works and why it is needed.

 SMTP TLS reporting

SMTP TLS reporting

SMTP TLS Reporting (TLSRPT) is a reporting standard that allows you to monitor the secure transport of email to a domain.

In this article we'll explain how SMTP TLS reporting works and how it is used.

 DANE

DANE

DNS-Based Authentication of Named Entities (DANE) is a standard aimed at augmenting (or even replacing) the Public Key Infrastructure.

In this article we'll explain how TLSA records can be used for PKI certificate pinning to protect against man-in-the-middle attacks.

General

envelope and letter

Email address types explained

An email contains multiple addresses and with the many terms that are used for these addresses it often leads to confusion.

In this article we'll explain the various addresses, how we call them and what they are used for.

 Hardening unused domains

Hardening unused domains.

Proper implementation of email hardening techniques can be beneficial even to (sub)domains that are not intended to be used with email.

These may be parked domains, or any other (sub)domains that are not or no longer used for sending (outbound) or receiving (inbound) email.

 Elliptic Curve Cryptography

How to use DKIM with Ed25519

Ed25519 DKIM signatures offer stronger cryptography and simplified DNS records. This guide explains how to use Ed25519 signatures with DKIM.

 OpenSSL logo

How to create a DKIM record with OpenSSL

If you are an email service administrator or a developer of software that needs to send email you can use this guide to learn how to create DKIM keys using the popular open source OpenSSL suite.

 OpenSSL logo

How to create a DANE TLSA record with OpenSSL

This guide explains how to create DANE TLSA DNS records using the popular open source OpenSSL suite.