In this guide, you will learn about the Email Authentication Security features, including the following information:
- What is Email Authentication Security?
- Country Authentication Restrictions
- Source Based Authentication Restrictions
- Outbound Rate Limiter
- Authentication and Outbound Whitelists
- Feature Availability
What is Email Authentication Security?
Email Authentication Security prevents email accounts on the server from being compromised and abused by threat actors.
Once a threat actor has compromised an email account, they gain access to everything associated with the mailbox which allows them to:
- Read all your emails
- Access your contact book
- Send outbound emails
Let's learn about the email authentication security features available in MagicSpam to secure your email servers.
Country Authentication Restrictions
The Country Authentication Restrictions feature allows you to restrict email authentication to only countries where your customer resides.
To find out which countries your customers access their email accounts from go to the Country Statistics Page in the MagicSpam Admin Panel.
- country_outbound_statistics.png (13.12 KiB) Viewed 45087 times
Once you have a better understanding about the geographical spread of your customer base, you can configure the Country Authentication Restrictions in the Security Page accordingly.
- country_authentication_restrictions.png (54.3 KiB) Viewed 45087 times
MagicSpam will attempt to automatically detect and allow email authentication from the GeoIP location of the email server. If the automatic detection is not successful, then set the Default Server GeoIP to the appropriate country.
Source Based Authentication Restrictions
The Source Based Authentication Restrictions feature allows you to restrict email authentication from cloud networks and networks previously detected performing authentication attacks.
To enable this, go to the Security Page in the MagicSpam Admin Panel and make sure all the Source Based Authentication Restrictions are set to ON.
- source_based_authentication_restrictions.png (67.21 KiB) Viewed 45087 times
Regular humans should never authenticate into their email accounts from cloud networks, only services running on cloud networks would ever need to access an email account on your email server. You also never want networks previously detected performing authentication attacks to authenticate into your email server.
Outbound Rate Limiter
The Outbound Rate Limiter feature allows you to prevent compromised accounts from being abused and notifies the email administrator about such incidents.
To configure the Outbound Rate Limiter, go to the Anti-Spam System Page and check the Advanced Options in the MagicSpam Admin Panel.
- outbound_rate_limiter.png (37.22 KiB) Viewed 45087 times
By default, the Outbound Rate Limiter is already effectively configured such that MagicSpam will block an email account from sending outbound email for 6 hours when the email account has been detected sending more than 150 emails in a 5-minute period.
Authentication and Outbound Whitelists
The Authentication and Outbound Whitelists allows you to exempt IP addresses from being subjected to the email authentication security checks.
You can add the IP address(es) you want to exempt from authentication restrictions through the Anti-Spam Exemptions Page on the MagicSpam Admin Panel.
- ip_auth_whitelist.png (31.96 KiB) Viewed 45087 times
If you have customers who have a legitimate reason to send outbound email at a higher volume than the configured limits, then you can add the email account to the Per-User Rate Limiter Whitelist on the same page.
- outbound_rate_limiter_whitelist.png (23.33 KiB) Viewed 45087 times
Feature Availability
The Email Authentication Security features are only available on the PLUS and PRO version of MagicSpam.
Comment down below if you have any questions.
Thank you!