Email Authentication Security Feature Guide

Moderators: wizard, magicspam

Post Reply
magicspam
Posts: 1552
Joined: Tue Oct 28, 2008 2:27 pm

Email Authentication Security Feature Guide

Post by magicspam » Tue Oct 12, 2021 3:03 pm

Overview

In this guide, you will learn about the Email Authentication Security features, including the following information:
  • What is Email Authentication Security?
  • Country Authentication Restrictions
  • Source Based Authentication Restrictions
  • Outbound Rate Limiter
  • Authentication and Outbound Whitelists
  • Feature Availability

What is Email Authentication Security?

Email Authentication Security prevents email accounts on the server from being compromised and abused by threat actors.

Once a threat actor has compromised an email account, they gain access to everything associated with the mailbox which allows them to:
  • Read all your emails
  • Access your contact book
  • Send outbound emails
As email administrators, it's important to prevent email accounts from being compromised to avoid negatively affecting your IP reputation.

Let's learn about the email authentication security features available in MagicSpam to secure your email servers.


Country Authentication Restrictions

The Country Authentication Restrictions feature allows you to restrict email authentication to only countries where your customer resides.

To find out which countries your customers access their email accounts from go to the Country Statistics Page in the MagicSpam Admin Panel.

country_outbound_statistics.png
country_outbound_statistics.png (13.12 KiB) Viewed 32629 times

Once you have a better understanding about the geographical spread of your customer base, you can configure the Country Authentication Restrictions in the Security Page accordingly.

country_authentication_restrictions.png
country_authentication_restrictions.png (54.3 KiB) Viewed 32629 times

MagicSpam will attempt to automatically detect and allow email authentication from the GeoIP location of the email server. If the automatic detection is not successful, then set the Default Server GeoIP to the appropriate country.


Source Based Authentication Restrictions

The Source Based Authentication Restrictions feature allows you to restrict email authentication from cloud networks and networks previously detected performing authentication attacks.

To enable this, go to the Security Page in the MagicSpam Admin Panel and make sure all the Source Based Authentication Restrictions are set to ON.

source_based_authentication_restrictions.png
source_based_authentication_restrictions.png (67.21 KiB) Viewed 32629 times

Regular humans should never authenticate into their email accounts from cloud networks, only services running on cloud networks would ever need to access an email account on your email server. You also never want networks previously detected performing authentication attacks to authenticate into your email server.


Outbound Rate Limiter

The Outbound Rate Limiter feature allows you to prevent compromised accounts from being abused and notifies the email administrator about such incidents.

To configure the Outbound Rate Limiter, go to the Anti-Spam System Page and check the Advanced Options in the MagicSpam Admin Panel.

outbound_rate_limiter.png
outbound_rate_limiter.png (37.22 KiB) Viewed 32629 times

By default, the Outbound Rate Limiter is already effectively configured such that MagicSpam will block an email account from sending outbound email for 6 hours when the email account has been detected sending more than 150 emails in a 5-minute period.


Authentication and Outbound Whitelists

The Authentication and Outbound Whitelists allows you to exempt IP addresses from being subjected to the email authentication security checks.

You can add the IP address(es) you want to exempt from authentication restrictions through the Anti-Spam Exemptions Page on the MagicSpam Admin Panel.

ip_auth_whitelist.png
ip_auth_whitelist.png (31.96 KiB) Viewed 32629 times

If you have customers who have a legitimate reason to send outbound email at a higher volume than the configured limits, then you can add the email account to the Per-User Rate Limiter Whitelist on the same page.

outbound_rate_limiter_whitelist.png
outbound_rate_limiter_whitelist.png (23.33 KiB) Viewed 32629 times

Feature Availability

The Email Authentication Security features are only available on the PLUS and PRO version of MagicSpam.

Comment down below if you have any questions.

Thank you!
-- MagicSpam Support Team --

Post Reply

Return to “Features Discussion and Guides”

Who is online

Users browsing this forum: No registered users and 3 guests