5 essential safeguards for your website and email

Proper security of your website and e-mail is essential, for yourself, your organisation and its visitors. In this article, we'll walk you through some essential security measures that you simply shouldn't miss for a safe online environment.

1. The most important security guard is you

It may seem obvious, but we can't say it often enough: bulletproof security starts with you. Set good passwords and save them carefully, make sure you log in in two steps where possible with two-factor authentication (2FA), and keep the software such as your browser and operating system up to date.

2. DNSSEC

One of the most important safeguards to protect your website is Domain Name System Security Extensions (DNSSEC): a set of protections of the Domain Name System (DNS) that help prevent malicious parties from directing your visitors to a fake website unnoticed. For example: as a visitor you type in 'google.com' and you think you are navigating to google.com, but without being able to see that you have actually suddenly ended up on notgoogleatall.com.

Naturally, Peppered has ensured that DNSSEC has been implemented for all domain names that we manage. Unfortunately, there are still providers that do not offer this as standard, but only on request, or - in rare cases - not at all. As a result, not all organisations offer this security, and that is really no longer acceptable.

All domain names pointing to Peppered servers must therefore have DNSSEC activated. If providers cannot or do not want to offer this, or if your organisation doesn’t know what to do, we can take over the domain name management and arrange it.

3. SPF

SPF is a setting per domain name (in the Domain Name System (DNS)) that contains a list of servers that can send emails in the name of that domain name. This setting is important to implement properly and strictly, so that e-mails are less likely to be marked as spam and the visitor has more certainty that the e-mail is valid.

SPF in itself is not sufficient, because it only indicates that the deliverer of the electronic mail is on the list of possible deliverers. But it is a simple and minimal security. Compare it with the agreement that we only send mail by UPS or DHL. If mail would come in on our behalf through GLS, you know that can't be right, so it's spam. But the other way around, that does not mean that all mail in our name via UPS or DHL is always valid, thus not spam.

Please note that you:

  • Are complete: if you forget to send UPS on the list in the above example while you are using it, it will of course go wrong. This way you can quickly use multiple senders with your domain name, not just your office e-mail.
  • Configure SPF for all domain names, even if no e-mail is sent from a domain name. You simply set that no post is valid.
  • Implement SPF correctly. You can loosely implement SPF (ending in ~all or ?all or +all), but actually that isn't enough. It should always be implemented strictly (ending in -all).

4. DKIM

With DKIM you also give your visitors more certainty. DKIM is a kind of technical signature of the sender that is sent along with e-mails. This signature can be checked with the signature in the domain name settings (DNS). DKIM is therefore important for the recipient to be able to validate whether the e-mail really comes from the sender mentioned. An e-mail with DKIM is therefore much less likely to be mistaken as spam than an e-mail without DKIM. It is a minimum security that should be applied to all emails.

5. DMARC

To make SPF and DKIM work really well, there is also DMARC: a special domain name setting in which it can be specified that e-mails from a certain domain name must always comply with SPF and DKIM. This of course makes them much more powerful, because then you know that an email is only valid if it comes from a valid server and has a signature that guarantees the sender. It also ensures that an email without DKIM is no longer considered valid.

Carefree online

How secure is your online environment already? With these safeguards you are definitely on the right track. However, the continuous change of the internet means that you have to keep adapting. That's what we do at Peppered, so you can be online worry free. With our continuous development, your website and e-mail will always remain up to date and well secured.