However, this step should be taken by any company that cares about its data.
“The introduction of these measures is mandatory for most administrators and operators of systems that fall under our law, but of course we recommend them also to those who do not fall under our regulation but want to keep their mail safe,” says Karel Rehka, Director of the NCIB, about the currently issued protective measure under the Cyber Security Act.
Ladislav Blažek, System4’s technical support director, adds: “We welcome NUKIB’s initiative to prevent spying and falsification of e-mail communications. However, we would like to point out that these recommendations are valid for any company running an email server (whether in the cloud or o-premise) and lead to reduced spam and safer internet communication for all of us.
Here, on behalf of System4u, we present recommendations that will help companies to adequately secure their email communications.
Why only communicate using TLS 1.2 and higher?
Old versions of security protocols contain known vulnerabilities that can be used to eavesdrop on encrypted communications (main-in-the-middle exploits).
Therefore, we recommend using only TLS 1.2 and higher.
Why enable support for STARTTLS on the email server?
Support for secure connections according to the STARTTLS standard allows you to forward electronic mail between SMTP servers encrypted if both parties support this. This can prevent the interception of communications that would otherwise travel openly.
Why use DNSSEC on a domain?
DNSSEC technology allows the client to verify the validity of information obtained
from the DNS system, protecting you against spoofing or intentional manipulation of DNS records. DNSSEC uses asymmetric encryption – the domain holder electronically signs the information entered into DNS and uses a public key stored
with the parent authority of its domain, this signature can be verified. This system can be used to verify that the specified address is translated to the correct IP address.
Why have the SPF record set correctly?
The SPF record in DNS allows administrators to determine which e-mail servers can send e-mail from a given domain. If mail is sent from a server that is not included in the
in the SPF record, it is probably spam.
Why have a DKIM record?
DKIM is a method of verifying that the message was actually sent from the sender’s address. Message headers sent from the company e-mail server are signed with DKIM signature. Its public key is also stored at the sender’s domain in DNS for verification on the recipient’s side.
Why have a DMARC record?
DMARC technology uses DKIM and SPF records to validate email messages
and identifying fraudulent emails. Defines under what conditions the sender address (From: header) should be evaluated as trusted.
If company IT administrators can’t do it alone, a team of technicians can help
from System4.
System4u operates or manages hundreds of email servers of various types
in organisations of all sizes.
We will analyse the situation and prepare recommendations for customers on how to resolve the situation
in the short and long term.