Introduction

This guide provides a comprehensive security checklist for MailRoute customers, along with useful information to help you make the most of your email filtering.  Follow these best practices to enhance your email security and improve deliverability.

 

Table of Contents

1.  Account Security

2.  Filter Management

3.  User Education and Management

3.  Top Tech Tips

4.  Spam Filter Troubleshooting

5.  Customized Requests

6.  CMMC Compliance

7.  Additional Resources

 

1.  Account Security

Update your Admin credentials

• • Ensure Admin details are correct and up to date in the MailRoute Control Panel, making sure a non domain-based email is included for us to contact you in an emergency.

  • For security purposes delete any old Admins that could still access your domain.

Set up Passkeys for enhanced security

• • Passkeys are a new, more secure alternative to passwords designed to enhance user authentication on websites and apps.

  • The adoption of passkeys aligns with global efforts to enhance digital security. By storing passkeys securely on a user's device and employing local authentication methods, passkeys ensure that users' credentials are never exposed during transmission or server breaches.

  • This advancement supports a more seamless and secure internet experience, moving us closer to a password-free future.

Enable Continuity - MailRoute's disaster-recovery email solution (Enterprise+ plans)

• • Continuity is MailRoute's secure, reliable disaster-recovery email solution. We make your email available even when your mailserver is not. 
  • With Continuity, a secure web portal provides access for all email addresses on your domain(s) during outages or scheduled downtime.
  • It's important to have Continuity enabled and all users set up with passwords before an unexpected outage.

Lockdown your mailserver to only accept mail from MailRoute's block of servers

• • Make sure your mail server is locked down to prevent open relay abuse.
  • Restrict all traffic so that mail only comes from our block of addresses. It's a block of 8 Class C networks: CIDR notation: 199.89.0.0/21 Netmask notation: 199.89.0.0 with a netmask of 255.255.248.0 Address range: 199.89.0.0 through 199.89.7.255
•  
  • Configuring Your Software and Services for MailRoute
  • Locking Down Your Mail Server

Use MailRoute's outbound relay

• • Outbound mail is included in your service.  You'll just need a static IP in order to use the service. Configuring Outbound Email Services
  • Outbound relay offers added protection and decreasing load on your mailserver, it allows us to more accurately filter your inbound mail as we learn about your mail traffic patterns.

 

Authenticate your outbound mail to increase deliverability, provide phishing protection, and help prevent forgeries

• • Proper configuration ensures your mail isn’t quarantined or rejected by recipient servers.
  • In order to prevent forgeries, phishing, and email spoofing we use SPF, DKIM, DMARC and ADSP to help identify malicious messages.
  • Email Authentication and Phishing Protection - An Explanation and Exploration
  • Send an email from your domain to check@mailroute.net to receive an email with your domain's current configuration status.

 

Set up your Phishing and CEO protection settings

• • Stop bad actors from targeting individuals in your company from socially-engineered phishing and spoofing attacks with our custom rules.  
  • Emails that look like they're internal communications from company CEOs, VPs, Executives names may be spoofed in the From Header to employees in the hopes of extorting money, asking for bank details, downloading malware, or click on dangerous links in emails.
  • Email Header Spoofing, CEO Impersonation, C-Suite Impersonation, Social Engineering, Phishing Prevention

 

2.  Filter Management

Review and update your Allow lists

• • We can't say this enough: be very sparing with allowlistings for your domain and users as they allow mail to bypass our filters (we still check for viruses and malware) no matter how spammy it looks.
  • Delete allowlistings for major and popular domains, banks, the third party bulk mailings services, etc. Spammers count on allowlistings to get their mail through.
  • Allow and Block Best Practices

 

Review your spam score settings

• • MailRoute's standard spam score cut-off is 7, meaning anything higher may be considered spammy.
  • You can adjust the score but remember it's a fine line between allowing too much spam or causing too many false-positives.
  • Filter Settings: Domain

 

3.  User Education and Management

Educate users about quarantined mail and spam scores

• • Users looking through their quarantine should be aware that the emails in their quarantine have been classified as spam and the emails should be treated as such.
  • Our standard spam cut off score is 7 and the higher the number, the likelier the mail will be spam. Use caution releasing mail with high scores.
  • Filter Settings

 

Set your Mail client to display the "From" header to show both full name and sender's address

• • Ensure your mail client software displays both the full name of the user and the sender's email address by default, where possible (it may not be possible in mobile clients)
  • Email 'From' should be displayed like this so it's obvious it's spoofed or forged email: From: "Jane Doe - CEO " <randomaddress@maliciousdomain.com>

 

Customize your Domain's Quarantine Notifications Preferences

• • As an Admin you may want to restrict user's from being able to complete actions in their spam quarantine for security reasons.  
  • Our Notifications Preferences will ensure Admins have control over what their users see and what their users can action in their quarantine notification emails.  This helps keep your domain more secure by restricting actions that could potentially compromise your security.
  • Quarantine Notification Email Preferences Customization

 

Top Tech Tips

Use the Admin's best resource: MailRoute's real-time Mail Log Feature

• • See our searchable, real-time mail logs to diagnose mail flow issues, see relay details, confirm mail relay, etc.  For troubleshooting, simply go to the mail logs in the MailRoute Control Panel, click on the appropriate email to display the full details.
  • Mail Log - Live, Real-Time, Searchable, Logging Data

 

Demonstrate the benefits and effectiveness of MailRoute by utilizing our Reporting feature

• • Generate reports to show how much spam has been blocked for your domain in the MailRoute Control Panel.  Set a time frame and view the report by domain or by users.  You can export this data to create reports demonstrating how MailRoute keeps your domain safe.
  • Identify the domain user who receives the most spam emails. You may want to add training or additional protections for these vulnerable users.
  • Domain Reporting

 

Follow our Customer Announcements for Important Communications and System Status

• • Get critical alerts with our system statuses and other important messages by following our Customer Announcements here: Customer Announcements

 

Save time by using MailRoute's Microsoft 365 or Google Workspace syncs

• • We've created an API-like sync for more efficient management of your o365 or Google Workspace users.   Our system will sync to these services so all your user lists, aliases, distribution lists are automatically updated on our end whenever you change things in o365 or Google Workspace.
  • How to Sync Microsoft 365/Office 365/o365 User Lists, Aliases, and Distribution Lists With MailRoute
  • Google Workspace/GSuite/Google Apps/G Suite Sync

 

Spam Filter Troubleshooting

Marketing/Opt-in Emails are not spam (usually)

• • It may seem like spam to you but sometimes a user can check to allow a sender by mistake. Almost always these mailings can be unsubscribed from or blocked. 
  • Tips on Migration: Seeing more/less spam?

Report spam

• • Sometimes spam mails get through even our toughest lines of defense. Reporting spam helps us adjust our filters keeping your domain safer and all of our customers safer.
  • Report spam by sending the original (not forwarded) email as an attachment to abuse@mailroute.net
    Please use these instructions: How to Forward an Email as an Attachment

Recovering too many false positives in your quarantine

• • If you're recovering too many false-positives or legitimate mail from your quarantine, let us know. Have our team review false positives by sending an email to support@mailroute.net 
  • Please provide specific details of the email including full address, time, date, etc
    
    

Customized requests

If you need something unique for your domain's filters or settings, let us know. We can usually help out and create something to help make your account better. 

Contact support@mailroute.net for custom filtering solutions.

CMMC compliance

Stop Ransomware, spam and phishing, other viruses and threats for SMB, Enterprise, Healthcare, and Government agencies and contractors. API-level integration for Microsoft Office 365 & GCC High.

For further details contact sales@mailroute.net

Compliance Fact Sheet

 

Additional Resources

• • Email Server SMTP Errors
  • Postfix SMTP Response Errors
  • Developers API Resources

Further Assistance

If you need additional help with implementing these best practices or have questions about MailRoute's Email Filtering, please contact MailRoute Support at support@mailroute.net.