Checklist of recommended best practices for your office email server | Mail server, email support management - check-list and assessment steps | email server security

We as IT professional play multiple roles and wearing different types of hats as system administrator, network admin, linux admin, email admin, support manager etc. many times.

Responsibility of these individuals are larger and critical while supporting information technology environment hence sharing article on mail servers check-list and its assessment.

Here describing check-list for email servers' administrator and service provider which help to get check essential actions, check for services availability, confidentiality and integrity.

Email system is back-bone any enterprise and organization, interruption in email service may cause a big delay in many business decisions and may cause financial loss.

Points	Requirement for
1. Enable SPF	Prevent email spoofing
2. Enable DKIM	Make emails trustworthy
3. Enable DMARC	Utilize SPF and DKIM at best
4. Anti-Spam Filter	Block spam before users see it
5. Relaying protection	Prevent unauthorized use
6. Enable Throttling protection	Prevent spamming and blacklisting
7. Restrict Local Email Domain	Prevent sender domain forgery, fraud
8. Check Attachment Restrictions	Prevent malicious attachments
9. Log check and history	Know what’s happening and what happened
10. Consider Email Encryption	Guarantee privacy of email data; SSL enable web mail and client
11. Enable DNSSEC	Prevent unauthorized DNS changes
12. Educate & train community	Security starts with people; training & awareness
13. Regularly Test Configurations	Prevent configuration point
14. Antivirus gateway	To filter threats at perimeter
15. RRD check	Round robin check for DNS records
16. MX record	Validate MX records timely
17. Domain check	Expiry of domain
18. VA-PT for domains	Check external & internal vulnerability
19. Security audit	Regular check security and updates
20. Check Phishing awareness	Test thru phishing attack and review  for protection, awareness
21. Password policy	Stringent password policy, at least 14 (complex) characters length
22. Mail access restriction	Check allowed protocols and restrict it at min. requirement
23. Auto FWD restriction	Validate regular and apply restriction
24. IDs validation	Users and its access validation
25. IP black listing	Check regularly for IP blacklist

For any such type of services check and assessment and for guidance you can contact via email and comment in blog.

I will revert with solution and action items.