A Survival Guide for the Small Mail Server
2015-03-19 00:00:00 UTC, by Natale Maria Bianchi
Nowadays many companies and organizations (non-profits, units of governmental and educational institutions, etc) believe that running their own mail servers has become an impossible task, due both to the large amount of inbound spam and to the continuous attempts by spammers to send outbound spam through their mail servers. Companies often lack in-house technical resources to configure and run a mail server properly and deal with these threats. For these reasons, many organizations decide to outsource their email service to external entities.
However, outsourcing does not come without costs, even when the outsourced service appears to be "free". Hidden costs include:
- Another organization can see the content of all messages. In some cases, the contents of messages are stored on the outsourcing company's servers indefinitely. External access to unencrypted emails poses privacy and confidentiality issues. Furthermore, the outsourcing company may be located in another country and be subjected to different regulations and obligations.
- In some cases, the outsourcing company's terms and conditions allow it to search the content of emails to aid in targeting advertising, which poses even greater privacy and confidentiality problems.
- The organization no longer has control of its own email security. Server-based encryption and authentication is managed by the outsourcing company, requiring end-to-end encryption for sensitive communications.
- Large companies with many customers are often a target of cybercrime attacks aimed at stealing customer data, and some of these attacks have succeeded.
- Inspection of SMTP transaction logs may be impossible for the end user. Troubleshooting failed deliveries and other email problems requires interacting with an external support desk. Support desks are sometimes slow to respond. First-line support, in particular, might lack the training and access to fix any but simple problems, requiring escalation and further delays.
- Sharing a mail server with other organizations can cause delivery issues when a user at another organization sends spam through that mail server. When the outsourcing company fails to detect and block spam, or is slow to terminate service to spammers, the likelihood of problems increases substantially.
These disadvantages are important. For small organizations that need reliable, confidential email systems, the choice of whether to outsource or not can be a tough one.
Running a secure, spam-filtered mail server for a small organization is not terribly difficult, if these guidelines are followed:
- Choose a good ISP or hosting provider
- Reject as much inbound spam as possible
- Prevent outbound spam
- Monitor the logs!
To read more from this article visit Spamhaus Orgaisation
Source available: https://www.spamhaus.org/news/article/719/a-survival-guide-for-the-small-mail-server