You may ask yourself, how secure is the email provider you use or the mail server you operate yourself. Today I learned that there is a simple way to test this.
A test platform provided by the European Commission provides a simple way to test security standards of your mail provider or mail server, that just involves receiving a mail and responding to it. It also checks some DNS settings and finally calculates scores in these three categories:
- Confidential delivery: Your e-mail provider protects your messages (sent/received) from eavesdroppers, using encryption. It applies the latest technologies available, assuring the identity of the parties with which interacts.
- Phishing and identity theft: Your e-mail provider prevents the reception of messages from not legitimate servers. It also takes measures to avoid unauthorized servers to send emails from accounts of your domain. With these actions it is drastically reducing the probability of receiving (or generating) impersonation and/or Phishing attacks.
- Integrity of messages: Your e-mail provider can identify messages that have been modified or intercepted during its delivery phase (from the sender MTA to the recipient MTA).
But remember that this test does only check the message security but not the server itself. So if you have a weak root passwort or other security nightmares it doesn’t warn you about that.
You can find the test here: mecsa.jrc.ec.europa.eu
For my mail server setup I use Mailcow and applied all settings as suggested (DKIM, DMARC etc.) as well as using DNSSEC and received 5.0/5 in each category. Even providers like Gmail don’t have a 5.0/5 everywhere.
This test may also be an alternative to sites like Mail Tester I used to check if I did everything the right way after setting up my mail server.