Blog

22
Feb

Email Filtering Service—How Essential Are They for Small Businesses and Large Corporates?

For many enterprises, whether they’re a small family business or an international corporation, email is an essential service. It not only saves time, it helps you connect with the people that are important to the business, including customers or clients, partners, and staff members. But for all its instantaneous messaging, email can also be curiously slow, namely because most emails are terrible at filtering out unwanted messages. If your company relies on emails to run every day, then you may need an email filtering service. Here are just a few reasons why it can help your business stay focused and improve efficiency.

email filtering service1. Shutdown Spam

Spam is annoying, almost everyone can agree on that, but one of the most annoying aspects of spam isn’t the mail itself, it’s the messages that get lost in the shuffle as a result of spam. How often have people deleted important messages because they were getting rid of spam in their inbox? The simple reality of spam is that it causes disruptions and, as a result, inefficiencies. But with an email filtering service, you can help sort spam out of your employees’ inboxes before it even gets there. That means fewer missed emails, less pointless ones, and a better overall email experience.

2. Less Distractions

Constant emailing breaks people’s concentration and this phenomenon is only getting worse now that our emails come to us in a million different ways. Offers, specials, notifications for social media and more, all come to us at every minute of every day. Some of these are important, but many are tied to non-work related things. To lessen these distractions and allow your employees to stay focused on their actual work, you can subscribe to an email filtering service. A professional service can help your email systems differentiate between important work emails and spam from undesirable sources. It will help your staff stay on track and prevent them from filling their inbox space with unwanted mail.

3. Security

Emails are still one of the easiest ways to send viruses, and other malware to different computers. It’s surprisingly simple and many of the malicious software programs can download onto computers, and into your servers, without even being detected. But with the right email filtering service, you can help block out emails that contain a code that could ruin your business. It will scan emails for problems before sending them to your inbox. If a problem is discovered, the email never even turns up in the inbox, lessening your chance of inadvertently downloading dangerous malware.

If your company wants to avoid the inefficiencies that can come as a result of having poor email filters, be sure to contact Securence about our email filtering service. It can help your company stay on track, make sure that important communications don’t get lost in the shuffle, and ensure that people’s emails aren’t causing undo stress. Only a professional email filtering service can help your company create custom filters that work for you and your staff.

21
Feb

Why You Should Not Use Office 365 for Your Hosted Exchange

The telecommunications industry is changing with innovative technology involving state-of-the-art infrastructure. Improving your hosting solution means expecting better customer service while also benefiting from less outages. Securence offers this and more to its valued clients. We don’t outsource our technical assistance; our first-rate direct support means that client concerns and issues are brought forward to immediate attention of the exchange operating staff.

The hosted exchange of your business will be owned, maintained, updated, and backed-up by a third party hosting provider, saving the end user thousands of dollars. Our clients no longer spend money on the hardware and software for the office, which saves space (no server room!) in addition to money. We ensure software updates are installed, and we monitor your data availability. Basically, with Securence, you can focus on running your company while knowing your data is in good hands.

hosted exchange

Let us tell you why you should not use Office 365 for your hosted exchange.

Why choose hosted exchange over Office 365?

The first thing you need to know is that the services are done virtually. The products offered by a hosted exchange are available to third party hosting providers with a small charge. Imagine a world where all the effort around getting a network uptime, power, and hardware management is managed by a virtual third party host that supports you within seconds. Our customers enjoy a variety of email offerings from Securence. The problem with our competition often lies in their inability to enjoy options for affordable strategies to make a small business more efficient. Make better technical choices with our help.

Features that really work

Hosted exchange styles offer hybrid email solutions for small and growing businesses, since each business has unique requirements. The many technical features we can provide for your hosted exchange knocks Office 365 out of the water. We can improve your productivity with a calendar and online collaboration tools to ease your stress in the business world.

Simplicity and Security

Get the security that your business has been looking for. With us, you get the benefit of receiving anti-spam and anti-virus scans as well as SSL encryption for all email transmissions. Trust and know the products you are getting for your hosted exchange. You are getting supportive staff that is on your side whenever you need a hand. If you are a system administrator, reach out and connect with our support team.

Evolving Technology

Each and every day we see businesses struggle with the same thing, and it’s our goal to make their business either more accessible to customers or their marketing more appealing to viewers. After all, is it not your priority to draw people in?

A hosted exchange takes the pressure off you and allows flexibility to pursue different types of email set up options as well as keeping all important data in one secure place. We save you energy and money that you would otherwise have to invest in another hosting plan.

20
Feb

Email Archiving Solutions – A Worthy Investment for Your Business

As a business service provider you generally have very little time for inconvenience, including chain emails, and spam. Why fight one more battle with these waste-of-time emails? In the business world, every moment counts. How you spend your time reflects on the status of your business. The success you gain, results from the efforts you invest and your actions.

Email archiving services are an increasingly assertive way for managers to focus on the contacts that are most beneficial for their business’s health. Think of the last annoying email you received in your inbox, was it a retailer, a scam cruising vacation, or just another ad? If you are ready to say “no more”, invest in the revolutionary technology that makes a big difference.

Email archiving services

Learn to avoid spam

There are emerging email archiving tools that allow service providers to quickly set up email archiving protocols with remote management capabilities on customer requests and inputs. In another application, it can be for adding those management capabilities onto existing storage service offerings. Good data management results in accurate numbers and accurate numbers mean precision; there is nobody who complains about being precise.

Software Exchange Archiver

Email archiving and management optimizes storage of archival data. This optimization makes it possible for small businesses that wish to maximize extra storage resources that are dedicated to storage email archives. Remember, when there wasn’t an unsubscribe button to that pesky ad or retailer who just wouldn’t leave your business or personal email alone? Your software is designed in way to eliminate any unwanted emails from popping up in your unread mail box. It is often difficult to refrain from opening junk mail when it is unread and in front of you. This is why cost effective email archiving solutions come into play so often.

Worthy investment?

The World Wide Web is quickly changing with technological evolvement. One of the best ways to manage your email preferences is through the extension of an email archiver. Our search and retrieval services give users the ability to get emails in seconds using keywords, data range, and other filtering methods. The best part of our handy service is that there are no storage limits and no additional hardware required for this efficiency to thrive. The unwanted messages that are received through the archive are then stored at multiple secure off-site locations.

Journaling can be important for businesses to maintain a healthy communicative environment amongst co-workers, and in this case the software uses exchange journaling for internal email and archive when journaling to Securence is enabled on the email server.

19
Feb

Cloud Email Security Service Assists Your Business in More Ways than One

Emails today are some of the most time-consuming and dangerous aspects of the modern business. Not only can emails lead to a variety of distractions that can cost your business time and money, they can cost you in many other ways as well. If your business needs to keep your email as efficient and safe as possible, Securence’s cloud email security service solves many problems that plague business email. Here are just a few ways in which it can help your company succeed.

1. Security

Opening up an email shouldn’t be a risky venture. It should be a short, safe procedure that gives you the information you need to be productive. Modern malware creators still love using emails to send their malicious code. It’s a simple way to get people to open programs they don’t want, and it remains a method of delivery with a surprisingly high success rate. To protect your company against attacks, you need security in your email. Cloud email security service from Securence bolsters your email’s security, helping to filter through malicious emails to protect your company’s files and data.

Cloud email security service2. Lessens Traffic

When you consider how many emails you get a day, you’re probably not keeping track of how much information is getting passed along with them. Pictures, attachments, and other forms of data all take up space on your servers, which can be a problem if you have limited server space, or are large companies sending multiple emails. Promotional emails, with their high resolution photos and other large files, can quickly take up space and push your server space to the limit. But with a cloud email security service, you can limit traffic by keeping out these big, superfluous emails. It helps you keep the demands on your server lower, but it can also save you money by not having to subscribe to more server space.

3. Customized Filters for Your Business

While most email providers supply some sort of filtering, that doesn’t mean that it’s enough to keep your employees focused. Many filters cannot differentiate in the same way as a professional cloud email security service, which can lead to many emails from sources that aren’t tied to work. With cloud email security service, however, you can set filters for incoming and outgoing emails, keeping you on top of everything in your company’s email. Filtering will lessen the number of emails you receive overall as well, making sure that everything that makes it to your inbox is pertinent and important. That means fewer important emails getting lost in the shuffle, and quicker response time to the mails that matter.

Modern businesses need 21st century solutions to everyday problems, especially when it comes to their email. While email services are designed to get people the information they need in a flash, they can also cost you time, money and productivity in many different ways. With Securence’s cloud email security service, these problems can be avoided. Custom filters, extra security, and more will help your company stay on the right track.

28
Dec

SMTP Over TLS Certificate Chain

  • Root CA Cert: COMODO RSA Certification Authority
    • Serial number: 27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
    • Signature Algorithm: sha384WithRSAEncryption
    • Cert key size: RSA 4096
  • Intermediate Cert: COMODO RSA Domain Validation Secure Server CA
    • Serial number: 2b:2e:6e:ea:d9:75:36:6c:14:8a:6e:db:a3:7c:8c:07
    • Signature Algorithm: sha384WithRSAEncryption
    • Cert key size: RSA 2048
  • Securence Cert: *.securence.com
    • Serial Number: bd:22:98:2f:a0:fa:cb:02:55:6a:ce:15:e5:69:55:b5
    • Signature Algorithm: sha256WithRSAEncryption
    • Cert key size: RSA 2048

See also: SMTP over TLS supported cipher suites


Verbose cert details: COMODO RSA Certification Authority

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
        Signature Algorithm: sha384WithRSAEncryption
        Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
        Validity
            Not Before: May 30 10:48:38 2000 GMT
            Not After : May 30 10:48:38 2020 GMT
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:91:e8:54:92:d2:0a:56:b1:ac:0d:24:dd:c5:cf:
                    44:67:74:99:2b:37:a3:7d:23:70:00:71:bc:53:df:
                    c4:fa:2a:12:8f:4b:7f:10:56:bd:9f:70:72:b7:61:
                    7f:c9:4b:0f:17:a7:3d:e3:b0:04:61:ee:ff:11:97:
                    c7:f4:86:3e:0a:fa:3e:5c:f9:93:e6:34:7a:d9:14:
                    6b:e7:9c:b3:85:a0:82:7a:76:af:71:90:d7:ec:fd:
                    0d:fa:9c:6c:fa:df:b0:82:f4:14:7e:f9:be:c4:a6:
                    2f:4f:7f:99:7f:b5:fc:67:43:72:bd:0c:00:d6:89:
                    eb:6b:2c:d3:ed:8f:98:1c:14:ab:7e:e5:e3:6e:fc:
                    d8:a8:e4:92:24:da:43:6b:62:b8:55:fd:ea:c1:bc:
                    6c:b6:8b:f3:0e:8d:9a:e4:9b:6c:69:99:f8:78:48:
                    30:45:d5:ad:e1:0d:3c:45:60:fc:32:96:51:27:bc:
                    67:c3:ca:2e:b6:6b:ea:46:c7:c7:20:a0:b1:1f:65:
                    de:48:08:ba:a4:4e:a9:f2:83:46:37:84:eb:e8:cc:
                    81:48:43:67:4e:72:2a:9b:5c:bd:4c:1b:28:8a:5c:
                    22:7b:b4:ab:98:d9:ee:e0:51:83:c3:09:46:4e:6d:
                    3e:99:fa:95:17:da:7c:33:57:41:3c:8d:51:ed:0b:
                    b6:5c:af:2c:63:1a:df:57:c8:3f:bc:e9:5d:c4:9b:
                    af:45:99:e2:a3:5a:24:b4:ba:a9:56:3d:cf:6f:aa:
                    ff:49:58:be:f0:a8:ff:f4:b8:ad:e9:37:fb:ba:b8:
                    f4:0b:3a:f9:e8:43:42:1e:89:d8:84:cb:13:f1:d9:
                    bb:e1:89:60:b8:8c:28:56:ac:14:1d:9c:0a:e7:71:
                    eb:cf:0e:dd:3d:a9:96:a1:48:bd:3c:f7:af:b5:0d:
                    22:4c:c0:11:81:ec:56:3b:f6:d3:a2:e2:5b:b7:b2:
                    04:22:52:95:80:93:69:e8:8e:4c:65:f1:91:03:2d:
                    70:74:02:ea:8b:67:15:29:69:52:02:bb:d7:df:50:
                    6a:55:46:bf:a0:a3:28:61:7f:70:d0:c3:a2:aa:2c:
                    21:aa:47:ce:28:9c:06:45:76:bf:82:18:27:b4:d5:
                    ae:b4:cb:50:e6:6b:f4:4c:86:71:30:e9:a6:df:16:
                    86:e0:d8:ff:40:dd:fb:d0:42:88:7f:a3:33:3a:2e:
                    5c:1e:41:11:81:63:ce:18:71:6b:2b:ec:a6:8a:b7:
                    31:5c:3a:6a:47:e0:c3:79:59:d6:20:1a:af:f2:6a:
                    98:aa:72:bc:57:4a:d2:4b:9d:bb:10:fc:b0:4c:41:
                    e5:ed:1d:3d:5e:28:9d:9c:cc:bf:b3:51:da:a7:47:
                    e5:84:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A

            X509v3 Subject Key Identifier: 
                BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies: 
                Policy: X509v3 Any Policy

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.usertrust.com/AddTrustExternalCARoot.crl

            Authority Information Access: 
                OCSP - URI:http://ocsp.usertrust.com

    Signature Algorithm: sha384WithRSAEncryption
        64:bf:83:f1:5f:9a:85:d0:cd:b8:a1:29:57:0d:e8:5a:f7:d1:
        e9:3e:f2:76:04:6e:f1:52:70:bb:1e:3c:ff:4d:0d:74:6a:cc:
        81:82:25:d3:c3:a0:2a:5d:4c:f5:ba:8b:a1:6d:c4:54:09:75:
        c7:e3:27:0e:5d:84:79:37:40:13:77:f5:b4:ac:1c:d0:3b:ab:
        17:12:d6:ef:34:18:7e:2b:e9:79:d3:ab:57:45:0c:af:28:fa:
        d0:db:e5:50:95:88:bb:df:85:57:69:7d:92:d8:52:ca:73:81:
        bf:1c:f3:e6:b8:6e:66:11:05:b3:1e:94:2d:7f:91:95:92:59:
        f1:4c:ce:a3:91:71:4c:7c:47:0c:3b:0b:19:f6:a1:b1:6c:86:
        3e:5c:aa:c4:2e:82:cb:f9:07:96:ba:48:4d:90:f2:94:c8:a9:
        73:a2:eb:06:7b:23:9d:de:a2:f3:4d:55:9f:7a:61:45:98:18:
        68:c7:5e:40:6b:23:f5:79:7a:ef:8c:b5:6b:8b:b7:6f:46:f4:
        7b:f1:3d:4b:04:d8:93:80:59:5a:e0:41:24:1d:b2:8f:15:60:
        58:47:db:ef:6e:46:fd:15:f5:d9:5f:9a:b3:db:d8:b8:e4:40:
        b3:cd:97:39:ae:85:bb:1d:8e:bc:dc:87:9b:d1:a6:ef:f1:3b:
        6f:10:38:6f

-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD
VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw
AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6
2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt
4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq
m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/
vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT
8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE
IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO
KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO
GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/
s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g
JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD
AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9
MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy
bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6
Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ
zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj
Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY
Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5
B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx
PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR
pu/xO28QOG8=
-----END CERTIFICATE-----

Verbose cert details: COMODO RSA Domain Validation Secure Server CA

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:2e:6e:ea:d9:75:36:6c:14:8a:6e:db:a3:7c:8c:07
        Signature Algorithm: sha384WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
        Validity
            Not Before: Feb 12 00:00:00 2014 GMT
            Not After : Feb 11 23:59:59 2029 GMT
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:8e:c2:02:19:e1:a0:59:a4:eb:38:35:8d:2c:fd:
                    01:d0:d3:49:c0:64:c7:0b:62:05:45:16:3a:a8:a0:
                    c0:0c:02:7f:1d:cc:db:c4:a1:6d:77:03:a3:0f:86:
                    f9:e3:06:9c:3e:0b:81:8a:9b:49:1b:ad:03:be:fa:
                    4b:db:8c:20:ed:d5:ce:5e:65:8e:3e:0d:af:4c:c2:
                    b0:b7:45:5e:52:2f:34:de:48:24:64:b4:41:ae:00:
                    97:f7:be:67:de:9e:d0:7a:a7:53:80:3b:7c:ad:f5:
                    96:55:6f:97:47:0a:7c:85:8b:22:97:8d:b3:84:e0:
                    96:57:d0:70:18:60:96:8f:ee:2d:07:93:9d:a1:ba:
                    ca:d1:cd:7b:e9:c4:2a:9a:28:21:91:4d:6f:92:4f:
                    25:a5:f2:7a:35:dd:26:dc:46:a5:d0:ac:59:35:8c:
                    ff:4e:91:43:50:3f:59:93:1e:6c:51:21:ee:58:14:
                    ab:fe:75:50:78:3e:4c:b0:1c:86:13:fa:6b:98:bc:
                    e0:3b:94:1e:85:52:dc:03:93:24:18:6e:cb:27:51:
                    45:e6:70:de:25:43:a4:0d:e1:4a:a5:ed:b6:7e:c8:
                    cd:6d:ee:2e:1d:27:73:5d:dc:45:30:80:aa:e3:b2:
                    41:0b:af:bd:44:87:da:b9:e5:1b:9d:7f:ae:e5:85:
                    82:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4

            X509v3 Subject Key Identifier: 
                90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: X509v3 Any Policy
                Policy: 2.23.140.1.2.1

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca.com/COMODORSACertificationAuthority.crl

            Authority Information Access: 
                CA Issuers - URI:http://crt.comodoca.com/COMODORSAAddTrustCA.crt
                OCSP - URI:http://ocsp.comodoca.com

    Signature Algorithm: sha384WithRSAEncryption
        4e:2b:76:4f:92:1c:62:36:89:ba:77:c1:27:05:f4:1c:d6:44:
        9d:a9:9a:3e:aa:d5:66:66:01:3e:ea:49:e6:a2:35:bc:fa:f6:
        dd:95:8e:99:35:98:0e:36:18:75:b1:dd:dd:50:72:7c:ae:dc:
        77:88:ce:0f:f7:90:20:ca:a3:67:2e:1f:56:7f:7b:e1:44:ea:
        42:95:c4:5d:0d:01:50:46:15:f2:81:89:59:6c:8a:dd:8c:f1:
        12:a1:8d:3a:42:8a:98:f8:4b:34:7b:27:3b:08:b4:6f:24:3b:
        72:9d:63:74:58:3c:1a:6c:3f:4f:c7:11:9a:c8:a8:f5:b5:37:
        ef:10:45:c6:6c:d9:e0:5e:95:26:b3:eb:ad:a3:b9:ee:7f:0c:
        9a:66:35:73:32:60:4e:e5:dd:8a:61:2c:6e:52:11:77:68:96:
        d3:18:75:51:15:00:1b:74:88:dd:e1:c7:38:04:43:28:e9:16:
        fd:d9:05:d4:5d:47:27:60:d6:fb:38:3b:6c:72:a2:94:f8:42:
        1a:df:ed:6f:06:8c:45:c2:06:00:aa:e4:e8:dc:d9:b5:e1:73:
        78:ec:f6:23:dc:d1:dd:6c:8e:1a:8f:a5:ea:54:7c:96:b7:c3:
        fe:55:8e:8d:49:5e:fc:64:bb:cf:3e:bd:96:eb:69:cd:bf:e0:
        48:f1:62:82:10:e5:0c:46:57:f2:33:da:d0:c8:63:ed:c6:1f:
        94:05:96:4a:1a:91:d1:f7:eb:cf:8f:52:ae:0d:08:d9:3e:a8:
        a0:51:e9:c1:87:74:d5:c9:f7:74:ab:2e:53:fb:bb:7a:fb:97:
        e2:f8:1f:26:8f:b3:d2:a0:e0:37:5b:28:3b:31:e5:0e:57:2d:
        5a:b8:ad:79:ac:5e:20:66:1a:a5:b9:a6:b5:39:c1:f5:98:43:
        ff:ee:f9:a7:a7:fd:ee:ca:24:3d:80:16:c4:17:8f:8a:c1:60:
        a1:0c:ae:5b:43:47:91:4b:d5:9a:17:5f:f9:d4:87:c1:c2:8c:
        b7:e7:e2:0f:30:19:37:86:ac:e0:dc:42:03:e6:94:a8:9d:ae:
        fd:0f:24:51:94:ce:92:08:d1:fc:50:f0:03:40:7b:88:59:ed:
        0e:dd:ac:d2:77:82:34:dc:06:95:02:d8:90:f9:2d:ea:37:d5:
        1a:60:d0:67:20:d7:d8:42:0b:45:af:82:68:de:dd:66:24:37:
        90:29:94:19:46:19:25:b8:80:d7:cb:d4:86:28:6a:44:70:26:
        23:62:a9:9f:86:6f:bf:ba:90:70:d2:56:77:85:78:ef:ea:25:
        a9:17:ce:50:72:8c:00:3a:aa:e3:db:63:34:9f:f8:06:71:01:
        e2:82:20:d4:fe:6f:bd:b1


-----BEGIN CERTIFICATE-----
MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy
MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28Sh
bXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0
Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6
ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51
UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0n
c13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQY
MBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz
30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgG
BmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv
bS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E
T1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v
ZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2p
mj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/
e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBps
P0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMY
dVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc
2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxG
V/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4
HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQX
j4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII
0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5Ap
lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf
+AZxAeKCINT+b72x
-----END CERTIFICATE-----

Verbose cert details: *.securence.com

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            bd:22:98:2f:a0:fa:cb:02:55:6a:ce:15:e5:69:55:b5
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
        Validity
            Not Before: Oct 27 00:00:00 2015 GMT
            Not After : Oct 27 23:59:59 2018 GMT
        Subject: OU=Domain Control Validated, OU=COMODO SSL Wildcard, CN=*.securence.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bb:5e:54:1e:7f:a7:fb:7f:19:c6:cb:97:ae:30:
                    d8:b7:5d:bc:11:bb:78:90:63:fe:0e:67:d8:3f:f8:
                    36:73:2c:f8:8f:9c:73:08:0c:8f:e2:e2:01:23:82:
                    9a:fd:2e:84:61:8e:22:9d:4f:8b:8b:f7:de:3a:69:
                    b0:6b:6c:2a:be:97:cb:e1:9d:a5:7b:cc:45:fe:c7:
                    a0:6b:1d:a9:28:f4:05:51:1d:65:96:77:cb:60:a2:
                    4c:3a:22:2c:e1:f4:15:47:63:2a:7f:e2:f5:b6:9d:
                    3a:e6:dc:37:68:c5:d9:e0:42:01:cb:1f:f8:98:c5:
                    6c:8f:47:69:7e:fa:34:02:37:00:ad:40:57:2c:f9:
                    de:6a:20:51:f0:9b:52:8c:82:1e:9f:19:c3:a6:2b:
                    0f:87:b6:3d:61:c0:b3:dc:dd:ed:61:eb:6b:10:f0:
                    3c:d9:3f:f4:87:96:5d:8d:d1:2f:80:53:d5:c5:e8:
                    cf:93:d9:bd:1c:71:0a:5c:74:17:1c:15:09:9f:36:
                    29:e1:fe:66:80:9f:a8:30:09:04:dd:54:64:b9:20:
                    e6:6e:a7:27:ea:21:32:b2:5c:25:5b:b2:5b:16:fb:
                    92:4d:1a:74:f2:9f:83:9d:63:bc:9e:38:cb:d1:ca:
                    83:4d:43:ab:27:9b:ce:e8:58:57:2c:55:b4:e6:3b:
                    0f:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7

            X509v3 Subject Key Identifier: 
                19:26:F6:95:8E:36:8F:2D:DE:1F:0F:27:7F:AD:7D:0B:E0:83:E4:12
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.6449.1.2.2.7
                  CPS: https://secure.comodo.com/CPS
                Policy: 2.23.140.1.2.1

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl

            Authority Information Access: 
                CA Issuers - URI:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
                OCSP - URI:http://ocsp.comodoca.com

            X509v3 Subject Alternative Name: 
                DNS:*.securence.com, DNS:securence.com
    Signature Algorithm: sha256WithRSAEncryption
        84:8c:46:9b:78:d9:f4:df:d9:e5:e3:aa:74:ed:8f:37:8a:9b:
        e5:a9:14:58:29:44:e0:d0:33:14:f8:bd:37:c8:6e:c6:d0:a0:
        bc:ae:d0:6f:b4:10:cc:bd:1a:a5:8b:ba:a6:82:c8:d3:aa:2c:
        18:4c:0d:3d:33:ab:df:16:dc:d2:fd:b6:0b:1d:77:3b:18:c7:
        ed:96:ec:2f:09:5c:61:c7:29:c4:28:09:77:8f:20:64:a3:66:
        f2:09:fb:c4:96:78:fb:b5:1d:aa:a9:ed:eb:44:0e:9c:4b:fb:
        54:90:90:86:da:96:21:5e:4e:11:2a:e5:0b:45:98:fb:e5:dd:
        05:cb:4b:01:ea:dc:44:06:be:06:8c:1b:a0:25:1c:5d:fe:1d:
        f7:0f:5a:ba:8a:55:82:ef:66:62:b0:02:10:ee:4d:c7:04:0b:
        e2:00:b9:5c:53:96:66:47:45:c8:3d:d9:d9:36:fb:a4:a9:8b:
        22:a7:a7:97:27:ff:36:98:51:23:d3:4e:43:bd:8f:37:25:3e:
        e2:23:95:6c:d4:4e:b3:2c:a6:1f:39:03:e3:34:d8:66:6c:7f:
        56:ba:32:2a:ee:04:82:f1:34:d9:f4:f0:3e:d6:7c:f2:32:b8:
        1d:c1:1c:df:fa:18:83:1f:4b:25:6c:d5:d2:36:53:8d:d8:3b:
        38:62:b7:b2


-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgIRAL0imC+g+ssCVWrOFeVpVbUwDQYJKoZIhvcNAQELBQAw
gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
Q0EwHhcNMTUxMDI3MDAwMDAwWhcNMTgxMDI3MjM1OTU5WjBbMSEwHwYDVQQLExhE
b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxHDAaBgNVBAsTE0NPTU9ETyBTU0wgV2ls
ZGNhcmQxGDAWBgNVBAMMDyouc2VjdXJlbmNlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALteVB5/p/t/GcbLl64w2LddvBG7eJBj/g5n2D/4NnMs
+I+ccwgMj+LiASOCmv0uhGGOIp1Pi4v33jppsGtsKr6Xy+GdpXvMRf7HoGsdqSj0
BVEdZZZ3y2CiTDoiLOH0FUdjKn/i9badOubcN2jF2eBCAcsf+JjFbI9HaX76NAI3
AK1AVyz53mogUfCbUoyCHp8Zw6YrD4e2PWHAs9zd7WHraxDwPNk/9IeWXY3RL4BT
1cXoz5PZvRxxClx0FxwVCZ82KeH+ZoCfqDAJBN1UZLkg5m6nJ+ohMrJcJVuyWxb7
kk0adPKfg51jvJ44y9HKg01DqyebzuhYVyxVtOY7D+MCAwEAAaOCAdswggHXMB8G
A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBQZJvaVjjaP
Ld4fDyd/rX0L4IPkEjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIx
AQICBzArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQ
UzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9j
YS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy
bDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9k
b2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0Eu
Y3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wKQYDVR0R
BCIwIIIPKi5zZWN1cmVuY2UuY29tgg1zZWN1cmVuY2UuY29tMA0GCSqGSIb3DQEB
CwUAA4IBAQCEjEabeNn039nl46p07Y83ipvlqRRYKUTg0DMU+L03yG7G0KC8rtBv
tBDMvRqli7qmgsjTqiwYTA09M6vfFtzS/bYLHXc7GMftluwvCVxhxynEKAl3jyBk
o2byCfvElnj7tR2qqe3rRA6cS/tUkJCG2pYhXk4RKuULRZj75d0Fy0sB6txEBr4G
jBugJRxd/h33D1q6ilWC72ZisAIQ7k3HBAviALlcU5ZmR0XIPdnZNvukqYsip6eX
J/82mFEj005DvY83JT7iI5Vs1E6zLKYfOQPjNNhmbH9WujIq7gSC8TTZ9PA+1nzy
MrgdwRzf+hiDH0slbNXSNlON2Ds4Yrey
-----END CERTIFICATE-----
28
Dec

SMTP Over TLS Supported Cipher Suites

These are the Cipher Suites supported by Securence.  When negotiating a cipher suite the order below is the preferred order.

  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA — Scheduled to be removed early 2016
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA — Scheduled to be removed early 2016
  • SSL_RSA_WITH_RC4_128_SHA — Scheduled to be removed early 2016
  • TLS_ECDH_ECDSA_WITH_RC4_128_SHA — Scheduled to be removed early 2016
  • TLS_ECDH_RSA_WITH_RC4_128_SHA — Scheduled to be removed early 2016
  • SSL_RSA_WITH_RC4_128_MD5 — Scheduled to be removed early 2016
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Note: RC4 cipher suites are allowed only to support Exchange 2003. Since Exchange 2003 is no longer supported by Microsoft these will be removed in early 2016.

 

Se also: SMTP over TLS Certificate Chain

23
Dec

Config Securence for inbound filtering in front of Gmail hosted email

In Gmail

  • Configure Gmail to allow Securence as an Inbound mail gateway in GMail
    • For documentation:
    • Add Securence IP ranges found on the bottom of the Securence admin pages
      • 216.17.3.0/24 and 204.11.209.64/26
      • Check the Disable Gmail spam evaluation on mail from this gateway box.
    • We recommend selecting “Automatically detect external IP” and “Reject all mail not from gateway IPs”
    • If you require TLS delivery from Securence to Gmail
      • In Securence create an Encryption Policy:
        • Rule Type: Incoming
        • Original Server to Securence: “All Domains”, “Do Not Require TLS”
        • Securence to Your Server: “All”, “Opportunistic TLS” , after verifying TLS delivery change to “Require TLS”
        • Precedence: “Place at the Beginning”
      • In Gmail:
        • Select “Require TLS for connections from the email gateways listed above”
      • Be sure to test these settings.  Incorrect settings can cause email delivery to stop.  Messages delivered to Gmail using TLS will have a “x-securence-tls-suite-outgoing” header specifying the TLS Cipher used to deliver the message to GMail.  If this is missing, the message was not delivered to GMail using TLS.
    • In Securence, never disable incoming spam, virus or phish filtering.  This will cause spam messages to get sent to Gmail and can cause delivery issues for non-spam messages.
  • Configure Securence to deliver incoming mail to GMail
    • Enable Domain Settings -> Incoming Settings -> General -> SPF Compliance -> Apply SRS when delivering to your server
      • This will cause Securence to modify the mail from in a way that prevents messages from getting rejected by Gmail because of SPF issues.
    • For documentation:
  • Change MX Record to point to Securence, found on the bottom of the Securence admin pages
30
Sep

Using Securence Continuity and Active Directory Authentication Together

With Active Directory Authentication enabled, Securence queries your AD server every time a user attempts to login. Continuity allows users to access their messages during an outage situation on your network. However, what if the outage includes your AD server? How can Securence authenticate your users to give them access to their Continuity inbox? Due to the inherent conflicts between these two features, extra measures are necessary in order to help them function together:

1. Ensure all users have confirmed at least one alternate e-mail address or mobile number in Securence.
If you have Continuity and AD Authentication enabled, any user that has not yet confirmed an alternate e-mail address or mobile number will be instructed to do so as soon as they login. They simply need to enter an e-mail address on a different domain that they have access to, or their mobile number, and Securence will send a confirmation code. Once confirmed, they may use their alternate e-mail address or mobile phone in the future should they need to reset their Securence password during an outage.

2. Use the Local (Securence) Authentication Override during an outage.
During an outage, when your users need access to their Continuity inbox or Quarantine, you may override all authentication to use Securence, instead of your AD server. This can be accomplished by checking the appropriate box in the Securence Admin interface: Incoming Settings -> Security tab -> Auth Method Override. Once enabled, if a user already has a Securence password, they may use it to login. If they don’t have a Securence password yet, they can follow the reset password procedure from the login page and use an alternate e-mail address or phone in order to set a new password for Securence.

3. When your system is back online, disable the Authentication Override.
When you are ready for your users to resume authenticating using your AD server, simply disable the Auth Method Override. All users configured to authenticate via AD will once again be able to login to Securence using their AD credentials.

15
Sep

DNSBLs and Securence Part 2: Securence Getting Listed on other DNSBLs

Securence provides outgoing email filtering and delivery. Most Securence customers are provided a dedicated IP address that no other customer will use. This isolates customers from potential IP reputation problems. If another customer sends spam or bulk emails, all other customers are protected from the IP reputation damage that may occur. This is a major advantage over other email services where emails are delivered from a pool of shared IP addresses. Although these services have many IP addresses in their pool, it’s possible to have these IP addresses’s reputations tainted because of the inevitable spam that will be sent through these services.

Most DNSBLs yellowlist the major email senders, but this is an imperfect practice and these IPs sometimes get listed or at least don’t enjoy a positive IP address reputation.

Automated services within Securence monitor all the outgoing IP addresses on major and minor IP reputation lists including Spamcop, Spamhaus, etc. When there are IP address reputation problems, our email team will investigate the cause and resolve it. Often this requires action by the customer’s email administrator. We assist and give helpful information to help resolve the issues quickly.

Once the root cause has been addressed, if the IP reputation is still poor, a new address is assigned and the previous one is retired. Retired IP addresses get set aside for a time to allow listings to expire. Before an IP address is reintroduced as a potential dedicated outgoing address, Securence admins ensure its reputation is neutral or positive.

10
Sep

DNSBLs and Securence Part 1: Securence’s Use of DNSBLs

DNSBL stands for DNS Block List. Also called RBL for Realtime Block List. These acronyms have had different words at times, but they generally do the same thing: prevent emails based on the IP address of the sending server.

Securence, by default, uses two of our own private DNSBLs and two independent DNSBLs to block messages based on IP address.

  • rbl.securence.com is a realtime block list, listings are fully automated and extremely short lived. Listings are intended to exist during a spam outbreak and expire as soon as the behavior stops. This uses a yellowlist to prevent blocking the major email senders. Though our support department has a delisting process, blocks have typically expired by the time our support department receives any delisting request.
  • bl.securence.com is a non-realtime block list. This is a very small list of addresses and is manually curated by our email staff. Candidates are personally researched before listing to ensure no clean emails are originating from these addresses. Generally, listings do not expire. Though our support department has a very simple delisting process available, we have never received a delisting request.
  • Securence has subscriptions for Spamhaus and Spamcop. These lists are served from our internal servers and updated frequently from the providers. These are enabled by default for new domains and we recommend our customers to use both. They have their own processes and procedures that can be found on their respective web sites.
  • Securence can be configured to use any standard DNSBL in the admin portal. If you have a DNSBL you would like to use, go to Domain Settings->IncomingSettings->Spam->DNS Block Lists->Other DNS Block Lists or ask our support staff for assistance.