This is a collection of useful tutorials on email security implementation, arranged according to the implementation steps that we recommend for all email service providers. We read and tried them as far as possible, but, as technology evolves over time, feel free to contact us to point out obsolete or incorrect tutorials and to suggest new ones.
1. Join TES
2. Secure your users’ passwords
Salted password hashing – Doing it right
3. Provide anti-abuse filters
Postfix + Amavis + Spamassassin + ClamAV in Ubuntu
ISPmail guide for Debian Jessie
4. Monitor your users for abuses
5. Publish anti-abuse policies with SPF, DKIM and DMARC
SPF record syntax
How to define an SPF record
Configure SPF and DKIM in Postfix on Debian 8
How to define a DMARC record
6. Encrypt your email traffic
Postfix TLS support
Dovecot SSL configuration
How to secure a mail server using encryption
Using Let’s Encrypt SSL certs with Dovecot
Postfix and Dovecot on Ubuntu with a Let’s Encrypt SSL certificate
7. Secure your domain names with DNSSEC
DNSSEC with PowerDNS
Inline signing with BIND 9.9.0
How do I add a DS record to my registrar?
Deploying DNSSEC: Validation on recursive caching name server
DNSSEC in the PowerDNS recursor
8. Authenticate your servers with DANE
Let’s Encrypt certificates for mail servers and DANE – Part 1
Let’s Encrypt certificates for mail servers and DANE – Part 2
9. Encrypt your mailboxes
Encrypting stored email with Postfix
10. Offer managed end-to-end email encryption
