TES is a non-commercial industry effort created to help ISPs to secure their email. We can help you in several ways! This section describes a few steps that all ISPs should follow to increase substantially the level of security of their email services. While many ISPs already completed some of these steps long ago, the final ones are not widely adopted yet; this can be a useful checklist to review your practices and plan further steps.
1. Join TES
2. Secure your users’ passwords
3. Provide anti-abuse filters
4. Monitor your users for abuses
5. Publish anti-abuse policies with SPF, DKIM and DMARC
6. Encrypt your email traffic
7. Secure your domain names with DNSSEC
8. Authenticate your servers with DANE
9. Encrypt your mailboxes
10. Offer managed end-to-end email encryption
11. Make your security visible
If you are a small ISP, you possibly run everything in house using free software; the sysadmin section includes technical guides on how to implement the steps above in some of the most common free software applications. If you are a big ISP, things are more complex and chances are that you rely on commercial vendors for email software or services, for managing your domain names and for securing your network; in this case, while the sysadmin guides can still be useful, we really recommend you to contact us and possibly join one of our TES meetings, where other major ISPs can share their experience in securing complex email services.
