SecurityGateway for Email Servers v8.5

Message Certification is a process by which a source that you trust vouches for or "certifies" the good email conduct of an authenticated entity associated with a message. Consequently, messages sent from a domain who is vouched for by that trusted source can be viewed with less suspicion. Thus the receiving server can be reasonably assured that the sending domain adheres to a set of good email practices and doesn't send spam or other problematic messages. Certification is beneficial because it can help ensure that messages will not be erroneously or needlessly subjected to unwarranted spam prevention analysis. It also helps lower the resources required to process each message.

SecurityGateway accommodates Message Certification by including support for a new Internet mail protocol called "Vouch-By-Reference" (VBR), which MDaemon Technologies is working to help create and expand through its participation in the Domain Assurance Council (DAC). VBR provides the mechanism through which a Certification Service Providers (CSP) or "certifier" can vouch for the good email practices of specific domains.

Certifying Inbound Messages

By default, SecurityGateway comes preconfigured to use the CSP located at vbr.emailcertification.org for certifying senders of inbound messages. When a sender claims to be certified by this CSP and is then that certification is confirmed, its inbound messages will be exempt from some of SecurityGateway's spam prevention tools. Alternatively, instead of exempting those messages completely, you can subtract a designated amount from their message scores, since they are much less likely to be spam. You can also change the CSP or add additional ones.

Certifying Outbound Messages

Before you can configure SecurityGateway to insert certification data into a domain's outbound messages, you will first need to arrange to have one or more CSPs certify that domain. MDaemon Technologies provides a certification service for our customers. For details, visit: www.mdaemon.com/email-certification/.

To configure SecurityGateway to insert certification data into a domain's outbound messages, after you have registered with a CSP:

1.Make sure that the domain is configured to sign outgoing messages with DKIM, or ensure that the domain's DNS records are configured properly to indicate that the messages are being sent from an SPF approved server. This is necessary in order to guarantee that the message originated from you. A message cannot be certified unless the receiving server can first determine that the message is from the purported domain.

2.In SecurityGateway, in the navigation pane on the left, click Security»Message Certification to switch to the Message Certification page.

3.Select a domain in the "For Domain:" drop-down list box at the top of the page on the right.

4.In the Outbound Messages section at the bottom of the page, click the Insert certification data into outbound messages option.

5.In the Host name(s) of certification services that vouch for my messages option, enter the hosts corresponding to one or more CSPs that will vouch for the domain's email, separating each host with a space.

6.Click Save.

Inbound messages

Use the globally defined default settings for this domain

When editing a specific domain's Message Certification settings, click this option if you wish to apply the global settings for inbound messages to this domain. This option is only visible when you have selected a domain from the "For Domain:" drop-down list box at the top of the page.

Use the custom settings defined below for this domain

When editing a specific domain's Message Certification settings, click this option if you wish to customize the settings for inbound messages to this domain rather than use the global settings. This option is only visible when you have selected a domain from the "For Domain:" drop-down list box at the top of the page.

Enable certification of inbound messages

By default, when a sender claims that its messages are certified by one of the CSPs that you trust, SecurityGateway will attempt to confirm this. If you do not wish to use Message Certification for inbound messages then uncheck/clear this box.

Host name(s) of certification services that I trust (space separated list):

Use this area to list the host names of all CSPs that you trust, separating each with a space. The CSP host located at vbr.emailcertification.org is included by default.

If the sender is certified:

Choose the option below that you want SecurityGateway to use when it determines that the sender of a message is certified by one of your trusted CSPs.

...exempt the message from spam filtering

When this option is selected, messages from certified senders will be exempt from some of SecurityGateway's spam prevention tools. This is the default option.

...add [xx] points to message score

If you do not wish to exempt certified messages, use this option to designate the amount that will be added to the Message Score. This should be a negative number so that certified messages will receive a beneficial adjustment, since it is less likely that they will be spam. The default setting is "-3.0".

Outbound messages

Insert certification data into outbound messages

Enable this option if you wish to insert message certification data in to all of this domain's outbound messages. This option is disabled by default.

Host name(s) of certification services that vouch for my messages

Use this text field to enter the hosts corresponding to one or more CSPs that will vouch for the domain's email, separating each host with a space.

Exceptions - Domains

If you select a specific domain in the "For Domain:" drop-down list box at the top of the page when configuring these settings, that domain will be listed here after saving the settings. Click the View/Edit link for the corresponding domain to review or edit its Message Certification settings, or click Reset to reset the domain's settings to the default Global values.