Secure email communication


Silent Mail with SRS

Another aspect of mail server operation – especially if you maintain mailing lists or allow forwarding to external email addresses – is the Sender Rewriting Scheme (SRS). Suppose you set up forwarding of an email address, as in , to external recipients. Your incoming mail server then becomes a relay for external senders and sends email on their behalf to all recipients specified in the forwarding list. This is also how mailing lists, such as those belonging to the popular Mailman software [4], work by default.

The mail servers of these recipients should reject the messages from your server because your mail server is probably not registered in the SPF record of the original sender. What can help in this case is to set up an SRS service on the mail server that rewrites the sender addresses of forwarded email to a temporarily valid email address on your server that has a filter set up. With this new sender address, the email then passes the SPF check – your server is posted in the SPF entry for the temporary address – and the email can be forwarded successfully.


For the secure use of email as a medium, servers also need to be configured comprehensively to check outgoing messages. The configuration itself is not at all complicated and can be implemented for most mail servers in just a few hours. As an administrator, you can prevent third-party mail servers from sending email on behalf of your own domain and causing damage.

If you consistently use the techniques presented here, you can secure your mail server against this scenario, which means you also can reliably send messages from your own mail server to particularly restrictive mail servers of large enterprises, such as Microsoft or Google.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus