At Ecenica, we care deeply about securing and protecting our customers personal data.
We know how important security is to our customers and helping our customers secure their email account from hackers and bad actors is a key part of our customer experience. Consequently all our services are built around strong security.
Here are some of the security measures we use, and advice we encourage you to follow, to keep your email account secure;
Protect Your Email Password
The most important way of keeping your email account secure is to protect your email password. You must never disclose your email password to any third-parties and we recommend using encryption (TLS) when sending and receiving emails. If you suspect unauthorised use of your account we require you to contact us immediately.
To protect your email account password, we encrypt your password before storing on our servers. Once encrypted your password is stored in an unreadable format meaning it’s not possible for anyone, including our Ecenica team, to access your password. We use SHA-512, one of the strongest encryption algorithms available.
Secure Access To Email
We provide TLS (Transport Layer Security) to secure and encrypt your connection between your device and our servers when using webmail, IMAP/POP3 and SMTP. This helps prevent tampering, forgery and eavesdropping on the connections between your devices and our servers.
We support several versions of TLS including:
- TLS version 1.2 (TLS 1.2)
- TLS version 1.1 (TLS 1.1)
- TLS version 1.0 (TLS 1.0)
Strong Password Strength Policy
To prevent someone guessing your password, we enforce a strong password strength policy on all email accounts. This helps encourage the use of complex passwords – a proven method to protect malicious access to your mailbox. This prevents you from accidentally using a weak password which can be easily guessed.
We use specialised server software to isolate accounts on our hosting platforms. Isolation protects your email account by limiting account access to the main account only. Should an account ever be compromised, the hacker is locked down to the single account. They cannot access the host server, nor can they access any other accounts on the server.
IDS (Intrusion Detection System)
We record realtime activity to our IMAP, POP3, SMTP services. If our systems detect irregular activity we’re instantly alerted and are able to quickly respond to any threats. We’re able to detect a range of activity including brute-force login attempts.
We use an advanced firewall to block unwanted traffic to your email account. Our firewall updates in realtime adapting to threats as they occur.
RFC is an internet standard which defines how e-mail works. Servers which comply with these standards offer better security. We’ve built our email servers with RFC compliance in mind.
We’ve built our mail servers for compliance with latest PCI (Payment Card Industry) Security Standards
SPF, DKIM and DMARC Records
We secure your email and make sure you won’t have issues with e-mail spoofing by using Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication Reporting & Conformance) DMARC.
These make sure the emails you send are authenticated as legitimate by your recipients and tells other email providers to block fraudulent emails or ‘spoof’ emails which seem to have come from your domains but are actually from other sources.
Spam and Malware Protection
Ecenica email services have built-in malware and spam filtering capabilities that scan inbound email and help protect you from spam and malicious emails.
At Ecenica we make sure we run all the latest versions of our mail software stack. This ensures vulnerabilities and exploits are fixed and our servers remain secure.
We 24/7 monitoring of all email services, sever load, network and hack attempts, spam activity and abnormal resource usage by users. On every server 24 hours a day, 7 days a week, 365 days a year.
Strict Access Policies
To maintain the highest levels of security, our servers use encrypted keys for SSH access. Each SSH key is regenerated on a routine basis to make sure no single key can ever be cracked through brute-force methods. All ‘root’ server logins are restricted to Director access level only. Root logins are not allowed by any other team members, including datacenter staff or partners.