From c262dbbe9d946c9b0b74dbf1b3fbb1c227be06a1 Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Fri, 7 Jun 2024 18:21:13 +0200 Subject: [PATCH] Add information on improving domain security --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 83c5722..0226e8c 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,10 @@ Set the PTR record of your proxy servers IPs to your domain. This can usually be Consider registering your domain with [DNSWL](https://www.dnswl.org/), [SNDS](https://sendersupport.olc.protection.outlook.com/snds/), [Google Postmaster Tools](https://postmaster.google.com/) and [YahooCFL](https://senders.yahooinc.com/complaint-feedback-loop/) for valuable insights into your delivery. +Consider enabling DNSSEC on your domain, when available by your Domain registrar. Some registrars may charge extra for it. Once enabled, you can also enable DANE, which increases security. Use [TLSA Record Genearator](https://ssl-tools.net/tlsa-generator) to help you create an appropriate DNS record. + +Consider adding your domain to [HSTS Preload List](https://hstspreload.org/) which will prevent browsers from even trying to access your domain on the insecure http:// protocol and automatically upgreade to https:// + ### Final configuration steps Follow [SnappyMail installation instructions](https://github.com/the-djmaze/snappymail/wiki/Installation-instructions#now-access-the-admin-page) to finish setting it up at yourdomain/mail/snappymail/?admin