MDaemon Email Security Features

The MDaemon Email Server is a leader in email security using a layered approach offering proactive protection against email-borne threats of spam, viruses, malware, and phishing.

Spam Filter

MDaemon - Email Security - Spam Filter

MDaemon includes a powerful spam filter, greylist processing, and features SpamAssassin 3, which uses a wide variety of local and network tests to identify spam signatures to make it harder for spammers to identify a single aspect that they can craft their messages to work around.

When combined with MDaemon AntiVirus, MDaemon provides inline Antivirus scanning that helps detect and reject viruses with the least amount of time and effort.

SSL, TLS, and StartTLS

MDaemon - Email Security - SSL and TLS

MDaemon supports the Secure Sockets Layer (SSL)/Transport Layer Security (TLS/StartTLS) protocol for SMTP, POP, and IMAP, and for MDaemon Webmail. MDaemon supports TLS Server Name Indication (SNI). This allows domains and host names to have their own assigned SSL/TLS certificate, rather than having to share a single certificate.


MDaemon - Email Security - MTA-STS

MTA Strict Transport Security (MTA-STS) is a new internet standard that improves email security by requiring email to be sent to an authenticated server using good encryption between all connections through which the message passes. This helps prevent unauthorized message tampering while ensuring privacy and data integrity.


MDaemon - Email Security - RequireTLS

RequireTLS allows administrators to flag messages that must be sent using an encrypted (TLS) connection. Messages that cannot be sent via a TLS-encrypted connection will be bounced back to the sender rather than being sent without TLS. Like Strict Transport Security (STS), RequireTLS also protects against man-in-the-middle and encryption downgrade attacks.

Relay Controls

MDaemon - Email Security - Relay Controls

Controls what the MDaemon Email Server does when a message arrives at your email server that is neither from nor to a local address.

SMTP Authentication

MDaemon - Email Security - SMTP Authentication

SMTP Authentication provides an option requiring users to authenticate with a username and password when sending email.

Authentication Failure Log

MDaemon - Email Security - Authentication Failure Log

The Authentication Failure logging screen and corresponding log file allows administrators to track authentication failures for SMTP, IMAP and POP. The information includes the Protocol used, the Session ID so you can search other logs, the IP address of the offender, the raw Logon value that was used (sometimes this is an alias), the Account that matches the logon (or 'none' if no account matches), and a Notes field which may contain additional data when the attempt was made over SMTP.

Spam Filter: Bayesian Learning

MDaemon - Email Security - Bayesian Learning

MDaemon's spam Filter supports Bayesian learning, which is a statistical process that can optionally be used to analyze spam and non-spam messages in order to increase the reliability of spam recognition over time. The spam filter can then increase or decrease a message's spam score based upon the results of its Bayesian comparison.

Reverse Lookups

MDaemon - Email Security - Reverse Lookups

Reverse Lookups can detect spoofed email addresses and other threats. MDaemon can query DNS servers to check the validity of the domain names and addresses reported in the headers of incoming messages. Optionally, suspicious messages can be refused or have a special header inserted into them. Reverse Lookup data is also reported in the MDaemon logs.

Content Filter

MDaemon - Email Security - Content Filter

A highly versatile and fully multi-threaded Content Filtering system makes it possible for you to customize server behavior based on the content of incoming and outgoing email messages. You can insert and delete message headers, add footers to messages, remove attachments, route copies to other users, cause an instant message to be sent to someone, run other programs, and much more.

Sender Policy Framework (SPF)

MDaemon - Email Security - Sender Policy Framework (SPF)

Sender Policy Framework (SPF) is a security feature that identifies hosts that are authorized to send email for a specific domain.

IP Shielding

MDaemon - Email Security - IP Shielding

IP Shielding allows you to block email from specific domains from unauthorized IP addresses. Any email server that is accepting email via SMTP is susceptible to being used by unknown users claiming to be a user at the local domain name to 'spoof' email out through the server. MDaemon's IP Shielding can stop this by specifying that when a user sends an email claiming to come from a specified domain name, that the IP address that user is using must be within a certain defined range. If you are running multiple domain names on your server, you can create one or more separate IP Shielding entries for each domain.

Backscatter Protection

MDaemon - Email Security - Backscatter Protection

Backscatter occurs when spam or viruses send email using a forged email address as the return path. This can lead to thousands of bogus delivery status notices (DSN), vacation and out-of-office messages, auto-responders, etc., ending up in the inbox. Backscatter Protection distinguishes between legitimate and unauthorized use of your email address in the MAIL FROM: return path. By protecting the return path, MDaemon can determine whether a certain class of messages (such as DSNs, vacation notices, and auto-responders) is valid or not.

Vouch By Reference (VBR) Certification

MDaemon - Email Security - VBR Certification

Vouch By Reference (VBR) Certification provides a mechanism through which certification providers may vouch for the email messages sent by others. By adding an additional header to outgoing email, it provides a simple way for certification providers to vouch for a particular sender without requiring the certification provider to sign (or even know about) any email that is sent. To learn more about VBR and email certification view MDaemon Technologies' Email Certification.

Email Authentication

MDaemon - Email Security - Email Authentication

MDaemon uses all methods of email authentication techniques including DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF), and DMARC (Domain-Based Message Authentication, Reporting and Conformance) to help message recipients verify the authenticity of the sender. MDaemon also uses DKIM ADSP (Author Domain Signing Practices), which is an adjunct mechanism to aid in assessing messages that do not contain a DKIM signature for the domain used in the author's address (in the FROM: header). ADSP defines a record that can advertise whether a domain signs its outgoing email as well as how other hosts can access that record.

Spam Filter: Blacklist

MDaemon - Email Security - Spam Filter Blacklist

The spam filer blacklist can be used to prevent unwanted email from email addresses or entire domains. With MDaemon's spam filter blacklist, messages from blacklisted addresses will have their spam scores adjusted upward. By default, 100 points are added to the message's spam score.

Spam Filter: Whitelist

MDaemon - Email Security - Spam Filter

Messages from addresses or domains on the Whitelist (by sender) or Whitelist (by recipient) will have their spam scores lowered by 100 points, by default. Messages from addresses or domains on the Whitelist (no filtering) will not be processed by the spam filter.

Hijacked Account Detection

MDaemon - Email Security - Dynamic Screening and Hijacked Account Detection

Spammers continue to hijack SMB / SME email accounts (similar to open relay hijacking) and use them to send hundreds or thousands of spam messages from unsuspecting users and businesses. Undetected, this has the potential of putting your company's IP address and domain name on a Realtime Blackhole List (RBL) or DNS Blackist (DNSBL). MDaemon's Dynamic Screening has been improved by adding a Hijacked Account Detection feature, which will detect, disable, and notify the IT administrator of accounts that send too many messages in a given timeframe. MDaemon allows the email administrator to configure settings for the number of messages and time (in minutes) to establish the parameters that best fit an organization's environment. You can set different message and timing thresholds depending on the source IP of the incoming connection. You can also set separate limits for connections from reserved IPs, local domain IPs, and all other IPs.

Compromised Password Check

MDaemon - Security - Compromised Password Check

MDaemon can check a user's password against a compromised password list from a third-party service, and then prevent users from using passwords found on the list. If a user's password is present on the list it does not mean the account has been hacked. It means that the password has appeared in a data breach at some point. Published passwords may be used by hackers in dictionary attacks.

Spambot Detection

MDaemon - Email Server - Spambot Detection

MDaemon's Spambot Detection feature tracks the originating IP address from which every return-path value (sender) uses over a period of time. If the same return-path is used by multiple IP addresses (more than can normally be expected) within a given period of time, then this typically indicates a possible spambot network is being used. When a spambot is detected, the connection is dropped and the sending address can optionally be blacklisted for a designated period of time.

SMTP Screening

MDaemon - Email Security - SMTP Screening

With SMTP Screening (Dynamic DoS, Dictionary, and Brute Force Attack Detection and Prevention), you can automatically ban senders who connect more than a given number of times in a given time period, or ban senders who receive a given number of "Recipient unknown" errors. Frequent 'Recipient unknown' errors are often a clue that the sender is a spammer since they commonly attempt to send messages to outdated or incorrect addresses.

Dynamic Screening

MDaemon - Email Security - Dynamic Authentication Failure Screening

Dynamic Screening (Dynamic Authentication Failure Screening) can be configured to track authentication failures for all protocols, including SMTP, POP, IMAP, MDaemon Webmail, and ActiveSync (among others). After receiving a specified number of failed authentication attempts from a given IP address in a designated period of time, subsequent connections from the IP are blocked for a specified period of time.

Dynamic Screening Notifications

MDaemon - Email Security - Dynamic Screening Notification

The Dynamic Screening settings can be configured to notify the postmaster after a specified number of failed authentication attempts made by an account. The notifications that are sent to the postmaster have been updated to include the date, time, IP address, and protocol used, to make it easier to find and troubleshoot authentication failures. The MDaemon logs will display failed authentication attempts in this format: "Failed $PROTOCOL$ authentication attempt from $IP$ for "$EMAIL$""

MDaemon's Dynamic Screening feature includes the option to send authentication failure and frozen account reports to end users. When a given number of authentication failures has been reached, or when an account has been frozen, the user is notified so that corrective action can be taken.

Location Screening

MDaemon - Email Security - Location Screening

Location Screening settings allow administrators to block incoming SMTP, POP, and IMAP connections from designated countries. This benefits businesses by allowing them to block messages from countries with which they do not do business, and provides an extra layer of spam protection when certain countries are known sources of spam.

Location Screening Exemptions - Exempt Webmail users from Location Screening restrictions when Two-Factor Authentication is used.

Account Manager

MDaemon - Email Security - Account Manager

Administrators can perform a variety of tasks via the Account Manager, such as adding or removing accounts, changing passwords, enabling or disabling accounts, configuring autoresponders, and much more.

The account listing in MDaemon's Account Manager can be filtered to show all accounts, or only accounts that match specific criteria. The account listing can also be filtered based on content in the Mailbox field, Real Name field, or Groups field. Other filtering options include the ability to display accounts based on their status, such as whether they are frozen, disabled, over quota, forwarding, or using an autoresponder.

Password Controls

MDaemon - Email Security - Insecure Password Notification

Password controls allow administrators to maintain strong password policies in MDaemon (including a minimum length requirement), and to monitor weak password usage. Accounts can be temporarily assigned a weak password when the option to require the user to change his password has been enabled. MDaemon will display a pop-up warning, asking if you wish to temporarily store a weak password.

MDaemon - Email Security - Password Options MDaemon - Email Security - Store Passwords using Non-Reversible Encryption

With simple push-button controls, administrators can require all accounts that have a weak password to change their passwords. Administrators can also generate and email a weak password report to any designated email address. The recipient of that report can then notify those users to change their passwords as needed.

MDaemon can also store mailbox passwords using non-reversible encryption. This protects the passwords from being decrypted by MDaemon, the administrator, or a possible attacker.

Email Security - External Message Warning

MDaemon - Email Security - External Message Warning

A new "External Message" Content Filter condition has been added, along with a new "Add a warning to the top of the message" action. This allows administrators to create a rule that will add a custom warning to the top of all email messages originating from external sources - providing extra protection against phishing attempts by alerting users to treat these messages with extra care.

Let's Encrypt Support

MDaemon - Email Server - Let's Encrypt Support

MDaemon supports "Let's Encrypt," a certificate authority service that uses an automated process to provide free certificates for Transport Layer Security (TLS) encryption for secure websites

DNSSEC - Avoid DNS Attacks

MDaemon - Email Security - DNSSEC

DNSSEC is a technology that digitally signs DNS data so that you can be assured that it’s valid. It was created to combat man-in-the-middle attacks that are possible in the DNS system. These types of attacks can lead to users being directed to a hijacker’s own deceptive website in an attempt to collect personal data. To help ensure MDaemon does not become a victim of these attacks, it is capable of requesting DNSSEC be used when available.

Additional Security Features

  • Host screening and IP screening
  • Dynamic DoS, dictionary, and brute force attack detection and prevention
  • Scriptable content filtering
  • Attachment restriction and attachment compression
  • LDAP and Minger recipient verification

Additional Resources

Visit our Literature page for How To Guides, Datasheets, Feature Guides, Competitive Comparisons, and more

Visit Literature Page