Securing Email Communications

Administrator -

All the means to secure email communications related with your Fax service: securing emails with SMTP TLS, setting a mail server white list, enabling email spoofing protection.

Securing Emails with SMTP TLS

The mail servers used for your Fax service support TLS for SMTP transmission encryption over the internet. You will find below the information required to configure your email server in order to enable TLS for the communications (in both directions) with our mail servers.

Supported SMTP TLS Protocols and Ciphers

XMedius follows the industry best practices regarding security and enables only protocols and ciphers that are not known to be vulnerable. As such, TLS 1.0, 1.1 and 1.2 are currently supported and ciphers are selected according to the latest industry standards.

Note that this protocol/cipher support definition is subject to change according to new recommendations.

Securing Emails Sent by Users for Faxing

For emails sent by users to our mail systems for faxing, our mail systems offer STARTTLS among their capabilities, which may be taken into account by your mail server.

You could therefore enable opportunistic TLS for outbound emails in your mail server and/or even force the use of TLS for emails sent to the service domain, which depends on the region of your enterprise account :
  • North America: xmedius.com
  • Europe: xmedius.eu

Securing Emails Received by Users for Notification

For emails sent by the Fax service for fax notification/routing, our mail systems will switch to TLS if they are offered STARTTLS among your mail server capabilities.

To enable TLS in this direction, you would typically configure your mail server to offer TLS (opportunistic or forced) to SMTP connections coming from the XMedius mail systems.

Here are the XMedius mail system IP addresses (depending on the region of your enterprise account):

North America Europe
Primary server 66.45.112.68 195.68.54.86 (relay.xmedius.eu)
Secondary server 66.45.48.108 84.14.89.114 (relay-dr.xmedius.eu)

Setting a Mail Server White List

As an additional security measure, your Fax service lets you enumerate a "White List" of the email relay servers (IP addresses) that will be allowed to submit faxes to your account.

When receiving an email (for faxing) from a user associated with your account, the source IP address can be verified against those entered in the White List.

To configure the White List:

  1. Go to your Enterprise Settings.
  2. In the Mail Server White List field, enter the IP addresses of the email servers (comma separated) that will be allowed to submit faxes through your Fax service.
    Important: By default, if the White List is left empty, all IP addresses will be accepted.
  3. Do not forget to Update the settings.

Enabling Email Spoofing Protection

You can protect your account against the risks of email spoofing, and as such, avoid unauthorized sources to send faxes by email in the name of your enterprise.

More precisely, you have the option to ensure that the sender domain name of emails addressed to your Fax service will be systematically verified using the SPF record of your domain, and consequently accept or reject these emails.

To enable this behavior:

  1. Go to your Enterprise Settings.
  2. Check the option Spoofing Protection.
    Important: Unlike an email client, your Fax service is not designed to manage the spam level of the emails intended to be processed as faxes.

    Therefore, if you enable the Spoofing Protection option, you must also take a decision for SPF SoftFail Management: either reject or accept emails if SPF record validation results in SoftFail.

  3. Do not forget to Update the settings.
Have more questions? Submit a request

Comments

Powered by Zendesk