Securing Government Email

We’ve been contacted on occasion by clients asking about our compliance with the Government guidance on securing email. This is important for public sector organisations that use Internet-based email, as many of our clients do. The guidance is intended to help organisations reach a minimum level of security when exchanging email. By design, it avoids mentioning any specific mail clients or messaging services (e.g. Outlook/Office365, Thunderbird, Apple Mail etc).

Back in September 2020, we made some changes to our mail service with the goal of making it as secure as possible. In particular, we enforce secure connections with TLS v1.2 as a minimum. It’s no longer possible to authenticate using plain text which is considered a security risk.

The guidance also mentions DMARC and SPF protection. Our mail server uses both of these technologies by default. You can view (and edit) your DMARC and SPF records in your hosting control panel.

Regarding SPAM, and Malware, our server uses SpamAssassin, Configserver Security & Firewall and Exploit Scanner, Immunify AV and the Apache mod_security plugin. We update our blocklists regularly with information from a variety of sources.

Lunaria has CyberEssentials+ accreditation and is registered with the ICO as a data controller.

If your organisation is looking for guidance on meeting either the required standard, or the ‘best practice’ guidelines, including ‘full encryption’ or preparing local guidance for employees and volunteers, we’d be happy to meet with you for further discussion.