The MDaemon Email Server is a leader in email security using a layered approach offering proactive protection against email-borne threats of spam, viruses, malware, and phishing.
MDaemon includes a powerful spam filter, greylist processing, and features SpamAssassin 3, which uses a wide variety of local and network tests to identify spam signatures to make it harder for spammers to identify a single aspect that they can craft their messages to work around.
When combined with MDaemon AntiVirus, MDaemon provides inline Antivirus scanning that helps detect and reject viruses with the least amount of time and effort.
MDaemon supports the Secure Sockets Layer (SSL)/Transport Layer Security (TLS/StartTLS) protocol for SMTP, POP, and IMAP, and for MDaemon Webmail. MDaemon supports TLS Server Name Indication (SNI). This allows domains and host names to have their own assigned SSL/TLS certificate, rather than having to share a single certificate.
MTA Strict Transport Security (MTA-STS) is a new internet standard that improves email security by requiring email to be sent to an authenticated server using good encryption between all connections through which the message passes. This helps prevent unauthorized message tampering while ensuring privacy and data integrity.
RequireTLS allows administrators to flag messages that must be sent using an encrypted (TLS) connection. Messages that cannot be sent via a TLS-encrypted connection will be bounced back to the sender rather than being sent without TLS. Like Strict Transport Security (STS), RequireTLS also protects against man-in-the-middle and encryption downgrade attacks.
Controls what the MDaemon Email Server does when a message arrives at your email server that is neither from nor to a local address.
SMTP Authentication provides an option requiring users to authenticate with a username and password when sending email.
The Authentication Failure logging screen and corresponding log file allows administrators to track authentication failures for SMTP, IMAP and POP. The information includes the Protocol used, the Session ID so you can search other logs, the IP address of the offender, the raw Logon value that was used (sometimes this is an alias), the Account that matches the logon (or 'none' if no account matches), and a Notes field which may contain additional data when the attempt was made over SMTP.
MDaemon's spam Filter supports Bayesian learning, which is a statistical process that can optionally be used to analyze spam and non-spam messages in order to increase the reliability of spam recognition over time. The spam filter can then increase or decrease a message's spam score based upon the results of its Bayesian comparison.
Reverse Lookups can detect spoofed email addresses and other threats. MDaemon can query DNS servers to check the validity of the domain names and addresses reported in the headers of incoming messages. Optionally, suspicious messages can be refused or have a special header inserted into them. Reverse Lookup data is also reported in the MDaemon logs.
A highly versatile and fully multi-threaded Content Filtering system makes it possible for you to customize server behavior based on the content of incoming and outgoing email messages. You can insert and delete message headers, add footers to messages, remove attachments, route copies to other users, cause an instant message to be sent to someone, run other programs, and much more.
Sender Policy Framework (SPF) is a security feature that identifies hosts that are authorized to send email for a specific domain.
IP Shielding allows you to block email from specific domains from unauthorized IP addresses. Any email server that is accepting email via SMTP is susceptible to being used by unknown users claiming to be a user at the local domain name to 'spoof' email out through the server. MDaemon's IP Shielding can stop this by specifying that when a user sends an email claiming to come from a specified domain name, that the IP address that user is using must be within a certain defined range. If you are running multiple domain names on your server, you can create one or more separate IP Shielding entries for each domain.
Backscatter occurs when spam or viruses send email using a forged email address as the return path. This can lead to thousands of bogus delivery status notices (DSN), vacation and out-of-office messages, auto-responders, etc., ending up in the inbox. Backscatter Protection distinguishes between legitimate and unauthorized use of your email address in the MAIL FROM: return path. By protecting the return path, MDaemon can determine whether a certain class of messages (such as DSNs, vacation notices, and auto-responders) is valid or not.
Vouch By Reference (VBR) Certification provides a mechanism through which certification providers may vouch for the email messages sent by others. By adding an additional header to outgoing email, it provides a simple way for certification providers to vouch for a particular sender without requiring the certification provider to sign (or even know about) any email that is sent. To learn more about VBR and email certification view MDaemon Technologies' Email Certification.
MDaemon uses all methods of email authentication techniques including DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF), and DMARC (Domain-Based Message Authentication, Reporting and Conformance) to help message recipients verify the authenticity of the sender. MDaemon also uses DKIM ADSP (Author Domain Signing Practices), which is an adjunct mechanism to aid in assessing messages that do not contain a DKIM signature for the domain used in the author's address (in the FROM: header). ADSP defines a record that can advertise whether a domain signs its outgoing email as well as how other hosts can access that record.
The spam filer blacklist can be used to prevent unwanted email from email addresses or entire domains. With MDaemon's spam filter blacklist, messages from blacklisted addresses will have their spam scores adjusted upward. By default, 100 points are added to the message's spam score.
Messages from addresses or domains on the Whitelist (by sender) or Whitelist (by recipient) will have their spam scores lowered by 100 points, by default. Messages from addresses or domains on the Whitelist (no filtering) will not be processed by the spam filter.
Spammers continue to hijack SMB / SME email accounts (similar to open relay hijacking) and use them to send hundreds or thousands of spam messages from unsuspecting users and businesses. Undetected, this has the potential of putting your company's IP address and domain name on a Realtime Blackhole List (RBL) or DNS Blackist (DNSBL). MDaemon's Dynamic Screening has been improved by adding a Hijacked Account Detection feature, which will detect, disable, and notify the IT administrator of accounts that send too many messages in a given timeframe. MDaemon allows the email administrator to configure settings for the number of messages and time (in minutes) to establish the parameters that best fit an organization's environment. You can set different message and timing thresholds depending on the source IP of the incoming connection. You can also set separate limits for connections from reserved IPs, local domain IPs, and all other IPs.
MDaemon can check a user's password against a compromised password list from a third-party service, and then prevent users from using passwords found on the list. If a user's password is present on the list it does not mean the account has been hacked. It means that the password has appeared in a data breach at some point. Published passwords may be used by hackers in dictionary attacks.
MDaemon's Spambot Detection feature tracks the originating IP address from which every return-path value (sender) uses over a period of time. If the same return-path is used by multiple IP addresses (more than can normally be expected) within a given period of time, then this typically indicates a possible spambot network is being used. When a spambot is detected, the connection is dropped and the sending address can optionally be blacklisted for a designated period of time.
With SMTP Screening (Dynamic DoS, Dictionary, and Brute Force Attack Detection and Prevention), you can automatically ban senders who connect more than a given number of times in a given time period, or ban senders who receive a given number of "Recipient unknown" errors. Frequent 'Recipient unknown' errors are often a clue that the sender is a spammer since they commonly attempt to send messages to outdated or incorrect addresses.
Dynamic Screening (Dynamic Authentication Failure Screening) can be configured to track authentication failures for all protocols, including SMTP, POP, IMAP, MDaemon Webmail, and ActiveSync (among others). After receiving a specified number of failed authentication attempts from a given IP address in a designated period of time, subsequent connections from the IP are blocked for a specified period of time.
The Dynamic Screening settings can be configured to notify the postmaster after a specified number of failed authentication attempts made by an account. The notifications that are sent to the postmaster have been updated to include the date, time, IP address, and protocol used, to make it easier to find and troubleshoot authentication failures. The MDaemon logs will display failed authentication attempts in this format: "Failed $PROTOCOL$ authentication attempt from $IP$ for "$EMAIL$""
MDaemon's Dynamic Screening feature includes the option to send authentication failure and frozen account reports to end users. When a given number of authentication failures has been reached, or when an account has been frozen, the user is notified so that corrective action can be taken.
Location Screening settings allow administrators to block incoming SMTP, POP, and IMAP connections from designated countries. This benefits businesses by allowing them to block messages from countries with which they do not do business, and provides an extra layer of spam protection when certain countries are known sources of spam.
Location Screening Exemptions - Exempt Webmail users from Location Screening restrictions when Two-Factor Authentication is used.
Administrators can perform a variety of tasks via the Account Manager, such as adding or removing accounts, changing passwords, enabling or disabling accounts, configuring autoresponders, and much more.
The account listing in MDaemon's Account Manager can be filtered to show all accounts, or only accounts that match specific criteria. The account listing can also be filtered based on content in the Mailbox field, Real Name field, or Groups field. Other filtering options include the ability to display accounts based on their status, such as whether they are frozen, disabled, over quota, forwarding, or using an autoresponder.
Password controls allow administrators to maintain strong password policies in MDaemon (including a minimum length requirement), and to monitor weak password usage. Accounts can be temporarily assigned a weak password when the option to require the user to change his password has been enabled. MDaemon will display a pop-up warning, asking if you wish to temporarily store a weak password.
With simple push-button controls, administrators can require all accounts that have a weak password to change their passwords. Administrators can also generate and email a weak password report to any designated email address. The recipient of that report can then notify those users to change their passwords as needed.
MDaemon can also store mailbox passwords using non-reversible encryption. This protects the passwords from being decrypted by MDaemon, the administrator, or a possible attacker.
A new "External Message" Content Filter condition has been added, along with a new "Add a warning to the top of the message" action. This allows administrators to create a rule that will add a custom warning to the top of all email messages originating from external sources - providing extra protection against phishing attempts by alerting users to treat these messages with extra care.
MDaemon supports "Let's Encrypt," a certificate authority service that uses an automated process to provide free certificates for Transport Layer Security (TLS) encryption for secure websites
DNSSEC is a technology that digitally signs DNS data so that you can be assured that it’s valid. It was created to combat man-in-the-middle attacks that are possible in the DNS system. These types of attacks can lead to users being directed to a hijacker’s own deceptive website in an attempt to collect personal data. To help ensure MDaemon does not become a victim of these attacks, it is capable of requesting DNSSEC be used when available.
Visit our Literature page for How To Guides, Datasheets, Feature Guides, Competitive Comparisons, and more