Professional Documents
Culture Documents
SBS Security - Best - Practices - Email - Services
SBS Security - Best - Practices - Email - Services
SBS Security - Best - Practices - Email - Services
Guide
Contents
1. Introduction 3
2. Background Erreur ! Signet non défini.
3. Recommended security features 3
3.1. Anti-spam and Anti-phishing 3
3.2. Anti-virus 3
3.3. Protection of illegitimate messages 4
3.3.1. SPF 4
3.3.2. DKIM 4
3.4. STARTTLS 4
4. Source 4
2/7
C2 - Restricted use
Good security practices for a messaging service
1. Introduction
The purpose of this document is to make available a compilation of market best practices for security for
configuring SBS partner messaging services from various sources cited in Section 3 "Source" below.
Accordingly, Sopra Banking Software does not warrant the quality or completeness of the information
contained herein.
Nevertheless, as part of its duty of advice and to facilitate the management of your messaging service,
Sopra Banking Software provides you with the following best practices.
2.2. Anti-virus
Attachments in e-mail messages can carry malicious files. These files act when they are opened or
executed. The function of an anti-virus is to scan these files for potential malicious code execution. The
file and/or email will be destroyed or quarantined according to the defined security policy.
3/7
C2 - Restricted use
Good security practices for a messaging service
2.3.1. SPF
The configuration of the SPF record in the subscribed public DNS service allows to specify IP addresses
of servers authorized to send e-mail messages from this domain. This strengthens the verification of the
legitimacy of messages received by the recipient. This declaration is configured in a DNS record of the
domain of type Text Resource Record (TXT RR).
Any email received must have, at a minimum, a soft/fail policy. Otherwise, any email received that does
not comply with this policy must be quarantined or deleted.
2.3.2. DKIM
The DKIM protocol is the combination of an asymmetric cryptographic mechanism (private key and public
key) and a signature that allows to verify the legitimacy of the server that sends a message. When the
message is sent to the recipient, it is signed by the sender's private key. The corresponding public key
is stored in a DNS entry of the domain sending the message (DKIM selector). The server receiving the
message verifies the authenticity of the sender by checking the presence and validity of the electronic
signature.
2.4. STARTTLS
The STARTTLS option allows for the negotiation of encryption parameters between the sending and
receiving servers in order to secure the transport of the messages exchanged. The level of encryption is
negotiated between the two parties to find an agreement to transmit the data.
3. Source
This document is based on Chapter 5 - "Securing the electronic messaging service" of the
recommendations relating to the interconnection of an information system to the Internet published by
ANSSI (National Agency for the Security of Information Systems)
For this reason, we strongly advise you to consult the link below.
https://www.ssi.gouv.fr/uploads/2020/06/anssi-guide-passerelle_internet_securisee-v3.pdf
4/7