-
Thoroughly plan and design the organization's PKI.
-
Use a User certificate when users require access to multiple certificate services.
-
Customize certificate templates.
-
Use smartcards.
-
Use S/MIME to sign and encrypt messages.
-
Use IPSec to encrypt communications between front-end and back-end servers.
-
Limit SMTP message size .
-
Use TLS to secure SMTP.
-
Disable auto-replies.
-
Control the distribution group maximum recipients limit.
-
Use the strongest authentication methods possible.
-
Avoid allowing anonymous access.
-
Secure mail relay servers.
-
Configure automatic SSL redirection.
-
Open only ports that are absolutely necessary for communication.