For many small to mid-sized businesses that have their own on-site e-mail server, it is a common practice to use a router and a single public Internet address (the one given to them as part of the basic business-level DSL or cable Internet package) to serve their entire network. Behind this router sits the e-mail server, and desktop computers.
If you have only one Internet address that you share with other servers and desktops, any one of these devices can damage your reputation if they are compromised. For example, let's say Jane's PC contracts a virus that causes it to send out junk e-mail. Since she uses the same gateway as the mail server, your mail server's (public) Internet address will be blacklisted, which is to say, millions of computers across the Internet will refuse to accept email from it as long as it remains on the list.
How can you prevent this from happening? There are several actions that can (and should) be taken:
- Install and maintain an effective antivirus / anti-malware product, such as AVG, McAfee, Symantec, etc., across all of your servers and desktops, to help prevent their compromise.
- Ensure that your Internet gateway is configured to block outbound email traffic (port 25) from your network, except the computers you know require it.
- Consider allocating a separate public IP address dedicated to your e-mail server, so rogue machines on your network will not affect the production server.
- Consider hosting your email with a commercial service provider.
- Configure a reverse DNS and SPF record for your mail server's IP address. These are essential in preventing others from spoofing your mail server IP and using / damaging its reputation.