Giving you the most secure email signature solution is our top priority.
How secure is email branding?
Branding your email with Rocketseed signatures and banner campaigns is 100% secure.
Email signature security is at the forefront of Rocketseed’s strategy of product innovation. From our servers and software to mailflow and data protection, we are continually updating, monitoring and testing Rocketseed to meet the highest industry compliance standards and to ensure you have the most secure email signature software available.
What makes Rocketseed so secure?
Our 10 key security features
- Rocketseed email branding servers are built on top of industry-standard software components and configured with dynamically-updated firewalls to prevent unauthorised access.
- Rocketseed is configured to comply with CIS (Center for Internet Security) Benchmarks – a world leader in internet security standards.
- We are currently in the process of securing our own ISO accreditation and our worldwide server and communication standards can be included within client ISO-compliant environments without issue.
- A Rocketseed email branding server does not store any email message content and normal mail processing takes well under a second so no noticeable delay should be seen in your mail delivery.
- All branded emails can be DKIM signed as best practice to ensure the highest rate of email deliverability.
- The user interface has granular role-based access levels, using secure (https) connections to further ensure that no eavesdropping is possible.
- We thoroughly test all components of our email signature manager software, perform regular security audits and maintain audit logs for all user activity.
- We perform regular penetration tests on the Rocketseed servers using software tools called BURP and NESSUS to further secure the system.
- Our IT support team is on-hand 24/7 to help with any technical or security issues you might have.
- All email traffic is TLS-encrypted and authenticated from source to destination, with TLS certification automatically renewed.
Want more detail? Our guide to Rocketseed’s specific security features.
Rocketseed email branding servers are built on top of industry-standard software components and are configured with industry-standard firewall software to prevent unauthorised access. We perform regular security audits and maintain audit logs for all user activity performed on each Rocketseed server.
Whether you are using a hosted ASP solution or a dedicated Rocketseed mail server behind your corporate firewall, Rocketseed will ensure your server remains up to date with the latest security releases.
Dedicated Server Access
Dedicated servers can be locked down to prevent access by anyone outside the customer IT department. Alternatively, access can be limited to specific IP addresses, or to a specific VPN solution. Access to the underlying server is controlled via SSH, the most secure remote protocol.
All browser-based access used to configure branding can be forced to use the most secure SSL encryption protocol. Using SSL is the default browser-based setting and recommended for all servers.
In shared environments we ensure that no account data, branding information, or reporting data is visible to users of any other accounts. We perform regular security audits, and maintain audit logs for all user activity performed on each Rocketseed email branding server.
Rocketseed email branding servers are normally configured in redundant pairs to ensure fault-free operation even in the event of hardware or networking outages.
New self-healing monitoring software
We have released new monitoring software that not only reports on issues but self-heals non-critical issues. This ensures that systems are constantly available and able to process mail branding requests.
Any fatal failures generate immediate notifications to support staff with escalation points on unattended issues.
We have also updated our Zabbix monitoring tool to be more than just a monitor and notify tool.
It now has a self-healing component which enables it to rectify any minor issues it finds and then notifies specified users on what actions have been taken to mitigate these issues.
If there is a critical issue that cannot be programmatically alleviated, it then notifies the specified people for manual intervention. This allows servers the ability to be monitored and managed 24/7/365.
Dynamic firewall updates
By implementing dynamic updates to our existing firewalls, Rocketseed can now prevent spam and denial-of-service attacks. What a hacker generally does in a denial-of-service attack is to try over and over again to enter the system using different user names.
Our updated secure email signature software now recognises and notes these invalid requests coming into the server. If we see multiple invalid requests coming in from the same IP, we automatically block access to the server from that IP address and render the attack invalid before it begins.
Automatic server security updates
Our servers are automatically tied to the security updates that are included in the Ubuntu security release cycle. This means that as soon as security updates/patches become available (often before vulnerabilities are even announced), they are deployed to our servers.
The components used in Rocketseed’s architecture are constantly being updated and security patches released (much like the Microsoft updates that you get for your laptop). When these updates are available, they are automatically deployed to all servers which ensures our servers comply with the highest security patches available.
CIS Benchmarks compliance
Rocketseed is configured to comply with CIS (Center for Internet Security) Benchmarks. This compliance is constantly reviewed and updated. CIS Benchmarking is a world leader in internet security standards. Rocketseed ensures that servers are hardened in the CIS approved way and we strive to keep our CIS compliance score above the 80% mark. Our latest release has us benchmarked at 82.47%.
We are currently in the process of securing our own ISO accreditation. Our worldwide server and communication standards can be included within client ISO-compliant environments without issue.
Data Security Back-ups
All Rocketseed data centres undergo regularly-scheduled data back-ups to ensure that no configuration data or reporting information are at risk. In addition, back-ups can be configured onto dedicated librarian servers at a fully-segregated data centre to provide another layer of protection.
Copies of the custom Rocketseed email signature software are held with a third-party software escrow provider. This ensures that, in the unlikely event of a catastrophe, it will always be possible for Enterprise customers to maintain and extend their email branding capabilities.
A Rocketseed email branding server does not store any email messages. During normal operation, the contents of an email message pass through our server in well under one second.
Password / IP address access
In hosted environments we typically assign high-complexity passwords to each sender of branded Rocketseed email to ensure that no outsiders can utilise custom branding. In Enterprise environments, branding requests are only accepted from the specific IP addresses of the customer’s outbound mail server. Also in Enterprise environments the Rocketseed email branding server can integrate with existing corporate anti-spam and anti-virus solutions from other vendors.
TLS encryption / Automatic renewal of TLS certificates
All email conversations are conducted via secure TLS-encrypted communication. Automatic renewal of TLS certificates is also now available which means that all mail traffic is encrypted and authenticated from source to destination. Additionally, these always-valid certificates mean that no additional security checks and validations are required when setting up routing and/or sending mail.
All mails DKIM signed
All mails can be DKIM signed as best practice to ensure ARC / DMARC compliance. DKIM, SPF and ARC passes in mail headers ensure that mails have the highest rate of email deliverability and hit the inbox rather than the junk folder. We have made great strides and follow best practices in compliance in this always changing environment.
We thoroughly test all components of our email signature manager software and perform regular security reviews and penetration testing. We run BURP and NESSUS scanning tools that try to find ways of hacking into the system and exploit whatever vulnerabilities they may find. We then use this data to further secure the system. All output is investigated and servers hardened to mitigate the risks and analysis documents explaining the false positives are published.
All the above features combine to ensure that Rocketseed strives to be the most secure email signature software solution available, ensuring all your Rocketseed-branded email activity and data are 100% safe.