Because thesimple mail transfer protocol (SMTP)^[1] was formed without security in mind, securing an email server is rather difficult. Newer SMTP servers often offer security features, such as reverse domain name system (DNS) lookup, to help ensure that the email sender is actually who he or she claims to be. Whenever possible, use such authentication^[2] measures.

For securing email itself, encryption is the key. Several popular tools, including the proprietary encryption methods found in Microsoft servers and common public key encryption methods, are the most useful for ensuring that the information sent through your server will be secure.

A relatively new security feature available in some SMTP servers is automated virus scanning at the network level. Email messages do not carry viruses. A virus may be sent only through attachments. Advanced SMTP servers can scan email transparently by placing the email messages in a temporary holding area. The server scans the files, then forwards the email as appropriate. Usually, this process takes little extra time, but is well worth the delay. You can also scan email through your firewall. However, such scanning, either by an SMTP server or by a firewall, slows performance.

[1] Simple Mail Transfer Protocol (SMTP): The Internet standard protocol to transfer electronic mail messages from one computer to another. It specifies how two mail systems interact, as well as the format of control messages they exchange to transfer mail.

[2] Authentication: The process of identifying an individual, usually based on a username and password.