Use this checklist to evaluate the email security posture of any client environment. Covers filtering, encryption, archiving, continuity, and authentication fundamentals.
Authentication
- SPF record configured and published
- DKIM signing enabled for all outbound mail
- DMARC policy set to at least
p=quarantine - BIMI record configured (optional but recommended)
Filtering
- Multi-layer spam and malware filtering in place
- Phishing and impersonation protection enabled
- Attachment sandboxing active for executables and Office documents
- Link rewriting or click-time protection enabled
Encryption
- TLS enforced for transport encryption
- End-to-end encryption available for sensitive communications
- Users trained on how to send encrypted messages
Archiving
- All inbound, outbound, and internal mail being archived
- Retention policy meets regulatory requirements
- Legal hold capability tested and confirmed working
Continuity
- Email continuity solution in place and tested
- Users know how to access continuity webmail during an outage
- Failover tested within the last 12 months