Engage Security Features
Mapp takes the security of your Engage system, your data, and your customer's personal data very seriously. We have a range of features that are designed to protect your privacy and security. These features keep your data secure and prevent attacks against your system and information.
Our security features are divided into the following areas:
- Engage Login and System Security
- Email Sendout and Authentication
- Data Transmission and Encryption
Engage Login and System Security
Security Feature | Description |
|---|---|
Login Security | You log in to Engage with your email address and the password you create when you first log in. After five unsuccessful password entries within 24 hours, your system user account is locked for 20 minutes. If you would like more restrictive settings for your system, contact your customer representative. When you change your password or set a new password for other system users, the new password must meet the requirements for passwords in Engage. For more information, see Secure Login to Mapp Engage. |
Password Security | Engage has several minimum requirements that must be met when a system user creates a new password. These and other security functions ensure that it is nearly impossible for an attacker to guess your password. For more information, see Passwords in Mapp Engage (Engage). |
IP Restriction | Establishing IP restriction is an additional way to protect your Engage system against unauthorized access from outside, significantly increasing the security of your message and recipient data. To more tightly control access to Engage, system login is restricted to pre-defined IP addresses or IP ranges. Access is granted only to computers that belong to this address pool, i.e. that are located within your company network or belong to a pre-defined service provider or system. A user attempting to log on from any other address is blocked from reaching the Engage interface. Additionally, access via SOAP or FTP is also limited to the specified WAN IP addresses. For more information, see IP Restriction. |
Email Sendout and Authentication
Engage supports validated email sendout. We support the following email validation mechanisms:
- Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM)
- Domain-based Message Authentication, Reporting and Conformance (DMARC)
All three methods are designed to reduce the potential for email-based domain abuse. Proper use of these authentication methods can increase the deliverability rate of your email sendouts.
SPF, DKIM and DMARC are primarily designed to detect unsolicited email (spam). The senders of spam often use fake email domains to increase their opening and delivery rates or for phishing attempts (see http://en.wikipedia.org/wiki/Phishing). These authentication methods seek to verify the identity of the sender and reliably determine if the email comes from a legitimate source.
Name | Description |
|---|---|
SPF | SPF stores a list of all the mail servers that are allowed to send email on behalf of a particular domain. The list is published as an SPF record in the Domain Name System (DNS) of the sender. The SPF record identifies which IP addresses are authorized to send email via the corresponding domain. This makes it possible for the receiving system to check whether the incoming email is sent from a mail server that is authorized by the domain's administrators. For more information, see SPF Record. |
DKIM | The DKIM record adds a digital signature to the header of each email. This signature is encrypted. The key, which is requested by the receiving system, is stored in the Domain Name System (DNS) of the sendout system. The email recipient server performs a DKIM check to verify that the message is signed and associated with the correct domain. For more information, see DKIM Signature. |
DMARC | DMARC standardizes how email receivers perform email authentication using the existing SPF and DKIM mechanisms. When a sender publishes a DMARC policy, the sender clearly indicates to the mailbox provider whether the sender's emails are protected by SPF and/or DKIM. The sender also specifically tells the mailbox provider what to do if an incoming email fails the SPF and DKIM authentication tests - i.e. block the message or divert it to the spam folder. Furthermore, the mailbox provider can report back to the email sender about whether incoming emails pass or fail the evaluation process. For more information, see DMARC. |
Domain Verification | To ensure delivery, all email messages must be sent from domain(s) that are registered for your Engage system. This allows the Internet Service Providers (ISPs) to clearly identify you as the sender and ensures optimal secure delivery. In general, every Engage system has one or more domains which it can use for sendout. These domains are entered and authorized for sendout when the system is set up. Authorization is achieved by registering the Engage IP address in the Domain Name System (DNS). Related: Domain Verification |
TLS | Transport Layer Security is a protocol for encrypting data transmissions on the Internet. TLS is the most commonly used encryption for Web pages and email transfer. When sending a message with Engage, the Engage MTA (Mail Transfer Agent) communicates with the MTA of the email provider. TLS is used to securely transfer your data to the email provider of your recipients. The messages are protected against unauthorized access. When transmitting a message from the Engage MTA to the MTA of the recipient's email provider, TLS encrypts not only the content of the message, but also additional information, such as the email address of the recipient and the subject of the message. For more information, see TLS (Transport Layer Security). |
Data Transmission and Encryption
Setting | Description |
|---|---|
Hash Encryption | Hash encryption functions can be used to encrypt and transmit confidential information. It is up to you to determine whether the security of this encryption is sufficient for your needs. Where can I use functions?
For more information, see Hash Encryption Functions. |
Transfer Security | The Transfer Security function provides different ways of managing sensitive Engage system data. This function is used when sensitive data is transferred via import or export with an external system. This data is entered in input fields in Engage. Previously, it was displayed as plain text. With transfer security, a Engage variable is created and inserted in place of the actual data. During data transmission to the external system, the variable is replaced with the actual value (for example, the password). This protects the external system against unauthorized access even when an unauthorized user gains access to the Engage system. The password cannot be discovered via input fields in Engage. For more information, see Credentials Options. |
TLS | Transport Layer Security is a protocol for encrypting data transmissions on the Internet. TLS is the most commonly used encryption for Web pages and email transfer. When sending a message with Engage, the Engage MTA (Mail Transfer Agent) communicates with the MTA of the email provider. TLS is used to securely transfer your data to the email provider of your recipients. The messages are protected against unauthorized access. When transmitting a message from the Engage MTA to the MTA of the recipient's email provider, TLS encrypts not only the content of the message, but also additional information, such as the email address of the recipient and the subject of the message. For more information, see TLS (Transport Layer Security). |