Email security


New Member
Hi Knownhost. I have to start by saying how happy I am with your service. My site has been running with no issues since its move.

I recently had somebody do a security review of my site (which is hiding behind cloud flare). The IP address is well hidden and cannot be found through conventional measures.

I was however informed that my VPS server's IP address can be found out by tracing emails sent from my server (through some sort of mailhost trace or header information - I'm not too sure). Can you give me any advice on how to better secure my email?

The security review recommended that I set up a separate mail server or use a hosted mail service provider. Does knownhost offer this? Do you have any reccomendations?
Hi Seal,

A separate mail server and hosted mail service provider would be another external server or service that hosted your email. I suppose you could provision another KH VPS to do this but I personally haven't done anything like that. I have seen numerous hosted email providers, they are plentiful although not very cheap.

I suppose if it were me and I had to meet the security requirements that my server's IP could not be traced even through an email that I would go the hosted route rather than provisioning a whole separate server just for email.

The requirements for your site must be quite rigorous, I'd ask what it was but then you might have to kill me! O.O
Hi Dan, I had a little dig around and I think cloudflare will be able to hide ip addresses from mail hosts too. Apparently all that is required to find out my mail host is for someone to query the host for my domain. I need to figure out how to set it up with mx hosts etc. I've not had a play around with those settings before.

And to satisfy your curiosity, my site offers bitcoin related services :). Would KnownHost ever consider accepting bitcoin? You totally should.
Hi Seal,

I looked in Cloudflare's support pages and found this which kind of makes it sound like maybe they don't do it themselves but perhaps that is old information and now they do :)

Thanks for the info...should I go try to change my identity now?? You would tell me right? RIGHT?? :D
Hey Seal,

Emails can always be traced to an IP by inspecting the headers. Dan is right in saying that if you want to hide the web server then you will need to use an external mail host. In this case though remember that if you have any scripts that send mail then they will need to use smtp and not sendmail. PEAR has a package for this that works well. You may want to read the AUP before launching your Bitcoin services too to make sure that you won't be in violation.