mailbox.org IP-Whitelisting: More security for companies
In today's digitalised world, the security of networks and systems is an increasingly important topic. One of the methods IT professionals use to secure networks and services is IP whitelisting. mailbox.org now offers IP whitelisting as a new feature for business customers. But what exactly is IP whitelisting and how can it help make your company more secure? In this article, we will go into what IP whitelisting is, how it works and in which scenarios it can be particularly useful.
In addition, another security-relevant feature for business customers is presented: the forced password reset.
New feature: IP whitelisting
- Access to e-mail inboxes is only possible via predefined networks
- Restrictions apply to login via the website and access to IMAP servers (when using e-mail clients)
- Maximum flexibility through individual configuration of individual mailboxes
- Multiple IP address records can be inserted as a comma-separated list
- Compatibility with IP standards IPv4 and IPv6
- Easy access via admin interface or API
New feature: Forced password reset
- Inboxes can be better protected against password theft in case of suspicion
- Users are forced to enter a new password after login
- Easy access via the admin interface or via API
What is IP whitelisting?
IP whitelisting is a security measure where only pre-determined IP addresses are given access to a particular service, website or network. Imagine a VIP list for a party: Only people whose names are on the list are allowed in. With IP whitelisting, it is not the names of people but the IP addresses of computers or networks that gain access.
When a computer tries to access a service that uses IP whitelisting, its IP address is compared to the whitelist. If the IP address is on the list, access is granted. If it is not on the list, access is denied.
This is often used to increase security, as only known and trusted addresses are granted access.
VPN as an ideal complement to IP whitelisting
The use of VPN (Virtual Private Networks) is widespread in the corporate world, especially to allow employees to securely access corporate networks from remote locations. This has become particularly relevant as many companies have moved to flexible working models such as the home office.
A VPN is used to establish a secure and encrypted connection between a user's terminal device and the corporate network. This encryption significantly reduces the risk of data theft and cyber attacks, as potential attackers cannot access the transmitted information.
More security through VPN and IP whitelisting
The combination of Virtual Private Network (VPN) and IP whitelisting provides organisations with a high level of security and control over data traffic. Both technologies have their own strengths, and when used together, they can provide a powerful solution for protecting sensitive corporate data. Here are some reasons why this combination is useful for businesses:
A VPN encrypts internet traffic so that external attackers cannot easily access data exchanged between the corporate network and external devices. IP whitelisting, on the other hand, ensures that only certain pre-approved IP addresses have access to the network. Combining the two creates an additional layer of security.
Companies are often subject to strict data protection regulations. The combination of VPN and IP whitelisting can help meet compliance requirements more easily by both encrypting traffic and strictly regulating access to the network.
Reduced risk of insider attacks
Because IP whitelisting only allows access to certain IP addresses, the risk of insider attacks is reduced. Even if an internal device is compromised, the attacker would not be able to perform malicious actions without a permitted IP address.
Reduction of attack vectors
The combination of VPN and IP whitelisting effectively reduces the attack surface vulnerable to potential cyberattacks. With fewer opportunities for attackers to penetrate the network, the entire corporate infrastructure is more secure.
Overall, the combination of VPN and IP whitelisting offers companies a robust and versatile security solution that can adapt to different requirements and threat models. It represents a sensible investment in the long-term security strategy of any modern company.
How to set up IP whitelisting for your company at mailbox.org
You can create an individual IP whitelist for each mailbox, giving you the greatest possible control and accuracy. If you want to protect a large number of mailboxes with IP whitelisting, you can also configure the IP whitelists as you wish via API.
If you work with your company via a VPN network - for example in the home office or during a business trip - the IP address of the employee remains constant through the VPN network.
In combination with IP whitelisting, only employees can access the login page of the web mailer or via an e-mail app through the VPN network.
Manually setting up IP whitelisting
Via the business administration, the IP whitelist can be set for each individual mailbox in the CIDR notation (Classless Inter-Domain Routing). This option provides the greatest flexibility and control for the administrator.
Using the API to set up IP whitelisting
If you have a larger number of mailboxes, you can of course also use our API. Using our API can reduce manual work and thus be a time saver and minimise the risk of errors. The method mail.set has been extended by the parameter allow_nets for this purpose.
How the new forced password reset works
mailbox.org has developed a forced password reset function for business customers, which is now available. This function can be used, for example, when a security incident is suspected.
How it works
- The administrator can select the relevant mailbox via the business account
- Activate forced password reset: Select the mailbox and click "Force password change at next login".
- At the next login, the mailbox user is prompted to enter a new password. The mailbox user receives this prompt on an intermediate page after entering his current password.
A password change can also be forced via the API. The method mail.set has been extended by the parameter "require_reset_password". You can find out more about this in our API documentation ->
- Security incident: If a security incident is suspected (such as a phishing attack), an immediate password reset may be required to prevent potential damage.
- Routine check: Companies could use this feature to perform regular password changes to keep security levels high.
- Increased security: A forced password reset can help increase security by immediately cutting off access if compromise is suspected.
- Compliance: Some industries and company policies require regular password changes, and a forced password reset can help ensure compliance with such policies.
- Ease of use: This feature allows administrators to centrally control and perform password resets, reducing administrative overhead.
As your secure email provider, we are pleased to contribute with these new features to help you as an organization effectively manage and improve your data security.