“Make sure the website you are on is safe and legitimate before giving any personal information.”
See also: https://www.broadbandsearch.net/blog/how-to-tell-website-safe-legitimate
Holder of web domain
- legal entity.
- read and write speed: fast, Solid-state drive (SSD);
- Internet Protocol version 6 (IPv6): yes;
- HyperText Transfer Protocol Secure (HTTPS): yes;
- HTTP Strict Transport Security (HSTS): yes;
- Domain Name System Security Extensions (DNSSEC): yes;
- DNS-based Authentication of Named Entities (DANE) email, port 25: yes;
- DANE prepared for url and www.url, port 443: yes;
- HTTP/2 network traffic optimization: yes;
- mail transfer agent (MTA): Exim and its configuration are kept up to date;
- url at en.internet.nl: 100%;
- MX mail servers / validity of outbound email at en.internet.nl: 100%;
- outbound email at mail-tester.com: 10/10;
- url at ssllabs.com: A+;
- url at securityheaders.com: A;
- url at dnsspy.io: B;
- url at immuniweb.com/websec: A;
- url at immuniweb.com/ssl: A+;
- url weak SSL cipher (s): optimized;
- email weak SSL cipher (s): optimized;
- regular cookies: httpOnly and secure;
- http compression: off, for security;
- OCSP stapling: enabled;
- detailed server information: hidden.
- email bodies at html5.validator.nu: green;
- backwards compatible at freeformatter.com/html-validator.html.
- use of CNAME: only if an IP address is not possible;
- time to live (TTL): one hour.
- most transactional mail with SMTP via aws.amazon.com/ses;
- forwarding with SRS (without DKIM) via cyberfusion.nl
(use of SRS in order to avoid a ‘forward of forward’ problem);
- number of DNS lookups in SPF: 4 of a maximum of 10 (tools.sparkpost.com/spf/inspector);
- number of void DNS lookups in SPF: 0 of a recommended maximum of 2.
Update / upgrade
- on selected, suitable, moments.
- backup interval: four hours;
- blank carbon copy (BCC) of email: external storage;
- redundant array of independent disks (RAID): none;
- implementing geographically different locations;
- implementing datacenter redundant.