Technical

“Make sure the website you are on is safe and legitimate before giving any personal information.”
See also: https://www.broadbandsearch.net/blog/how-to-tell-website-safe-legitimate

Holder of web domain
  • legal entity.
State-of-the-art
  • read and write speed: fast, Solid-state drive (SSD);
  • Internet Protocol version 6 (IPv6): yes;
  • HyperText Transfer Protocol Secure (HTTPS): yes;
  • HTTP Strict Transport Security (HSTS): yes;
  • Domain Name System Security Extensions (DNSSEC): yes;
  • DNS-based Authentication of Named Entities (DANE) email, port 25: yes;
  • DANE prepared for url and www.url, port 443: yes;
  • HTTP/2 network traffic optimization: yes;
  • mail transfer agent (MTA): Exim and its configuration are kept up to date;
  • url at en.internet.nl: 100%;
  • MX mail servers / validity of outbound email at en.internet.nl: 100%;
  • outbound email at mail-tester.com: 10/10;
  • url at ssllabs.com: A+;
  • url at securityheaders.com: A;
  • url at dnsspy.io: B;
  • url at immuniweb.com/websec: A;
  • url at immuniweb.com/ssl: A+;
  • url weak SSL cipher (s): optimized;
  • email weak SSL cipher (s): optimized;
  • regular cookies: httpOnly and secure;
  • http compression: off, for security;
  • OCSP stapling: enabled;
  • detailed server information: hidden.
HTML compliance
DNS settings
  • use of CNAME: only if an IP address is not possible;
  • time to live (TTL): one hour.
Incoming email
  • own fallback mail server.
Outbound email
  • most transactional mail with SMTP via aws.amazon.com/ses;
  • forwarding with SRS (without DKIM) via cyberfusion.nl
    (use of SRS in order to avoid a ‘forward of forward’ problem);
  • number of DNS lookups in SPF: 6 of a maximum of 10 (tools.sparkpost.com/spf/inspector);
  • number of void DNS lookups in SPF: 0 of a recommended maximum of 2.
Update / upgrade
  • on selected, suitable, moments.
Backup
  • backup interval: four hours;
  • blank carbon copy (BCC) of email: external storage;
  • redundant array of independent disks (RAID): none;
  • implementing geographically different locations;
  • implementing datacenter redundant.