Securing user by means of e-mail server Of cause best we can is to stop possible attack before it reaches the user. If we really can. What can we do and what kind of attacks can or can't be stopped this way? First, we have to do all possible limitations. Remember: nothing is unlimited in this world. If you have unlimited mailbox size, message size, number of recipients in the single message, string size inside message, number of messages in the mailbox, etc you can get an unpredictable behavior of client program (MUA) leading to DoS or may be code execution. Everything can be limited should be limited. It doesn't mean you have to restrict your users: all border values must be chosen to not affect normal user's operations. We can try to prevent address book attacks. It's not hard to make a filter, for example for sendmail's mfilter API to detect situations like From: [email protected] <[email protected]> or From: user1@ <[email protected]> host2.com and to normalize it to From: [email protected] <[email protected]> We can store archive of all e-mails for long period of time. It may be extremely helpful for incident handling We can setup antiviral software and/or content filtering software to filter possible malware messages. It should be noted, that any software of this kind helps you to protect your users, but never guarantees protection. This kind of software always looks for some signatures (even if you simply check for .exe attachments). This set of signatures will never be complete, because different software may use different algorithms to detect attachments, specially if message has non-RFC formatting. There is always a way to compose a message which will be processed by filter and, for example, by Outlook Express in different ways with different results. SECURITY.NNOV maintains a page, "Bypassing content filtering software", we publish all known ways to bypass this kind of protection. You can read it here http://www.security.nnov.ru/advisories/content.asp Please note this page is constantly updated. Same mailfilter API I told before may be used to limit possible malcrafted messages, for example ones with '\0' characters, '\n' or '\r' characters, oversized strings, double headers, etc. It may be very helpful, but it's just another "security through obscurity" method, so, it still gives no protection guarantee for you. Mailfilter API can also be used to detect an block spam. SPAM is a huge problem (a large amount of SPAM may be treated as denial of service against user, because he processes amount of unwanted information) instead of doing his job. Currently I began to work on mailfilter to support all features listed. It will be published as soon as I'll get working version.