Blocking of Emails
As a preventative measure, we have further strengthened our company-wide IT security concept. All email communication at MENTZ, whether incoming or outgoing, is scanned for potentially dangerous content. The aim is to strengthen security within the company and ensure trustworthy digital communication with our customers.
As part of this concept, a catalog of rules was created that specifies which email attachments should be classified as potentially dangerous and result in the email being blocked.
The sender of the email will not receive an automatic notification if it has been blocked. They will be contacted by the intended recipient at MENTZ and informed about the reason it was blocked.
Attachments are blocked based on the following rules:
- Certain file types, including their compressed form (like .gz or .bz2 files) or those in archives (like .zip or .tgz files)
- Password-protected archives or archives that cannot be unpacked for scanning for other reasons
Blocked File Types
ADE, ADP, APK, APPX, APPXBUNDLE, BAT, CAB, CHM, CMD, COM, CPL, DLL, DMG, EXE, HTA, INS, ISP, ISO, JAR, JS, JSE, LIB, LNK, MDE, MSC, MSI, MSIX, MSIXBUNDLE, MSP, MST, NSH, PIF, PS1, SCR, SCT, SHB, SYS, VB, VBE, VBS, VXD, WSC, WSF, WSH
In particular, emails with attachments in Microsoft Office formats, which may contain macros, are blocked. This affects the following formats:
DOC, DOT, DOCM, DOTM, XLA, XLS, XLT, XLSB, XLSM, XLTM, XLAM, PPT, PPTM, POTM, PPSM, PPAM, PPA
Emails with Office documents that cannot contain macros (docx, xlsx, pptx) are not blocked. PDF files are also not blocked. Please convert Microsoft Office documents to one of the unblocked formats.
Emails without Attachments
Emails without attachments can also be blocked. This may occur if content, images or links were added that potentially contain malware.
Avoiding Spam and Phishing
The MENTZ email server evaluates incoming mail regarding SPF and DKIM. SPF and DKIM is correctly set for emails that are sent from mentz.net addresses.
When receiving emails from mentz.net addresses:
- Emails from mentz.net have a valid SPF entry in the header and a matching SPF entry in the DNS. Emails from a mentz.net address that do not match to the SPF in DNS are most likely NOT from MENTZ and possibly a phishing attempt.
- Emails from mentz.net addresses have a valid DKIM entry in the header and the corresponding and matching TXT entry in the DNS. Great caution is required for emails without a DKIM header or if the DKIM entry in the DNS does not match. Such emails are most likely NOT from MENTZ and probably a phishing attempt.
When sending emails to mentz.net addresses, please note the following:
- The SPF entry of the domain from which the email was sent should be valid and the content correct.
- The DKIM entry of the domain from which the email was sent should be valid and correct in content and the email should be signed in accordance with the DKIM standard.
- The configuration of domains in the DNS should be not have any errors. A useful tool for testing purposes is https://mxtoolbox.com/domain
- Emails should not contain potentially critical attachments, like Word or Excel files.
- If emails are signed with a certificate, it should not be a self-signed certificate, but should be from an official certification authority.
- The sender must comply with the technical standards required in RFC 5321 and RFC 5322. The delivering server must have a static IP address and a correct reverse DNS entry of the IP address used.