Hard.Email

• All sub-domains that are not allowed to send emails are now protected by securing their respective MX, SPF, DKIM and DMARC records.
• DANE records have been refreshed. The main change was the 211 rollover record.

• We now have two mail servers for improved operational resilence.
• The primary MX is "secure.hard.email" and the secondary MX is "reliable.hard.email".
• Both use (a) completely different cloud service providers, (b) data centres in two different countries and continents, (c) different operating systems, (d)different open source software versions and (e) different backup arrangements.
• This reduces the chances of both servers going down in a cyber attack or insider threat.

• The whole stack has been brought to the bleeding edge of technology. This includes the latest Ubuntu (Development Branch), Linux Kernel 6.9rc, OpenSSL 3.2, and all other updates.
• Aligned with the Dutch NCSC IT Security Guidelines for TLS, I disabled the "aDH" Anonymous Elliptic-curve Diffie-Hellman key exchange.
• Temporarily, I have reintroduced TLS1.2 as some of the tools used for testing break. Of course, with Forward Secrecy only. Once testing is completed, I will go back to TLS 1.3 only..

This morning (21 Aug 2023), I engaged the services of a professional hacker from Eastern Europe to test the security of my server, located at https://hard.email. This server represents an academic proof of concept that has advanced to Release 3 of enhancements, with the overarching goal of surpassing the best in the world.

In Release 1, we demonstrated the potential to rival Soverin, which is the world's premier mail server, in my opinion.

In Release 2, we substantiated both qualitative and quantitative improvements when compared to the world's leading providers, including Soverin, Protonmail, and Tutanota.

Now, in Release 3, the time has come to distinguish ourselves from these industry leaders, as well as the rest of the field, through innovation. I have adopted a 'Minimalist Approach' to achieve superior cybersecurity. Traditional online services such as Sucuri and tools commonly employed by penetration testers like Zap have been rendered ineffective. They have all been rendered obsolete.

Let's see what Sergey can uncover through his hacking efforts. I will keep you updated.

The academic proof-of-concept at "Hard.Email" is consistently improving upon the top three competitors.

In an extremely competitive environment, I would consider Protonmail, Tutanota and Soverin to be the world's best email services. My objective is to do better than Soverin.net. That's all.