Is DMARC Digests secure and redundant?
Dmarc Digests is hosted on GCP (Google Cloud). We provide multiple levels of backups and redundancy to ensure uptime and peace of mind.
This includes:
- Fully redundant servers for the Web interface.
- Secure protocols (SSL / TLS) across the web, api and smtp endpoints.
- Separately hosted Help system.
- 256-bit SSL encryption on the web app and payment processing.
- All passwords are stored using one-way cryptographic hashing functions.
- We run a dedicated environment behind redundant firewalls and switches.
- Hardened, patched OS with frequent security updates.
Google Cloud details
The Google Cloud infrastructure puts strong safeguards in place to help protect customer privacy. All data is stored in highly secure Google data centers. For a detailed overview of all security and privacy measures, see the Google Cloud Security page. For a list of all current security accreditations, see the Google Cloud Compliance Resource Centre.
All access to the DMARC Digests interface is secured over SSL (HTTPS), ensuring the information is encrypted. Our SSL configurations are regularly and automatically scanned to ensure we can quickly remediate any vulnerabilities discovered, such as Heartbleed. Account passwords are encrypted in the DMARC Digests database, preventing even our own staff from viewing them.
Our staff may need to view DMARC reports and other account data to ensure compliance with the DMARC Digests Terms of Service.
Employee policies
Only a select few have access to the servers where data is stored. We go to great lengths to ensure the right balance between support and a secure infrastructure. Employees can only access accounts if they have explicit permission from an account owner or the account is in review for compliance of the DMARC Digests Terms of Service.
Redundancy and backups
DMARC Digests contains redundancy in as many areas as possible to avoid and recover from failure. This includes a load balanced and clustered environment with automatic recovery on physical hardware failures. Our data center includes redundancy across all aspects of potential failure including network transit, routing, and power.
Customer data is stored across redundant disk arrays with high availability failover protection. Backups are performed continuously and transferred offsite in accordance to our disaster recovery plan.
Reporting a security issue:
If you have discovered a security issue, please report it through our responsible disclosure process.