GreenArrow Documentation

Security

Q. What type of security comes with GreenArrow products and services?

This is a broad question, so the answer has been broken down into the categories show below.

Email Security
  • GreenArrow Engine DKIM signs outgoing messages using industry standard, 1024-bit RSA private keys by default. During the setup process, and ongoing support, we work with you to verify DKIM is properly setup. Using DKIM makes it more difficult for others to send emails that claim to be sent by you. If you wish to use a key length longer than 1024-bits, that option is available to you as well. See the Creating a New DKIM Key page for more details.
  • We work with you to configure SPF and Sender ID authentication based on your dedicated pool of IP addresses. Using SPF and Sender ID makes it more difficult for others to send emails that claim to be sent by you.
GreenArrow Software Security
  • Only you, GreenArrow support staff, and people who to you grant access to are provided login information for your GreenArrow server.
  • Your server is eligible to receive quarterly updates as new features are developed. If a security vulnerability is identified in GreenArrow’s software between updates, your server is updated soon after the vulnerability is corrected.
Database Security
  • GreenArrow’s PostgreSQL database does not accept remote connections in its default configuration. If you need to connect to GreenArrow’s PostgreSQL database remotely, we work with you to identify which IP address(es) to authorize, and authorize only those IP addresses to connect. In order to provide additional security, we encrypt remote PostgreSQL connections using TLS/SSL.
  • Remote PostgreSQL users are given restricted access when possible. For example, if you need to connect to GreenArrow Engine’s database to query the events table for click, open, and bounce statistics, then a PostgreSQL account will be created that only has permission to access the events table.
Server and Operating System Security
  • Your GreenArrow installation is hosted on a dedicated virtual machine. None of GreenArrow’s other customers share your virtual machine.
  • Your GreenArrow server sends mail off of a pool of IP addresses that are dedicated to you. You aren’t sharing IP addresses with any of our other customers, so you have more control over your IP address reputation than you would with an ESP that sends your mail using a shared pool of IP addresses.
  • We monitor all IPs in our hosted environment for listings in the zen.spamhaus.org DNSBL. This blacklist is checked once an hour. GreenArrow’s technical and deliverability staff are notified if any of your IPs are listed.
  • KernelCare is used to automatically patch the Linux kernel on your server without requiring reboots.
  • fail2ban is used to automatically block IP addresses with 3 or more failed SSH login attempts.