Security and compliance posture, audited to the layer of the message.
Spinboss Protect treats each enforcement communication as a discrete artefact that must be authentic at origination, intact in transit, and reviewable in retention. The posture below is published as a public reference for counterparties and recipients.
SPF Authentication
Spinboss Protect publishes an authoritative SPF record enumerating each authorized relay and applies a strict -all fail-closed policy. Receiving systems that observe a message claiming this domain from an unauthorized origin will reject the connection at SMTP time.
DKIM Signing
Outbound messages are signed using RSA-2048 keys against rotating public selectors. Key rotation follows a published schedule with overlap windows to avoid signature breakage during transit.
DMARC Policies
DMARC is published at p=reject with adkim=s and aspf=s, ensuring receivers enforce strict alignment. Aggregate (rua) and failure (ruf) reports are ingested and reviewed.
TLS Encryption
All transport hops enforce TLS 1.3 with AEAD ciphersuites. MTA-STS policy is published at mode=enforce, and TLS-RPT surfaces transport failures for review.
Secure Mail Relay
A dedicated authenticated relay tier handles all enforcement communications, isolated from any general-purpose corporate mail systems. Each relay is independently attested with a published fingerprint.
Infrastructure Logging
All ingress, signing, dispatch, and acknowledgement events are written to append-only logs with content-hash chaining, retained under documented retention windows.
Compliance Monitoring
Continuous monitoring tracks authentication posture, retention compliance, retention window expirations, and counterparty acknowledgement SLA adherence.
GDPR Alignment
Personal data referenced in correspondence is minimized to what is strictly necessary, retained under documented retention windows, and subject to data-subject rights under the GDPR and equivalent regional frameworks.
Data Retention Policies
Correspondence and operational logs are retained for the durations published in our Compliance Statement, after which they are securely destroyed or anonymized under written procedure.
Abuse Prevention Framework
An abuse prevention framework governs the dispatch of enforcement notices, including duplicate detection, claim verification, and proportionality review prior to outbound action.
Incident Escalation Standards
Incidents affecting infrastructure integrity, key custody, or counterparty acknowledgement are escalated under a documented severity matrix with paired-approval response.
Operational Integrity Controls
Separation of duties, paired approval for material change, immutable change logs, and external review on a documented cadence enforce operational integrity.
Infrastructure topology
The simplified topology to the right shows the five logical layers any outbound enforcement message traverses: ingress gateway, authentication (SPF/DKIM/DMARC), TLS relay, verification core, and audit logging. Every layer is independently attested.
Each layer publishes a fingerprint on the Infrastructure Status page, allowing counterparties to confirm that the layer was operational and unaltered at the moment a referenced message was dispatched.
