The following are best practices from this chapter:
Thoroughly plan and design the organization's PKI.
Use a User certificate when users require access to multiple certificate services.
Customize certificate templates.
Use smartcards.
Use S/MIME to sign and encrypt messages.
Use IPSec to encrypt communications between front-end and back-end servers.
Limit SMTP message size.
Use TLS to secure SMTP.
Disable auto-replies.
Control the distribution group maximum recipients limit.
Use the strongest authentication methods possible.
Avoid allowing anonymous access.
Secure mail relay servers.
Configure automatic SSL redirection.
Open only ports that are absolutely necessary for communication.