Quis custodiet ipsos custodes?
(Who will watch the watchers?)
Juvenal ~100AD
By now you should have a web site and email server both with SSL to help protect them.
It is not finished however. What is needed now is to check how secure both your web site and email server are considered to be. This is important as without fixing security issues:
1. People will be reluctant to use your site and email as it will be flagged as insecure.
2. There is a real risk of your system becoming corrupted and compromised to act as system for hackers.
Thankfully there are third party services who can help and many of them are free to a certain level. You will probably find that initially there are many issues but once you fix the major ones you will only have low risk ones left. You will have to use google and other services to fix the issues found.
Note that this is a work in progress as more security risks are found. It should be done regularly as things change.
I found the sites very useful in identifying and fixing many obvious faults in both web site and email security. With a secure web site and email system you will vertainly have more web site traffic. You can even test the security of commercial web sites and I am certsin you will be surprised by the results!.
There are several available.
I list the ones I found useful:
You enter your domain name and a series of tests are performed and a report produced.
It gives your site a security risk level from minimal to critical.
It covers malware, blacklist status, and various hardening measures.
You enter your domain name and a series of tests are performed and a report produced which you access from an email link.
It is fairly comprehensive and gives a detailed list of risks and the level of those risks, together with information on resolution.
You enter your domain name and a series of tests are performed and a report produced.
It looks mainly at your SSL implementation.
Your site is rated from A+ to F with T as trust issues. It is useful to verify that your SSL implementation is correct and without issues.
You send an email from an account on your sever and it rates the email system on a rating from 0 to 10.
I lists all risks it can find with what needs to be done to address them. It also verifies that you are not on any blacklists.