<img src="https://ad.ipredictive.com/d/track/event?upid=110231&amp;url=[url]&amp;cache_buster=[timestamp]&amp;ps= 1" height="1" width="1" style="display:none">
Post | Dec 4, 2025

Halon Protect 17: stronger protection with Perimeter, OpenID Connect, and full S/MIME support

By Halon

Just in time for the festive season, Halon Protect 17 is here and brings a handful of upgrades to help you end the year on a strong note. We continue to introduce improvements that allow service providers to stay ahead of today’s email threats while making day-to-day email operations smoother for security and operations teams. 

This release introduces a new feature developed in collaboration with industry leader, Spamhaus, adds OpenID Connect, expands accessibility improvements across the web admin interface, and so much more. 

Let’s dig in! 

Introducing Halon Perimeter

Introducing roadblocks for unknown or less-well-known IP addresses and domain names is an effective way to reduce malicious email, such as spam and phishing. Service providers can temporarily defer, and then limit the number of concurrent connections and the rate of email for such sources. This gives reputation sources and content filters some time to classify outbreaks and build reputation, while at the same time prohibiting email sources that are not known to send large volumes of legitimate email from delivering too many emails to your system. Very large providers can build such data sets in-house, but others will struggle to do so as they lack a global view of volumes and consistency for all email sources.  

That’s why we’re incredibly excited to introduce our newest feature, Halon Perimeter, developed in close collaboration with Spamhaus. It leverages Spamhaus intelligence to help providers of all sizes apply adaptive controls to unknown or less-well-known sources. The result: fewer outbreak spikes reaching your downstream filters, and reliable delivery of legitimate traffic during high-volume attacks.

OpenID Connect support for the web administration interface

Because single sign-on shouldn’t require workarounds.

Halon’s web administration interface now includes full support for OpenID Connect (OIDC), which is the de facto standard for modern single sign-on (SSO). It’s an interoperable authentication protocol that builds on OAuth 2.0 (RFC6749 and RFC6750) to allow users to sign in to applications securely using an identity provider. Benefits of this feature include:

  • Faster, simpler SSO integration
  • No proxy required for a cleaner architecture
  • Better interoperability across modern platforms.

Accessibility improvements across the web admin interface

Email infrastructure is mission-critical and should be accessible by everyone.

It’s important to make sure that everyone, including people with disabilities, can use the tools your business relies on. Meeting accessibility standards isn’t just a compliance exercise; it removes friction for your teams, supports diverse teams, and ultimately improves productivity.

WCAG, along with the European EN 301 549 standard, provide a clear framework for evaluating whether tools meet these expectations. Halon’s web administration interface is built with accessibility in mind. In Halon Protect 17,  we’ve introduced numerous improvements, such as color and contrast adjustments, text resizing capability, alternative functionality to dragging movements, and improved content structure to enhance accessibility. We’ve also added processes and automated checks before each software release to ensure new features don’t introduce regressions. 

Full S/MIME support for gateway-enforced encryption

A major security upgrade for organizations that require end-to-end standards. S/MIME is the most widely supported standard for public-key encryption and signing of email, and is built into the majority of modern email clients. 

Building upon our existing PKCS7 signing functionality, we’ve now added full support for Cryptographic Message Syntax (CMS), including signing, verification, encryption, and decryption. 

This enables organization-wide, gateway-enforced email encryption without requiring users to change tools or workflows. This is ideal for providers supporting regulated industries or customers with strict security requirements.

Other improvements in Halon Protect 17

A few smaller (but valuable) additions worth calling out:

MSUI forward authentication with SMTP

While Halon Protect has supported forward authentication with protocols like SMTP for email injection since its inception, the end-user management interface “MSUI” has relied primarily on single-sign-on (SSO) or locally configured users. 

For some providers, however, being able to forward authentication using SMTP helps simplify the overall authentication integration complexity. Another improvement is the ability to configure approved quarantine forward/report destinations.

Dropping libspf2 library dependency

Sender Policy Framework (SPF) is an old but fundamental protocol to ensure that a server is authorized to send email from a given MAIL FROM domain name. The open source libspf2 library has been the de-facto standard for many years, but now the time has come for us to move on to an in-house implementation that we can couple more tightly with our software.

Getting started

Halon Protect 17 is designed to help providers reduce malicious email, improve admin security and usability, and deliver encryption features customers increasingly expect. Ready to upgrade? Reach out to your Halon representative or contact us to have a chat. We’d love to help you take advantage of all the new features. Finally, we’d like to wish all our clients, partners, and the wider community happy holidays and a festive season ahead. 

Spread the news