# Recommendations paymail lives on the public web. As such, it is recommended that standard defensive mechanisms are deployed. These include, but are not limited to: * maintain access logs * prevent information leakage, including through error messages * do not keep sensitive information on internet-connected servers * place limits on everything, even if they are high * rate limits * maximum message size limits * bad request limits (leading to a ban) * malformed requests * suspicious requests * secure the host operating system and environment * operate under the principle of least privilege * do not trust any input to any API endpoint * assume all API calls are hostile until proven otherwise * sanitize *everything* * keep software/library/dependency versions up to date There are additional concerns that are specific to the paymail service: * consider the meanings of request bodies * whilst it might be normal for an online retail store to receive a high volume of payment destination requests and pay to email posts, consider the amounts being paid. a valid transaction might not count towards some sort of ban limit, but maybe it should if the service receives thousands of dust transactions a second * infinite-loop payment destination requests might be valid but can lead to resource exhaustion, both CPU (during key derivation) and address space (individual Type 2 HD Wallet derivation paths, for example, are not infinite) * consider if the request is really probing for leaked information, rather than performing its intended function * see the [401 Unauthorised](https://web.archive.org/web/20240412220748/http://bsvalias.org/05-pay-to-email.html#401-unauthorized) response section of the [Pay-to-Email specification](https://web.archive.org/web/20240412220748/http://bsvalias.org/05-pay-to-email.html) for an example * consider risks to funds * use `xpub` or nChain public key derivation for payment destination discovery. do not keep wallet seeds or private keys in paymail services, as these are a gold mine waiting to be stolen by a malicious adversary --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bsvblockchain.org/paymail/recommendations.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.