Security Gateway 6.5 – With Improved Attachment Handling & Database Support

If you’re in charge of managing your company’s email, whether you’re running an in-house Exchange server or Office 365, you’ve certainly become all too familiar with the latest threats posed by cybercriminals – threats that go far beyond the old-school Nigerian Prince email scam that has become the brunt of jokes over the past couple of decades. So if protecting your employees from email-borne scams is important to you & your business, a secure email gateway to protect against phishing, malware, data leaks and other threats would be a sound investment.

If you’re looking for email security solution that will block the most spam, viruses, and phishing threats, with user-friendly email traffic reports, email archiving, and Data Leak Prevention (DLP) at a price that’s affordable for small businesses, consider Security Gateway for Email Servers.

Announcing Security Gateway 6.5!

This week, we released Security Gateway 6.5, with improved attachment handling and external database support.

Macro Detection in Office Documents

Cybercriminals often use macros in email attachments to spread malware. In Security Gateway 6.5, the Cyren Antivirus engine can be configured to detect macros in Microsoft Office documents and flag them as infected.

SecurityGateway for Email Servers - Antivirus Flag Macro
SecurityGateway for Email Servers – Antivirus Flag Macro
Improved Handling of Restricted Attachments

Messages sent from Microsoft Outlook in Rich Text format are sent with an embedded file containing formatting data. Receiving email clients that do not understand this data may display it as a Winmail.dat attachment. To prevent users from bypassing the restricted attachments list by attaching restricted file types to rich text emails, SecurityGateway can now look inside Winmail.dat attachments for restricted file.

Security Gateway can now also scan RAR archives for restricted attachments.

External Database Support

Security Gateway installs with its own embedded Firebird database, however, in the latest release, administrators can configure Security Gateway to use an external Firebird database for improved performance.

Other Improvements

These are just the highlights. Additional features include email archive journal reports plus enhancements to manage archive and Sieve scripts via the API. You can read the full list of new features here in the release notes, or download your free trial to begin protecting your business against the latest threats!

Recent Business Email Compromise (BEC) Scams are Reminder to Educate Users

Online scams are nothing new. But as email has evolved and improved, so have scammers and the messages they send. Nefarious emails, attachments and links now appear sophisticated and look legitimate, sometimes tricking even the most meticulous user.

Billions Lost to Business Email Compromise

Over the last three years, organizations all over the world have lost a collective $26B to a very specific type of email scam – Business Email Compromise, or BEC. Recently, a BEC scheme in Spain was brought down, but not before taking over €10M. A scammer in Canada impersonated a contractor and fooled city employees out of over $1M. And the FBI is investigating a network of over 80 people across multiple countries in an attempt to use a BEC plot to steal $46M.

Why do BEC Scams Work so Well?

Top 10 Business Email Compromise Protection Tips
Top 10 Business Email Compromise Protection Tips

BEC emails are advanced phishing scams, and they’re on the rise. But what makes a BEC attack so dangerous, and so effective?

BEC Scams are Highly Targeted

Scammers aren’t blasting thousands of the same email. They’ve done the research, monitoring the company’s website and social pages. They find the appropriate target, and groom them by sending multiple conversational emails, establishing trust.

They Contain No Malware

Unlike the old style of phishing, where users are told to click on a link, BEC emails have no spammy links. This means they can sometimes evade spam filters, and the end user doesn’t see any red flags.

They Exploit Human Nature

BEC emails imitate an actual person, complete with real-looking email addresses, formatting, company names, and titles. The victim has unknowingly been emailing back and forth with the scammer and trusts that they are who they claim to be. So when asked to send bank information, for example, the victim assumes the request is authentic and complies.

They are Often Under-reported

Victims often don’t realize they made a mistake until much later. And even upon realization, many companies don’t report the incident for fear of damaging their reputation with their customers. Not reporting such incidents allows perpetrators to simply move on to their next victim.

Learn How to Stay Protected Against these Email Scams

Preventing losses to Business Email Compromise is the responsibility of both the end user and the IT administrator. To stay protected, follow these tips:

End Users:
  • Double-check the sender email address & recognize spoofing and other impersonation tactics. MDaemon Webmail displays the full email header to help users identify spoofed emails.

    MDaemon Webmail Full Email Header Display
    MDaemon Webmail Full Email Header Display
  • Don’t overshare on social media
  • Don’t open email from unknown sources
  • Verify all wire transfer requests via phone or face-to-face
  • Know customers’ & vendors’ business practices
  • Run antivirus software often
  • Use two-factor authentication
  • Forward, don’t reply. Ensures you manually enter the appropriate email address.
Administrators:
  • Enable reverse lookups to verify the legitimacy of the sender
  • Use the antivirus features in MDaemon and SecurityGateway to scan all inbound and outbound email traffic
  • Require users to use SMTP Authentication
  • Use SPF, DKIM & DMARC to secure your domain against spoofing
  • Require two-factor authentication
  • Require strong passwords
  • Provide regular end-user training
  • Run antivirus software often and make sure virus signatures are up-to-date

While traditional security measures such as network defenses and email gateways can be effective at blocking most varieties of spam, the bottom line is that the most critical part of stopping BEC attacks is user awareness and education.

3 Ways Security Gateway for Email Helps Businesses Stay Compliant

Staying informed of the latest data privacy regulations can be a challenging endeavor, with a plethora of different security and retention requirements based on industry. And as these laws and regulations continue to evolve, businesses will need to evolve as well to keep up.

The timeline for compliance with new data privacy laws is “yesterday”

As Cynthia Cole, special counsel in the Palo Alto technology practice at law firm Baker Botts says in a recent interview, the timeline for data privacy compliance is “yesterday”. And because cybercriminals continue to target users with phishing campaigns and malware downloads, user education continues be a top priority.

So whether you use Office 365, Microsoft Exchange, or any other on premise or cloud hosted email service, are you confident you are protected from accidental or intentional exposure of confidential information contained in email, such as Social Security or Tax-ID numbers, or bank account numbers?

Archiving with Data Retention & Legal Hold in Security Gateway

Security Gateway includes built-in archiving and data retention policies, plus legal hold, to help businesses meet evolving data retention laws. It’s simple to set up and can help your business avoid serious litigation headaches.

Prevent Leaks of Sensitive Data

Companies of all sizes continue to suffer data breaches, and while the larger victims often make the news, many smaller companies don’t, and as many businesses have reported losses, countless more have fallen victim but have chosen not to report the incident in order to protect their reputation.

A small, early investment in additional email security and compliance can help your business avoid much costlier losses later.

Security Gateway’s Data Leak Prevention feature can help protect businesses against the loss of confidential business data transmitted via email, such as PHI (protected health information), financial data, Social Security numbers, and much more. Messages containing sensitive data can be encrypted or sent to the administrative quarantine for further review.

If you’re ready to start protecting your business against regulatory violations and data leaks, sign up for a free trial of Security Gateway for Email, and if you have questions, leave us a comment or click here to contact us by phone or email.

Announcing MDaemon 19.5 – With Redesigned Mobile Webmail & More!

The news is out. There’s a new version of MDaemon Email Server, with new features and improvements to benefit both administrators and end-users alike!

New Features for Administrators

Centralized Management of Email Client Signatures

Most businesses follow certain custom branding practices in their email communications, but inevitably there will be those end users who have not updated their email signature to adhere to these branding practices, introducing inconsistencies in the company’s branding image. To help businesses maintain consistent branding and appearance of company email, MDaemon administrators can now configure default and per-domain email client signatures that are personalized for each user and pushed to supported email clients (MDaemon Webmail and MDaemon Connector for Outlook).

Both plain-text and HTML signatures are supported, and macros can be used (here’s a handy macro reference guide) to automatically populate various fields from the user’s account. You can even add images and links!

MDaemon Email Server - Client Signatures
Centralized management of email client signatures

When using MDaemon Remote Administration, adding signatures is made even easier using the available editing and formatting tools. You can even add your company logo by simply dragging the image into the window.

Centralized management of email client signaturs with MDaemon Remote Adminisration
MDaemon Remote Administration – Default Email Client Signature

Macro Detection in Email Attachments

Cybercriminals often attach Microsoft Office files containing malicious macros to their spam & phishing email messages. They then use social engineering to try to trick the user into opening the attachment (which may be disguised as an invoice, payment receipt or legal document) and enabling macros. From there, the macro goes right to work, unleashing malware that can take down your network, or ransomware that can take days to remove, costing your businesses thousands of dollars in lost revenue.

To help prevent these attachments from reaching users, MDaemon Antivirus has a new setting to detect macros in documents scanned by Cyren AV and flag them as infected for further review by the administrator.

MDaemon Antivirus - Macro Detection in Attachments
MDaemon Antivirus – Macro Detection in Attachments

New Features for End Users

New Mobile Theme for Webmail

These days, most people use their smartphones for just about everything, from banking or surfing the Web, to conducting business via email, so whether you’re using the largest Microsoft Surface tablet, or the smallest iPhone or Samsung Galaxy, you need access to your most important email and collaboration features at all times.

Redesigned MDaemon Webmail for Mobile Devices - with responsive design for mobile phones and tablets
Redesigned MDaemon Webmail for any Screen Size

To help users on the go stay organized, the Mobile Theme for MDaemon Webmail has been redesigned with a more modern look, and includes a variety of new features previously only found in desktop themes. New email management features include email templates, personalized categories, drag & drop email filters, email signature editor with support for multiple signatures, deferred delivery, message snooze, message recall, and sorting options.

Calendar features for the new Mobile Webmail theme include importing and exporting in CSV or ICS (iCal) format, support for external calendars, private access links, simultaneous multi-calendar view, and much more.

But that’s not all…

These are just the major highlights. You can read the full list of improvements in the MDaemon Release Notes.

Still using Exchange? Are you unhappy with your hosting provider’s product support? Try MDaemon free for 30 days, or visit our MDaemon Hosted Email Options page to sign up for hassle-free cloud hosted email!

Security Gateway a High Performer Again – G2 Crowd 2019 Fall Report

We’re proG2 Crowd High Performer 2019ud to announce that Security Gateway for Email has once again been named a High Performer in Secure Email Gateways by G2 Crowd in their Fall Report. And if you are looking for a hosted solution, Security Gateway also was recognized as a top Cloud Email Security solution.

Security Gateway for Email Servers - High Performer 2019
Security Gateway for Email Servers – High Performer 2019

G2 Crowd awards are based on honest reviews from users. In other words, the product is recognized because of the feedback from users just like you who use the product every day; awards that reflect a superior customer experience.

The data from G2 Crowd speaks for itself – Security Gateway received satisfaction ratings above 90% in the Ease of Set Up, Ease of Use, Ease of Admin, and Quality of Support categories; ratings that exceed the category average scores.

Why Users Love Security Gateway

Easy to Use 

Security Gateway Review from G2 Crowd

SecurityGateway is designed to be simple and easy-to-use. Set-up, configuration and maintenance is easy for the administrator, and every-day tasks like accessing quarantine reports is easy for the end user.

Best Results

Security Gateway for Email Review - G2 Crowd

With SecurityGateway you get results, which means you DON’T get malicious emails in your inbox. We protect email communications for businesses of all sizes and verticals, regardless of which email platform they use and whether it’s in-house or in the cloud.

Reliable

Security Gateway Review

Try Security Gateway for Free and Compare its performance and Cost to Your Current Solution

Security Gateway is one of the best email security gateways in the market. Find out what organizations of all sizes already know – Security Gateway saves you time, headache and money.

Click here to learn how Security Gateway can protect your email!

Office 365 Vulnerabilities Every Business Should Consider

While many businesses are moving their email from on-premises to the cloud, many that have already made the switch have discovered that cloud hosted email has its share of drawbacks to go along with the benefits these businesses had originally sought.

To help businesses make the right decision when choosing an email and collaboration solution, we’ve created the following infographic to illustrate key areas to consider when deciding whether to use an on-premise email server such as MDaemon or to go with G Suite, Office 365, or another hosted email provider.

Contact us if you’d like to learn more about MDaemon. We also offer personal demos for businesses needing an overview.

Infographic: Top 10 Reasons to use MDaemon Email Server over Office 365
Top 10 Reasons to use MDaemon Email Server over Office 365

 

We’re Extending our Summer Savings Discount on MDaemon Email Server & Security Gateway for Email Servers!

As we endure the heat of the “dog days” of summer here in the northern hemisphere, we start to see tell-tale signs of the approaching end of summer – kids going back to school, the sun setting slightly earlier each night. But not all good things must end in August. Therefore, I’m excited to announce the extension of our 15% off Summer Savings promotion – now through September!

Through September 30, when you make a new purchase of MDaemon or purchase, renew, or upgrade Security Gateway, you’ll automatically receive 15% off the regular price.

Whether you’re tired of the expense and headache of managing Microsoft Exchange Server, or are looking for a secure, affordable alternative to Kerio, IceWarp, or Gmail, MDaemon’s migration tools can help you migrate your business email and groupware data.  Additional migration information and how-to guides for Security Gateway can be found on our Literature page.

Compare MDaemon and Security Gateway for Email Servers with your current solution, or click here to download your free trial!

Phishing Email Uses Google Drive to Get Past Microsoft Security

Phishing, email scams, tips to avoid spear-phishing

This week, Threatpost reported on a new spear-phishing attack that uses email sent via Google Drive claiming to be the CEO of the targeted company sharing important information with the recipients.  The email came from Google Drive, but the sender address didn’t match the company’s standard naming convention for email addresses.

Because the message was sent by a legitimate email service, it was able to bypass Microsoft Exchange Online Protection on its way to users’ inboxes.

You can read the full article here.

No Spam Filter or Email Gateway can Block 100% of All Spam

Spam Filters and Email Gateways have proven quite effective at blocking most of the junk email that gets sent by the thousands on a daily basis, but cyber criminals are always looking for new ways to bypass email security measures through social engineering, new strains of malware, and newly-discovered security flaws reported in  Microsoft Exchange Server and cloud email platforms. That’s why user training will continue to be a top priority for all businesses that use  email.

Tips to Avoid Phishing and Business Email Compromise (BEC) Attacks

In a prior post, I listed the following 10 tips to avoid falling victim to phishing emails.. Here’s a brief summary. You can read the entire post here.

10 Tips to Identify a Phishing Email

  1. Watch out for messages disguised as something expected, like a shipment or payment notification.
  2. Watch for messages asking for personal information such as account numbers, Social Security numbers, and other personal information. Legitimate companies will never ask for this over email.
  3. Beware of urgent or threatening messages claiming that your account has been suspended and prompting you to click on a link to unlock your account.
  4. Check for poor grammar or spelling errors.
  5. Hover before you click!
  6. Check the Greeting – Is the message addressed to a generic recipient, such as “Valued customer” or “Sir/Madam?” If so, be careful & think twice!
  7. Check the Email Signature – In addition to the greeting, phishing emails often leave out important information in the signature. Legitimate businesses will always have accurate contact details in their signature, so if a message’s signature looks incomplete or inaccurate, chances are it’s spam.
  8. Don’t download Attachments
  9. Don’t trust the From address –Know the difference between the “envelope From” and the “header From” addresses.
  10. Don’t Enable Macros –  Never trust an email that asks you to enable macros before downloading a Word document.

These 10 tips are explained in more detail in this post.

10 Tips to Protect Against Business Email Compromise (BEC) Email Attacks

Business Email Compromise goes beyond standard spam techniques by exploiting human nature and the trust established between employees and members of the executive team. Scammers use social engineering, CEO impersonation, and a variety of other techniques to trick users in accounting, finance, or other high-power positions into transferring money into the scammer’s accounts. These attacks are well-executed and targeted at specific individuals, and often take more time to plan and launch due to the amount of research that goes into these attacks. Cyber criminals use publicly available information on sites such as LinkedIn, Facebook and even the website of the targeted victim to gain insight into the company’s business practices. They will often study the writing styles of the executive team, allowing them to craft convincing emails that appear authentic to employees.

Because Business Email Compromise attacks are often so well-crafted, they are able to bypass standard security measures. These tips should help you identify a Business Email Compromise attempt if one should slip through your spam filter or email gateway.

  1. Train Users to recognize these Common Impersonation Tactics used by Cybercriminals
    • Domain Name Spoofing
    • Display Name Spoofing
    • Lookalike Domain Spoofing
    • Compromised Account
  2. Secure your Domain by registering similar domains.
  3. Don’t Over-share on Social Media
  4. Use SPF, DKIM & DMARC to protect your domain from spoofing.
  5. Use Two-Factor Authentication
  6. Use Strong Passwords
  7. Don’t trust unknown sources
  8. Establish strict processes for wire transfers
  9. Provide regular end-user training
  10. Run antivirus software often

You can learn more on how to avoid Business Email Compromise attacks here.

No business is too big or too small to fall victim to email-borne scams. In fact, cyber criminals often target smaller businesses based on the assumption that smaller companies are less likely to have the latest security systems in place. MDaemon Email Server and Security Gateway for Email Servers include a variety of features to protect businesses from spam, malware, and leaks of sensitive business data.

15% discount during August, 2019 for MDaemon Email Server and Security Gateway for Email Servers

Looking for a secure, affordable email and collaboration server or email security gateway for your business? This month, we’re offering a 15% discount off the price of MDaemon Email Server (new purchases), and Security Gateway for Email Servers (new, renewal, and upgrades).

Comments? Question? Let us know. We’re here to help!

 

Security Gateway’s Built-in Archiving and Cloud-Based Email Integration Just got a Major Update!

fSecurity Gateway for Email Servers version 6.1. release with archiving, legal hold, and data retentionWhen it comes to email archiving, businesses require features that go beyond simple message replication in order to meet expanding regulations. And because every email solution, whether it’s on-premises or in the cloud, needs strong anti-spam/anti-malware filtering, it makes sense to combine archiving and security into a single product. To address the growing demand for a combined email security/archiving solution, archiving was added to Security Gateway for Email Servers in version 6.0.

Security Gateway’s Integrated Archiving Just Got a Lot Better!

With Security Gateway 6.1, the integrated archiving feature received a major upgrade with these new features for legal compliance and cloud email integration:

  • Legal Hold

Security Gateway’s new Legal Hold feature will prevent emails from being deleted from the archive, regardless of any other settings, user permissions, or retention periods.

Legal Hold - Security Gateway for Email Servers
Legal Hold – Security Gateway for Email Servers
  • Minimum Archive Retention Period

Businesses must meet a variety of data retention laws, and these laws vary by country or region. In the United States, many businesses must store archived emails in compliance with the following laws and retention policies:

  • IRS Regulations (for all companies) – 7 Years
  • Sarbanes Oxley Act (SOX – For all public companies) – 7 Years
  • Freedom of Information Act (FOIA – Federal, state & local agencies) – 3 Years
  • Department of Defense Regulations (for contractors) – 3 Years
  • Health Insurance Portability and Accountability Act (HIPAA) – 7 Years

To meet these and other growing regulations, administrators can assign a minimum retention period for all archived email messages. During this time, archived messages cannot be deleted regardless of any other settings or user permissions.

Email Retention Period - Security Gateway for Email Servers
Email Retention Period – Security Gateway for Email Servers

Improved Cloud/Hosted Email Integration for Microsoft Office 365 & Azure

Security Gateway’s automatic user creation feature helps reduce administrator workload by verifying whether an email sent to or from a local domain contains a valid email address, and then automatically adding the account once the email address has been verified.  With Security Gateway 6.1, this process has gotten much easier for businesses using cloud email services, with a new option to verify users by querying Microsoft Office 365 or Azure Active Directory.

Office 365 & Azure User Verificatioin - Security Gateway for Email Servers
Office 365 & Azure User Verification – Security Gateway for Email Servers

Other New Features

Other new features for Security Gateway include:

  • Whitelist & Blacklist Search – A search field was added to the Whitelist and Blacklist screens to help administrators find listed email addresses more easily.
  • Quarantine reports can now be sorted by score. This makes it easier to identify false-positives, which will likely have lower scores.

For the complete list of updates, please see the Security Gateway release notes.

If you aren’t yet protecting your business email with Security Gateway for Email Servers, visit the Security Gateway product page for an overview of its features, or visit the Download page to download a free trial!

Security Gateway Hosted/Cloud services are also available.

Summer Savings Going on Right Now!

I’ve got some exciting news! Summer is the season of savings, and this month, you can save big bucks on MDaemon Email Server and Security Gateway for Email Servers products!

During the entire month of August, we’re offering 15% OFF the price of NEW MDaemon and 15% OFF Security Gateway for Email Servers (NEW, Renewal, and Upgrades).

MDaemon and Security Gateway both ranked high in G2 Crowd’s summer reports for user satisfaction. Compare them with your current email or gateway solution, or download a free trial to get started!