Why Passwords May Not Keep Your Email Safe

Two-factor Authentication using phone pin and passwordWe live in an era where the amount of valuable data businesses must store is increasing at an unprecedented pace. Consequently, the number of “bad guys” trying to gain access to that data is also increasing, and hackers have some pretty sophisticated tools at their disposal to try to force their way into your data. They use a variety of tactics, including social engineering, brute force attacks and dictionary attacks, among others.

The problem is made worse by the prevalence of weak passwords. Did you know that, even in 2017, one of the most common passwords is 12345678? In an experiment conducted in 2013, with the help of a list of hashed passwords obtained online, hackers were able to crack about 90% of a list of over 16,000 passwords.

Passwords are not just vulnerable to external threats. They must be protected from internal threats as well. Have you ever written down a password on a piece of paper, and then thrown it in the garbage? Have you ever discarded an old hard drive without destroying it? If this information gets in the wrong hands, it can lead to severe financial loss for a company, and damage to its reputation.

Passwords and usernames belong to one of three types of identification data:

  1. Something you know
  2. Something you own
  3. Something you are or do (such as a fingerprint or other biometric element)

Passwords and usernames fall within the category of “something you know.” The three items listed above are considered factors of authentication, so when only one type of data is used to log into a system (such as a username and password), you are using a single factor of authentication.

Passwords alone are often not enough to protect your data against increasingly sophisticated attacks. Requiring a second factor of authentication can drastically reduce data theft.

Two-factor authentication is not a new concept. In fact, most of us already use it in other ways besides accessing our email. Here are some examples of two-factor authentication that many of us already use daily:

  • An ATM card (something you own) and a PIN (something you know)
  • A credit card (something you own) and a zip code (something you know)
  • A phone (something you own) and a fingerprint (something you are)

MDaemon includes two-factor authentication for WorldClient, MDaemon’s webmail client. With two-factor authentication, users must provide two forms of authentication – a password and a unique verification code that is obtained via any client that supports Google Authenticator (available in the Google Play store).

Two-factor authentication has many benefits:

  • It provides an extra layer of defense when a password isn’t strong enough.
  • It reduces online identity theft, phishing, and other techniques because a victim’s password isn’t enough to gain access to his or her data.
  • It helps companies in finance, health care, and other industries comply with PCI, HIPAA and other regulations.
  • It makes working remotely safer.

In this video, we demonstrate how to enable and use two-factor authentication in MDaemon and WorldClient.

If you’re concerned about privacy and security, two-factor authentication provides extra protection for your data. Download the latest version of MDaemon to take advantage of this extra security!

Introducing SecurityGateway 5.0, with New Location Screening, Terms of Service Agreements, and More!

SecurityGateway provides businesses with additional layers of email security for their mail server. Developed with over 20 years of email security expertise, SecurityGateway is loaded with anti-spam, anti-abuse, and anti-malware features, as well as email encryption, data leak prevention, and more. With our latest release, SecurityGateway 5.0, businesses can benefit from the following new features.

Block Traffic from Specific Countries with Location Screening

Location Screening, a feature that was also recently introduced in MDaemon, allows administrators to block email from specific countries. This is useful if you don’t have users in certain regions. By default, all email traffic is blocked, but if you prefer to only block authentication attempts from these regions, you can simply check the box to block these attempts.

Block connections by country with Location Screening
Block connections by country with Location Screening


Enhanced Compliance Options with Terms of Service Agreement

In order to assist administrators with compliance to laws such as the General Data Protection Regulation in the EU, administrators can now add a terms of service statement which must be accepted by the users each time they login.

Terms of Use Agreement
Terms of Use Agreement


Download Message in Readable Format from Within the Logs

When viewing the message logs, administrators can now download a message in EML format by clicking on a link in the log. These EML messages can then be viewed in various email clients.

Download EML File
Download EML File

These are the main highlights. For a complete overview of new features & enhancements, click here to view the latest release notes, or click here to download SecurityGateway.

Questions? Comments? Let us know!

MDaemon 17.5.1 is Now Available – with Improved Logging for Let’s Encrypt, WorldClient Enhancements, and More!

Today, we released a minor update to MDaemon – MDaemon 17.5.1. This update includes various minor improvements, including:

  • Improved logging for Let’s Encrypt.
  • Defaults for the Dynamic Screening settings have been changed. Account freeze is off by default and fewer notifications are enabled.
  • Enhanced WorldCient Instant Messenger chat room experience to prevent spoofing.
  • When using the WorldClient and LookOut themes, users can now display their saved searches in the Favorites folder list.

These are just a few highlights. For a complete rundown of all new features & enhancements, visit our Downloads page to to view the MDaemon release notes or to download MDaemon.

Block Hackers from Guessing Passwords with MDaemon’s Improved Dynamic Screening

If you have an email account (and in 2017, you probably have more than one), you are a target. More specifically, your email password is a target and a coveted prize for hackers. And let’s face it – hackers are not going away anytime soon. Because the barriers to entry are so low and the potential payoffs so large, hackers are more motivated than ever to try to steal your login credentials. As an MDaemon administrator, you are tasked with making sure your users use strong passwords, but here are a few things to consider when evaluating your password & security policies:

  • People often reuse passwords.
  • People tend to use the same password across multiple sites.
  • Hackers have access to a variety of password-generating tools that are freely available on the Internet.
  • Automated systems installed in botnets can crack complex passwords in a matter of minutes.
  • Password dictionaries reduce the effectiveness of password complexity policies.

To address these threats, MDaemon’s new Dynamic Screening features can be configured to track authentication failures for all protocols, including SMTP, POP, IMAP, WorldClient, and ActiveSync (among others). When a specified number of authentication attempts from a given IP address fail in a designated period of time, subsequent connections from the IP are blocked for a specified period of time. The affected email account can also be frozen – meaning the mailbox can collect mail, but the user cannot login to check email or send out email messages.

Watch our latest tutorial video to learn more!

In the event that a hacker or spammer still manages to guess an account’s password, MDaemon’s Account Hijack Detection feature will disable or freeze the account after a specific number of messages have been sent from an authenticated session in a given timeframe.

Do you have questions or comments? Let us know via the Comments section!

Block Incoming Connections by Country with MDaemon’s New Location Screening Feature

Block connections by country with Location Screening
Block connections by country with Location Screening

As I announced recently in this post, MDaemon 17.5 has been released, with new security and collaboration features. One feature that our users will find particularly useful is the new Location Screening feature, which allows administrators to block incoming connections from specific countries. When you consider the scale and widespread distribution of global threats, blocking connections by country can provide the following benefits:

New spam domains, email zombies & phishing sites pop up all over the world every day. In fact, Cyren’s World Threat Map displays a handy visual representation of newly-discovered threats in real-time.

So if you know your company does not do business with certain countries, you can add these locations to MDaemon’s Location Screening feature and stop all traffic from these countries.

In previous versions of MDaemon, the best way to block connections by country was to use the DNS-BL feature, but with MDaemon 17.5, a new, intuitive check-box screen was added.  In this tutorial video, I show you how easy it is to configure Location Screening in MDaemon.

Do you have questions or feedback? If so, click on the “Leave a Comment” link under the title of this post & let us know!

Outlook Connector 5.0 Adds New Control & Reporting Features

In addition to all of the new security & collaboration enhancements introduced in MDaemon 17.5, our latest release of Outlook Connector adds additional control for administrators as well as configuration reporting for end users.

Allow or Block Certain Third-Party Outlook Add-ins to Improve Performance

With the wide variety of Outlook add-ins that users can install, one common challenge is making sure these add-ins don’t negatively impact Outlook performance. Beginning with MDaemon 17.5 and Outlook Connector 5.0, administrators can control which add-ins are enabled or disabled on client machines.

Administrator Control of Outlook Add-Ins
Administrator Control of Outlook Add-Ins

New Outlook Connector Features for End Users

Generate an Outlook  Configuration Report to Assist with Support Requests

When submitting an Outlook Connector support request, it is helpful for our support staff to know as much as possible about the Outlook configuration settings on the client computer. Beginning with Outlook Connector 5.0, users can generate a configuration report containing information such as:

  • All Outlook Connector Profiles, including the email address plus the location and size of the local cache file
  • Information about when the Outlook Connector database was last compacted, and the size of the database
  • The current version of the Outlook Connector plug-in
  • Send/receive intervals
Outlook Connector - Generate Configuration Report
Outlook Connector – Generate Configuration Report

In addition to these major updates, we’ve included various minor fixes & enhancements. More information can be found in the release notes, or if you can download our free trial to start using Outlook Connector today!

New Security & Collaboration Features for MDaemon 17.5!

Our continued focus to make email safe and simple to use has resulted in some great new features in the most recent release of MDaemon 17.5. We’ve highlighted some of the features for email administrators and end users below. So, let’s have a closer look.

New MDaemon Features for Administrators

Stop Spam and Malware Sent from Specific Countries

Many email administrators want an easy way to block connections from specific countries that send spam and malware. New country screening settings allow administrators to block incoming SMTP, POP, and IMAP connections from designated countries. This benefits businesses by allowing them to block messages from countries with which they do not do business, and provides an extra layer of spam protection when certain countries are known sources of spam.

MDaemon Location Screening
Block incoming connections by country via the new Location Screening feature

Prevent and Set Alerts When Hackers Try to Access Your Email

MDaemon’s new Dynamic Screening features can be configured to track authentication failures for all protocols, including SMTP, POP, IMAP, WorldClient, and ActiveSync (among others). After receiving a specified number of failed authentication attempts from a given IP address in a designated period of time, subsequent connections from the IP are blocked for a specified period of time. This helps prevent further connection attempts and password guessing by hackers & spammers.

MDaemon Dynamic Screening & Authentication Failure Tracking
MDaemon Dynamic Screening & Authentication Failure Tracking

If you’re looking for the previous dynamic screening settings, they are still located under the Security Settings screen, but this screen has been renamed to SMTP Screen.

Flexible Filtering to Manage Messages

Administrators can set multiple IMAP filtering parameters based on the message size or the contents of any message header, and perform actions such as moving, deleting, forwarding, or redirecting the message.

Complex IMAP filters
Complex IMAP filters

Improving Server-Side Encryption Key Exchange

An option has been added that allows the process of exchanging public keys for OpenPGP to take place during the SMTP message delivery process. When this feature is enabled, authorized users will no longer need to manually send their public key to another user from whom they wish to receive encrypted email.

Automatic Encryption Key Exchange
Automatic Encryption Key Exchange

Improved Message Search Capabilities

A new Message Search page has been added to MDaemon Remote Administration, allowing administrators to search a single user’s messages based on keywords in the sender, recipient, subject, or attachment name. Searches can be performed on all messages, or only messages within a specified date range.

New Message Search for MDaemon Remote Administration
New Message Search for MDaemon Remote Administration

New MDaemon Features for End Users

Flexible Search Filters for Inbox Management

Improved search filters have been added to MDaemon’s web-based email (WorldClient) allowing users to specify filtering rules based on the message size or any message header. Message results based upon the filter criteria can be moved to another folder, deleted, forwarded, or redirected.

Complex filters for WorldClieint, MDaemon's web-based email client
Complex filters for WorldClieint, MDaemon’s web-based email client

Custom Buddy List Groups for Instant Messaging

WorldClient Instant Messenger users can now arrange their buddy lists into custom groups.

WorldClient Instant Messenger - Buddy List Grouping
WorldClient Instant Messenger – Buddy List Grouping

Adding Attachments to Calendars, Contacts, Tasks and Notes

Attachments can now be added to calendar items, contacts, tasks, and notes via WorldClient, Outlook (using Outlook Connector) or your favorite CalDAV or CardDAV client.  When scheduling a meeting, attachments added to calendar events will be sent to all meeting attendees.

Attachment Support for Meetings, Contacts, Tasks
Attachment Support for Meetings, Contacts, Tasks

Import and Export Groups/Distribution Lists to/from a Contact Folder

WorldClient users can now import and export groups/distribution lists to & from their Contacts folders. The ability to import groups allows users to avoid the extra steps needed to add group members individually.

Import Groups
Import Groups

Using Email Voice Memos

WorldClient’s new voice recorder allows users to record voice memos and attach them to email messages, save them to their WorldClient Documents folder, or save them to the desktop.

WorldClient Voice Recorder
WorldClient Voice Recorder

Simplified Folder Management Options

WorldClient users can now perform the following folder management tasks without having to go to the Options | Folders menu:

  • Move folders from one parent folder to another via drag & drop.
  • Add folders to Favorites via drag & drop.
  • Rename folders in the Favorites list by clicking on the folder name.
  • Show folders by type in the LookOut theme (previously only available in the WorldClient theme).
WorldClient Folder Drag & Drop
WorldClient Folder Drag & Drop

Export a Contact in vCard 4.0 Format

WorldClient users can now export individual contacts in VCard format, a file format standard for electronic business cards supported by a wide variety of email clients. VCards contain various details about a contact, including name, company name, email address, postal address, phone number, and additional comments. They can be downloaded locally or sent to a designated email address, and then imported into any email client that supports the VCard format.

WorldClieint - Export Contact in vCard Format
WorldClieint – Export Contact in vCard Format

Password Protected Chat Rooms

For added security, WorldClient Instant Messenger users can now chat with others via password protected chat rooms. When creating a new chat room via the WorldClient Instant Messenger application, simply enter the password that is required to join in the new Password field.

WorldClient Instant Messenger - Password Protected Chat Rooms
WorldClient Instant Messenger – Password Protected Chat Rooms

Other Enhancements

In addition to all of this, other improvements include:

  • By default, messages that cannot be scanned by SecurityPlus are quarantined. The antivirus quarantine exclusion settings have been improved. In previous versions, administrators could configure exclusions from antivirus scanning based on attachment file type. Now, administrators can also configure antivirus scanning exclusions based on the sender or recipient address.
  • When using the WorldClient theme, the look of WorldClient Notes has been updated. An option was added that allows users to change the color of the note by clicking on the note icon in the top left corner of the note.
  • When using the LookOut and WorldClient themes, WorldClient users can now search for attachment names using advanced search.

For more information please refer to the following resources:

MDaemon Release Notes
Click here to download MDaemon

If you’ve got questions or comments, let us know via the Comments link below!

Email Help for Texas & Louisiana Businesses Affected by Harvey

Hosted Email Help for Businesses Affected by Hurrican Harvey

Our hearts go out to all who have been impacted by hurricane Harvey. As a provider of email messaging software and services, we understand that many businesses have lost communications infrastructure, including their email services, which for many, are the primary channel of communication with customers. We want to help, so we are offering free, temporary email services for businesses who have experienced email disruptions due to Harvey.

Learn more about how we can help your business during this time of disruption:


MDaemon Has been Updated to Version 17.0.3

Update_stickyAs any software company knows, it’s important to listen to our customers and address any issues that may be reported. With this in mind, our development team has released MDaemon 17.0.3. This minor update includes various improvements to WorldClient Instant Messenger and other minor fixes.

Click here to read the release notes, and click here to download the latest MDaemon.

If you’re not yet an MDaemon user, you can find more product information here, and click here to compare us to your current messaging solution.

Do you have questions or comments? Let us know via the Comments section below!


Don’t Get Hit by the Whaler’s Harpoon

What is Whaling?Harpoon-Whaling

Chances are you’re familiar with the term Phishing, where scammers use social engineering tactics to get users to give up personal information such as financial data, Social Security numbers, or other highly confidential and valuable information. That email you received from the “IRS” asking for your Social Security number? Don’t fall for it!

You may have also heard of spear-phishing, a more targeted form of phishing where specific individuals on any staff level may be targeted. But are you aware of the dangers of whaling? No, I’m not talking about the kind that keeps marine conservationists up at night. I’m talking about phishing attacks that are highly personalized to target high level executives.

While phishing emails are sent out to multiple recipients in the hopes that one or more will fall for the scam, whaling emails are usually only sent to select individuals who have a great deal of influence in a company. They are designed to masquerade as critical business communications sent to someone of importance, such as a CEO or other business authority, in an attempt to get the recipient to give up personal or financial information. Often, these messages contain spoofed addresses claiming to come from someone within the company. It is also common for a whaling email to claim to be from the Better Business Bureau or FBI.

Many whaling emails will contain a link that installs malware or leads the user to a familiar looking website that will likely ask for your login information. What happens next is when the problems begin. You submit your username and password, and are told that your credentials are incorrect and that you should try again. Sounds pretty harmless so far, right? Behind the scenes, however, your information has already been captured, and you are then redirected to the legitimate website, where you are able to successfully login on your next attempt – completely unaware that you just submitted valuable information to a scammer. This is why we always stress that you never click on links in an email message unless you’re 100% certain that the message is legitimate and from the purported sender.

How do “Whalers” get past Spam Filters?

Cybercriminals often use similar domain names or free email addresses, pretending to be business executives. They are able to bypass many security measures because their messages often don’t include malware links or attachments. And because they don’t typically contain links, and are often more well-written than the standard phishing attack, they are able to slip past spam filters more easily.

Do Executives Really Fall for These Scams? The Scary Statistics on Whaling

Whaling works because people often fall for these scams. The following high-level cases illustrate how lucrative the whaling business is for scammers:

In the 2008 US District Court subpoena whaling scheme, 20,000 CEOs were targeted. Approximately 2000 of them fell victim to this scheme & clicked on the malicious link in the email, which led to a key logger that secretly recorded the CEO’s passwords. It then led to further hacking attacks on the affected companies, resulting in significant financial loss or damage to company reputation.

Here is an example of the fake subpoena email. It looks official to the untrained eye, but notice the From address, which uses the domain of uscourts.com. The official domain of the US Court system is uscourts.gov, not uscourts.com. Also, it’s worth noting that official court business is never sent via email.


In 2015, Mattel lost $3 million in a whaling scheme in which a finance executive responded to a bogus funds transfer request claiming to come from the company’s new CEO.

In the first quarter of 2016, 41 companies were hit with phishing attacks targeting employee tax records.

More recently, the CEO of an Austrian aircraft parts manufacturer was let go after the company lost €40.9 million ($48 million USD) to a whaling attack.

And earlier this year, a 48 year-old Lithuanian man was charged with attacks on Facebook and Google. In his high-profile phishing attacks, he used forged invoices, contracts, and letters that looked like they had been signed by a company whose name he had mimicked by registering a company in Latvia with a name similar to that of a legitimate Asian-based vendor.

How do I recognize a whaling email?

So how do you know when you’re being targeted in a whaling attack? Here are some common whaling identifiers to look for in inbound email messages:

  • Is the name of the sender the same as one of my user names?
  • Is the sending domain similar to one of my domains?
  • Is the domain well-established, or is it a newly-created domain used specifically for attack purposes?
  • Does the email contain common whaling keywords, such as wire transfer, payment, etc.?

An email containing just one of these characteristics may not necessarily be a threat. For example, if the CEO’s name is John Smith, an email from another John Smith might not raise any red flags, especially considering how common this name is. But if you receive an email from John Smith that has one or more of the other characteristics listed above, such as one containing a request for payment, then you should treat it with extra scrutiny.

Avoiding whaling attacks is the responsibility of both management staff and employees alike. Follow these tips to help protect your business from falling victim.

Educate Senior Management Staff

One of the reasons spear phishing and whaling are so effective is that they target named individuals in executive or financial positions within an organization, and they often appear to come from someone known and trusted by the recipient, such as a colleague. Clever social engineering techniques are used to reel in these “big fish.” Senior management, financial staff and employees in other key roles should be educated on the effects of whaling attacks and how to spot them. They should learn to recognize common characteristics of phishing attacks like spoofed sender addresses, requests for funds transfer, unrecognized attachments, and spoofed hyperlinks. Let’s look at a few examples.

Example: Sender registered a domain similar to the company’s domain.

As you can see in this example, the sending domain looks similar to a legitimate domain, but if you look further, the domain is one digit off from the real domain.


Example: Display Name spoofing.

Does the display name in the From field match the email address?  In this example, I know my bank does not own the “fakedomain.com” domain. This is an example of display name spoofing, which is very common.


Example: FROM address spoofing.

Another common spoofing technique is From address spoofing. Any spammer can spoof any email address, making it look like the message came from a legitimate source. This works because email messages contain two sets of addresses – the envelope address and the message header address. I’ll explain further using U.S. postal mail as an example.

When sending a letter via US Mail, the sender needs an envelope, the address of the intended recipient, and the contents of the message (e.g. message body or letter). The sender places the address of the intended recipient on the envelope, but the recipient’s address usually appears inside the envelope as well, usually at the top of the letter. The address on the envelope is where the letter is sent, not the address on the letter itself. Thus, these addresses can be completely different.

Email works in a similar way. Like U.S. Mail, email messages also have two sets of addresses – the envelope addresses, where the message is actually from and who it is addressed to, and the address in the message header, which is what the user sees in the To: and From: fields in the message. These addresses do not have to match for the message to be delivered. Most spam messages contain spoofed From (header) addresses.

In the following example, the message appears to come from john.smith@example.com, but closer examination reveals that it actually came from frank.thomas@example.com. Most mail servers and email security products should have mechanisms in place to detect this kind of spoofing, such as reverse lookups, SPF, DKIM and DMARC, but users should be aware of this common technique used by spammers.


Keep Personal Information Private

Scammers who want to steal your personal and financial information will look for publicly available information on social media and various other sites. Management staff should have as little personal information visible to the public as possible, including birthdays, interests, and friends and family. Social media users should review their privacy settings to ensure that this data remains hidden from the public.

Establish a Verification Process

If an employee receives an email requesting financial information, funds transfers, or other business-critical information that is not typically handled by email, verify the request from the sender via another channel such as a phone call. Companies should have documented processes on how these requests should be handled.

Protect against Data Leaks

Implement a software-based data loss prevention solution such as SecurityGateway that intercepts sensitive data and quarantines it before it has a chance to leave your network. Data Leak Prevention techniques scan email messages and attachments for highly sensitive information such as Social Security or Tax-ID numbers, bank account numbers, and passport numbers.

SecurityGateway for Email Servers

Questions or Comments?

Phishing and whaling scams have been going on for years, and they will continue as long as human nature dictates that people will fall for these scams. Don’t be the next victim. Arm yourself with the facts and your email infrastructure with the tools to avoid the whaler’s harpoons! If you have questions about our email safety recommendations, leave us a comment below!