As technical marketing specialist, I am responsible for maintaining the company's Twitter and Spiceworks (social networking for the IT community) presence. Responsible for delivering a complete software training solution to partners and customers.
Projects include design, creation, implementation and oversight of complete, interactive eLearning courses for MDaemon and SecurityGateway using Camtasia and Atrixware, and creation of all quick-start guides and training videos, providing live, web-based training for partners and distributors, and assisting others in the Marketing department with requests for technical guidance and idea generation on marketing-related website content and print deliverables. Provided on-premise training to approximately 60 colleagues at parent company (Research in Motion) headquarters in Waterloo, Canada, and gave live presentations at other company events, including BlackBerry World in Orlando, Florida.
MDaemon’s webmail client is loaded with a variety of features for organization, collaboration and security. As a daily user of MDaemon Webmail (I use it almost exclusively instead of my desktop email client), I like to keep important messages organized so I can find them later. This is made easy with message categories (in addition to follow-up flags). Within the MDaemon webmail client, you’ll find a variety of built-in categories, or you can create your own custom categories. Multiple categories can be assigned to a message, and messages can be arranged by category, keeping all of your important messages in one, easy-to-find place.
If you’re like me, you like shortcuts that make life easier when performing common tasks. For example, if you work in finance or accounting, wouldn’t it be nice to be able to pull up all emails with the word “invoice” with a single mouse click? Well now you can. With the latest release of MDaemon, we introduced search folders in MDaemon Webmail. This week’s 30-Second Email Tips video will walk you through the setup process.
Search folders were added in MDaemon 17.5.1. If you’re running an older version of MDaemon, you could be missing out on some great new features!
The real estate industry is a prime target for phishing because large sums of money change hands and there are various weak links in the transaction process. If any step within the transaction process becomes compromised with a successful phishing email, the attacker could gain access to a legitimate email address from which to launch other attacks. The fraudster could then lie in wait, scanning email messages for financial or transaction related details, and then send off fraudulent wire transfer instructions to an unsuspecting buyer, seller, or agent. For example, this happened to a 31 year-old first-time homebuyer in San Antonio, Texas. You can read details about this case here, but the short version of the story is that she felt that she was in a time crunch to send in her down payment and finalize other closing tasks, and felt that the title company was dragging its feet. This state of high anxiety made her a prime target for a phishing email she received stating that she had previously been given the wrong wire transfer information, and that she needed to wire her down payment to a new account. With 5 hours left to get everything done, she attempted to contact her title company to confirm the change, but no one responded, so in a panic, she hastily ran to the bank and wire transferred her $52,000 down payment. Unfortunately, she sent her life savings to scammers.
The phishing industry is so lucrative for scammers because the barriers to entry are low relative to potential huge payouts. With botnets-for-hire and Malware as a Service (Maas), spammers have an impressive arsenal of tools at their disposal to propagate their campaigns, so to fight this scourge, an educated user is the best defense against phishing scams. With this in mind, here are my top 10 tips on how to identify and protect yourself from phishing attacks.
Watch out for messages disguised as something expected, like a shipment or payment notification. These often contain links to malware sites. Hover your mouse over any links to make sure they’re safe. Think before you click! Here’s an example using a phishing email I received claiming to come from HSBC.
Watch for messages asking for personal information such as account numbers, Social Security numbers, and other personal information. Legitimate companies will never ask for this over email.
Beware of urgent or threatening messages claiming that your account has been suspended and prompting you to click on a link to unlock your account.
Check for poor grammar or spelling errors. While legitimate companies are very strict about emails they send out, Phishing emails often contain poor spelling or grammar.
Hover before you click! Phishing emails often contain links to malware sites. Don’t trust the URL you see! Always hover your mouse over the link to view its real destination. If the link claims to point to a known, reputable site, it’s always safer to manually type the URL into your browser’s address bar.
Check the Greeting – Is the message addressed to a generic recipient, such as “Valued customer” or “Sir/Madam?” If so, be careful & think twice! Legitimate businesses will often use your real first and last name. In our HSBC example, notice the generic greeting.
Check the Signature – In addition to the greeting, phishing emails often leave out important information in the signature. Legitimate businesses will always have accurate contact details in their signature, so if a message’s signature looks incomplete or inaccurate, chances are it’s spam. In our HSBC example, the sender’s name and contact information are missing from the signature.
Don’t download Attachments – With the proliferation of Ransomware as a Service (Raas), spammers have an easy mechanism for distributing malware-laden spam messages to thousands of users. And because the payout for ransomware can be quite high, even one successful ransomware infection could net the spammer large amounts of money. If there’s ANY doubt about the identity of the message sender or the contents of an attachment, play it safe and don’t download the attachment.
Don’t trust the From address – Many phishing emails will have a forged sender address. The From address is displayed in two places. The Envelope From is used by mail servers to generate NDR messages, while the Header From is used by the email client to display information in the From field. Both of these headers can be spoofed. MDaemon Webmail has built-in security features to help users identify spoofed emails. Many mail clients hide the From address, only showing the From name, which can be easily spoofed. In MDaemon Webmail, the From address is always displayed, giving users a clearer view into the source of the email and helping them identify spoofed senders. Using our HSBC example, I’ve highlighted the actual sender.
MDaemon Webmail will also display information in the Security tag to help users identify messages from verified senders, as shown here.
Don’t Enable Macros – And while we’re on the subject of ransomware, another common vector for ransomware infections is through macros in Microsoft Word documents. These documents often arrive in phishing emails claiming to have important content from HR, Finance, or another important department, and to trick the user, they request the user to enable macros. Never trust an email that asks you to enable macros before downloading a Word document.
While anti-spam and anti-malware tools are quite effective at filtering out the majority of scams, there’s really no substitute for good old-fashioned user education. Know the potential costs to your business and don’t become the next victim!
If you’re the MDaemon or SecurityGateway administrator and need help with your security settings to help block as much phishing as possible before it reaches your users, give us a call or drop us an email support request.
If you’re what most would call a “power user,” then you may be used to using keyboard shortcuts. If you’re used to the keyboard shortcuts of another client, such as Outlook, Thunderbird or Eudora, MDaemon’s webmail client has a feature that allows you to continue using those shortcuts. So if you’re used to using Shift+P to print (which is an Outlook shortcut), then all you need to do in MDaemon’s web-based email client is go to the Options menu & select Personalize. Then select your preferred option in the Keyboard Shortcuts drop-down menu, as shown here:
More information on this feature can be found in the following page from our online manual:
If you have questions or comments about this feature, let us know! If you’re not an MDaemon user, but would like to learn more about its features, visit the MDaemon product page and have a look around!
One of the most common complaints of Outlook users is slow performance. We all know how frustrating it is when you launch Outlook, and right away, it freezes or takes a long time to start up, or when the Send/Receive process takes too long. Message search can also slow to a crawl.
So what causes Outlook to behave like this? The most common cause is having a mailbox that’s too large. This problem is so common because many users like to save every email they send and receive over time, resulting in a mailbox that’s bloated and out of control.
The solution is to implement an archiving solution such as MailStore, and configure message deletion rules so that archived messages are removed from the mailbox after a given period of time.
Whether you use POP (MailStore can archive PST files, too), IMAP, ActiveSync, or Outlook Connector, reducing the amount of data stored in user mailboxes improves Outlook performance by lowering the amount of data that it has to process on the server. While this can improve Outlook load times, it has the added benefit of improving mail server performance.
In addition to improving Outlook performance, archiving has these benefits for administrators:
Reduced storage requirements on the mail server
Improved mail server performance
Simplified backup & restore processes
Elimination of mailbox quotas
Elimination of PST files
Less reliance on users adhering to email retention guidelines
Adherence to compliance regulations
Prevent users from deleting email messages
Check out this post for more details on these other benefits of archiving.
Would you like to learn more about MailStore and how it can improve Outlook performance and help your business? Then visit our website and download your free trial!
You’ve probably heard that the vast majority of all email traffic is spam, but did you know the volume of spam as a percentage of all email traffic has gone down over the years? In April of 2014, spam made up almost 70% of all email traffic. The most recent records show spam at about 59% of all email traffic. While these numbers are down slightly, they are still quite significant, and thus email providers need to be armed with a variety of tools to combat spam.
For email administrators, one of the challenges of fighting spam is balancing tasks performed by the administrator with tasks that users can perform to take some of the workload from administrators. With SecurityGateway’s quarantine management features, users can be granted permissions to manage their own quarantines.
SecurityGateway can be configured to handle spam in various ways. Messages can be refused, quarantined, or accepted, and their spam scores can be adjusted accordingly. When messages are quarantined and held on the server, the administrator can determine whether, and how often, to send the user an emailed quarantine summary report. The administrator can also grant users permissions to view and manage their own quarantine folders in the SecurityGateway interface. The quarantine summary email allows users to release the message from quarantine, and whitelist or blacklist the sender. When the quarantine is viewed in the SecurityGateway interface, users have additional options, such as the ability to feed messages to SecurityGateway’s Bayesian spam learning engine. Giving users the ability to manage their own quarantines allows administrators to focus on other tasks.
We generally recommend using the Bayesian feature to mark a message as spam, rather than blacklisting the sender. Thus, to avoid any confusion, we’ve put together the following best practices guide on quarantine management in SecurityGateway.
We live in an era where the amount of valuable data businesses must store is increasing at an unprecedented pace. Consequently, the number of “bad guys” trying to gain access to that data is also increasing, and hackers have some pretty sophisticated tools at their disposal to try to force their way into your data. They use a variety of tactics, including social engineering, brute force attacks and dictionary attacks, among others.
Passwords are not just vulnerable to external threats. They must be protected from internal threats as well. Have you ever written down a password on a piece of paper, and then thrown it in the garbage? Have you ever discarded an old hard drive without destroying it? If this information gets in the wrong hands, it can lead to severe financial loss for a company, and damage to its reputation.
Passwords and usernames belong to one of three types of identification data:
Something you know
Something you own
Something you are or do (such as a fingerprint or other biometric element)
Passwords and usernames fall within the category of “something you know.” The three items listed above are considered factors of authentication, so when only one type of data is used to log into a system (such as a username and password), you are using a single factor of authentication.
Passwords alone are often not enough to protect your data against increasingly sophisticated attacks. Requiring a second factor of authentication can drastically reduce data theft.
Two-factor authentication is not a new concept. In fact, most of us already use it in other ways besides accessing our email. Here are some examples of two-factor authentication that many of us already use daily:
An ATM card (something you own) and a PIN (something you know)
A credit card (something you own) and a zip code (something you know)
A phone (something you own) and a fingerprint (something you are)
MDaemon includes two-factor authentication for WorldClient, MDaemon’s webmail client. With two-factor authentication, users must provide two forms of authentication – a password and a unique verification code that is obtained via any client that supports Google Authenticator (available in the Google Play store).
Two-factor authentication has many benefits:
It provides an extra layer of defense when a password isn’t strong enough.
It reduces online identity theft, phishing, and other techniques because a victim’s password isn’t enough to gain access to his or her data.
It helps companies in finance, health care, and other industries comply with PCI, HIPAA and other regulations.
It makes working remotely safer.
In this video, we demonstrate how to enable and use two-factor authentication in MDaemon and WorldClient.
If you’re concerned about privacy and security, two-factor authentication provides extra protection for your data. Download the latest version of MDaemon to take advantage of this extra security!
SecurityGateway provides businesses with additional layers of email security for their mail server. Developed with over 20 years of email security expertise, SecurityGateway is loaded with anti-spam, anti-abuse, and anti-malware features, as well as email encryption, data leak prevention, and more. With our latest release, SecurityGateway 5.0, businesses can benefit from the following new features.
Block Traffic from Specific Countries with Location Screening
Location Screening, a feature that was also recently introduced in MDaemon, allows administrators to block email from specific countries. This is useful if you don’t have users in certain regions. By default, all email traffic is blocked, but if you prefer to only block authentication attempts from these regions, you can simply check the box to block these attempts.
Enhanced Compliance Options with Terms of Service Agreement
In order to assist administrators with compliance to laws such as the General Data Protection Regulation in the EU, administrators can now add a terms of service statement which must be accepted by the users each time they login.
Download Message in Readable Format from Within the Logs
When viewing the message logs, administrators can now download a message in EML format by clicking on a link in the log. These EML messages can then be viewed in various email clients.
If you have an email account (and in 2017, you probably have more than one), you are a target. More specifically, your email password is a target and a coveted prize for hackers. And let’s face it – hackers are not going away anytime soon. Because the barriers to entry are so low and the potential payoffs so large, hackers are more motivated than ever to try to steal your login credentials. As an MDaemon administrator, you are tasked with making sure your users use strong passwords, but here are a few things to consider when evaluating your password & security policies:
People often reuse passwords.
People tend to use the same password across multiple sites.
Hackers have access to a variety of password-generating tools that are freely available on the Internet.
Automated systems installed in botnets can crack complex passwords in a matter of minutes.
Password dictionaries reduce the effectiveness of password complexity policies.
To address these threats, MDaemon’s new Dynamic Screening features can be configured to track authentication failures for all protocols, including SMTP, POP, IMAP, WorldClient, and ActiveSync (among others). When a specified number of authentication attempts from a given IP address fail in a designated period of time, subsequent connections from the IP are blocked for a specified period of time. The affected email account can also be frozen – meaning the mailbox can collect mail, but the user cannot login to check email or send out email messages.
Watch our latest tutorial video to learn more!
In the event that a hacker or spammer still manages to guess an account’s password, MDaemon’s Account Hijack Detection feature will disable or freeze the account after a specific number of messages have been sent from an authenticated session in a given timeframe.
Do you have questions or comments? Let us know via the Comments section!