Restricting Message Size for Everyone Except a Select Few Users in MDaemon

Recently, one of our customers asked the following question:

“How do I restrict messages to 2MB for inbound and outbound mail – for all users except a small group of users?”

In MDaemon, this can be done via the Content Filter (located under the Security menu). Simply follow these easy steps:

  1. Add the users who will not be subject to the size restriction to a group via Accounts | Groups & Templates.
  2. Go to Security | Content Filter and create a new rule.
  3. In the left-hand “Conditions” column, check the box “If MESSAGE SIZE is greater than.”
  4. In the right-hand “Actions” column, check the box “DELETE the message”, and also check the box “Send a NOTE 1 to.”
  5. In the bottom section, click on the blue text “is greater than 10K” and enter a value in KB (2000 KB, for example), and then click OK.
  6. Click on the blue text “Specify Information” next to “and send note 1.”
  7.  In the new window, enter $SENDER$ in the To field, adjust the subject if desired, and enter a message in the main window, such as “Sorry, your message has exceeded the allowed size limit.”
  8. Click OK to save your progress.
  9. Give your new rule a name in the “Name this rule” field at the top, and click OK to save the rule.
  10. Now, we need to create a new rule to skip the size limit rule for members of the group we created in Step 1. Click on New Rule.
  11. Give your rule a name.
  12. In the left-hand “Conditions” column, check the boxes “If SENDER is a member of GROUP” and “If RECIPIENT is a member of GROUP.”
  13. In the box below, click on the blue “specific group name” text for each item, and select the group you created in Step 1. Do not change the word “or” to “and.”
  14. In the right-hand “Actions” column, check the box “SKIP the next ‘n’ rules.”
  15. Click the blue text “Specify Information” in the bottom section, and verify that it has “1” specified under “Skip over how many rules?”
  16. Click OK.
  17. Save your new rule.
  18. Back on the main Rules screen, highlight the last rule you created, and click the “Move up” button to move it above the size limit rule we created previously.
  19. Click OK to exit the content filter.
Here are screenshots of these rules:

Screen1

Screen2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

As a reminder, you can view our webinars and tutorial videos on our YouTube channel. Is there a topic you’d like to learn more about? Let us know in the comments section below!

 

 

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

10 Ways to Reduce Spam in Your Inbox

SpamBefore the invention of email, mail that arrived in your physical mailbox often contained pamphlets, sales brochures, credit card offers, and product catalogs. Much of this waste was thrown away and ended up in a landfill somewhere. Today, the equivalent and often more annoying nuisance is spam. Spam comes in many forms. Some examples include dubious product claims, miracle supplements, conspiracy theories, and offers of easy money.

Spam statistics are staggering. More than 100 billion spam messages are sent every day, representing around 85 percent of global email traffic.

So what can be done about this spam epidemic? There are numerous spam fighting tools in MDaemon and other mail servers, but server-side tools are only half of the spam-fighting equation. The other half is user education. With this in mind, here are 10 things users can do to reduce the amount of spam they receive.

  1. Unsubscribe – How often have you been asked by a store clerk for your email address or placed an order online? In either of these situations, chances are you may have ended up on a company’s mailing list. When you receive email from these companies, take the time to open the message and click on the Unsubscribe link. But first, make sure the email is in fact coming from a reputable company. If you’re not completely sure where the email came from, then report the message as spam instead of unsubscribing.
  2. Create a secondary email account – While we’re on the topic of retailers having your email address, you might also consider having a second email address that’s used solely for the purpose of store records or placing orders. This allows you to keep solicitations from these vendors out of your primary inbox.
  3. Keep your email address private – If your email address is visible on social networking sites like Facebook or Twitter, then it’s also visible to spammers. Spammers have tools that can easily detect visible email addresses and add them to their mailing lists. This is why it’s often recommended that, if you MUST use your email address on one of these sites, you mask it by changing its format. For example, type out “at” instead of using the “@” symbol.
  4. Before you join a list, make sure the list owner cannot sell your email address – If the list you’re joining has a privacy policy, read it thoroughly and make sure your information cannot be sold to a third party.
  5. Don’t reply to ANY spam or unsolicited marketing messages – Most spam messages use forged sender (return-path) addresses, so replying to a spam message will almost never result in the spammer getting your message. Replying to legitimate marketing messages tells the sender that your email address is valid, and thus, they may continue to send you spam.
  6. Never click on links – Often, when you click on a link in a spam email, it specifically identifies you to the spammer as having received the message. Not only can clicking links in spam messages identify you to the spammer; you can also end up getting infected with malware.
  7. Block Images – Even if you don’t click any links, an image opening in your email can alert spammers to a valid address. Spammers often try to be stealthy by inserting images that are only one pixel wide. If your mail client is configured to automatically open images, spammers can be alerted that your email address is valid. We recommend configuring your email client to automatically block images to reduce spam. You can always choose to view images in specific emails if you are sure the sender and content are legitimate.
  8. Make your email address unique – Spammers often use common names to try to guess email addresses. If your email address is unique, it makes it harder for spammers to guess your email address.
  9. Don’t fall for scams – If you receive an anonymous email from someone who appears to be in dire need, who promises you large sums of money for your small up-front investment, you may be witnessing the familiar Nigerian email scam, or one of many other variants. What are the odds that someone you’ve never met, who’s in a desperate situation, would contact you for help? Don’t fall for this scam.
  10. Never forward email from someone you don’t know – I often see email messages with some type of public service announcement, petition, or other bit of advice, and often, there’s a request to forward the message to your friends. Don’t fall for this, as it’s a prime opportunity for spammers to harvest email addresses.

Blocking junk email is not just the job of the mail server administrator. A well-informed email user can mean the difference between spam that is manageable and spam that is out of control. These ten tips will help you reduce spam, and help prevent you from becoming a victim to phishing or malware.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Encryption Options for Keeping Your Private Email Messages Safe

Email encryption options with MDaemonIs your company prepared for the next big data breach? According to a study by Ponemon Institute, which surveyed 567 executives in the United States on how prepared they think their companies are to respond to a data breach, the following findings were made:

  1. Most respondents believe their companies are not prepared to deal with the consequences of a data breach.
  2. Most companies have data breach response plans, but they are ineffective.
  3. Data breach response plans are often not effective because they are not reviewed in a timely manner.
  4. Data breach detection technologies are rarely deployed.

Also, consider these startling enterprise email security statistics from Virtru’s blog:

  1. 87% of senior managers upload business files to a personal email or cloud account.
  2. Email malware creation is up 26% year over year, with 317 million new pieces of malware created in 2014.
  3. Hackers targeted 5 out of 6 large companies using email attacks last year — an annual increase of 40%.
  4. Cybercrime has a 1,425% ROI.

With the proliferation of data theft and compromised systems, more companies are addressing data privacy concerns via a renewed focus on security and encryption technology.

To address these data privacy and security concerns, MDaemon administrators and users have three options for keeping confidential email messages and attachments secure – SSL/TLS, Virtru, and OpenPGP. When an email message is sent, SSL or TLS is used to encrypt the connection from the mail client to the server or from the sending mail server to receiving mail server. Virtru provides end-to-end message and attachment encryption, and OpenPGP provides server-side encryption and key management as well as client-side encryption (when used with an OpenPGP plug-in on the mail client).

Encrypting the Connection with SSL or TLS

When you use POP or IMAP to retrieve your email messages, your username and password are transmitted in clear-text across the internet. This means that anyone using the same network or wireless connection as you, or anyone who has access to internet traffic at your ISP, can potentially intercept your data and read your login credentials. A hacker with malicious intent can then read your email, steal confidential information, or send out thousands of spam messages from your account. Your email credentials are valuable to spammers because the success rate of their solicitations is much greater than if they had simply forged the return-path of the message (which is characteristic of most spam messages).

One method for preventing hackers from being able to “sniff out” private data that’s in transit over the network is to use SSL or TLS. SSL and TLS are methods for encrypting the connection between two mail servers (SMTP) or between the mail server & mail client (POP & IMAP). In other words, the communication channel is encrypted – not the email message itself. A good explanation of SSL can be found here: https://www.digicert.com/ssl.htm

Normally, SMTP traffic is sent from client-to-server or server-to-server over port 25, but if you’d like the SMTP connection to be encrypted using SSL, by default you can configure your mail client to send outbound SMTP traffic over port 465, and you can also configure MDaemon or SecurityGateway to use port 465. Likewise, the default POP3 SSL port is 995, and the default IMAP SSL port is 993.

This knowledge base article contains instructions for configuring SSL features for SMTP, POP, and IMAP for MDaemon.
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=841

This knowledge base article explains how to configure SSL features for SMTP & HTTP in SecurityGateway:
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=481

When SSL or TLS is used, the data itself is not encrypted, but the connection is. If you’d like the data itself to be encrypted, then continue reading for how to encrypt email messages and attachments using Virtru and OpenPGP.

Client-Side Message & Attachment Encryption with Virtru

While SSL & TLS encrypt the connection, Virtru (included with MDaemon) encrypts the actual email message. Virtru provides end-to-end encryption – meaning the message is encrypted on the sending client and decrypted on the receiving client. Messages encrypted via Virtru are stored in their encrypted state on the server and cannot be decrypted without the proper keys. Virtru is included with MDaemon.

Click here for more information on Virtru.

Server-Side Message & Attachment Encryption with OpenPGP

With OpenPGP, messages are encrypted on the server, but they can also be encrypted on the mail client if an OpenPGP plug-in has been installed. The MDaemon administrator enables the OpenPGP features, creates public & private keys for users, and selects users who are allowed to use OpenPGP. Use the MDPGP configuration screen (located under the Security menu) to configure automatic encryption & key exchange, encryption key size and expiration, and to import keys. You can also create content filter rules to encrypt messages that meet specific criteria using OpenPGP.

This knowledge base article contains step-by-step instructions for enabling MDaemon’s OpenPGP features, configuring who can use it, and creating public & private keys for users.

Are These Features Easy to Use?

SSL and TLS are enabled by simply enabling the SSL ports on the mail server and configuring your mail client to use the SSL ports.

With Virtru, you’re up and running by simply enabling the feature in WorldClient. When you enable Virtru in WorldClient, your request is first sent to Virtru for processing. Within seconds, you’ll receive a pop-up message indicating that Virtru is now ready to start encrypting and decrypting your messages and message attachments. It’s that simple!

And for OpenPGP, options are available to help automate the encryption, decryption, and key import/exchange processes.

Conclusion

To recap, SSL & TLS can be used to help prevent eavesdropping on your email communication channel by encrypting the connection, while Virtru & OpenPGP can be used to help keep your email messages safe from unauthorized access by encrypting the actual email messages and attachments. Together, these security measures help to ensure that your confidential business data remains safe from unauthorized access.

Are you ready to ensure your important business communications are safe from prying eyes? Then download MDaemon and get started with SSL, Virtru, and OpenPGP!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Get Aggressive at Fighting Spam by Re-training the Bayesian Learning Process in MDaemon

Fight spam with Bayesian Learning in MDaemon

In certain situations, it may be necessary to retrain your Bayesian Learning database. This can be necessary when spam messages are inadvertently placed in the Bayes non-spam folder, or when non-spam messages are placed in the Bayes spam folder.

To reset your Bayesian Learning and start training it again from scratch, you can perform the following steps:

1. Stop the MDaemon service.
2. Verify that the MDaemon executables (MDaemon.exe, CFEngine.exe, MDSpamD.exe, WorldClient.exe) have all exited memory using Windows task manager.
3. Rename the folder “/MDaemon/SpamAssassin/Bayes/” to”/MDaemon/SpamAssassin/Bayes.old/”
4. Re-launch MDaemon.
5. Go to Security | Spam Filter | Bayesian Classification, then click on the Learn button.

At this point, MDaemon recognizes that the Bayes folder isn’t there when the learn process is triggered, so it builds a new Bayes folder.

You will then need to feed Bayesian learning at least 200 spam and 200 non-spam messages (although the more the better) to start the Bayesian learning process again. Here is a knowledge base article on training the Bayesian learning process in MDaemon.

The Bayesian learning engine won’t process new messages until the administrator has taught it 200 spam and 200 non-spam messages. So even if an administrator were to manually press the Learn button OR have MDaemon learn automatically at midnight, the Bayesian engine  wouldn’t apply itself to new messages even though the new folder is created.

Once MDaemon recognizes that Bayesian learning has learned more than 200 spam and 200 non-spam messages, it will start applying what it has learned to new messages.

You can run a script to determine how many messages the Bayesian filter has learned from. This will come in handy for administrators who need to know how many more messages to feed the Bayesian filter. This process is explained in this knowledge base article.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Outlook Connector Performance Tips

With the recent release of Outlook Connector 4.0, I wanted to review with you some guidelines for improving the performance of Outlook Connector. Outlook’s performance is affected by many things, including the amount of data it has to keep track of, any add-ons that are installed, how often it checks for new mail, and various other factors. The following guidelines will help ensure you get the best performance out of Outlook when using Outlook Connector.

  1. With each new version of Outlook Connector, various performance enhancements are made, thus, we recommend using the latest version of Outlook Connector on the MDaemon server and the latest Outlook Connector plug-in on each client. On the MDaemon server, you can check the version of Outlook Connector that’s installed by navigating to Help – View the release notes for your version of Outlook Connector. Users can verify their version of the Outlook Connector plug-in by clicking on the “About” tab on the Outlook Connector toolbar in Outlook. Click here to download the latest version of Outlook Connector. On this page, click on the “Download Now” button to download Outlook Connector on the server. There are also links to download the 32-bit and 64-bit versions of the Outlook Connector client.
  2. We recommend using Outlook Connector with MDaemon 14 and above. Newer versions of MDaemon also have various performance enhancements. You can get the latest version of MDaemon here.
  3. We recommend disabling all Outlook Add-ins except the Outlook Connector plug-in. In Outlook 2016, 2013 & 2010, add-ins are located under File – Add-ins. In Outlook 2007, they’re located under Tools – Trust Center – Add-ins.
  4. Regular defragmentation of the MDaemon server’s hard disk is recommended. Server performance can be further improved by reducing the amount of logging MDaemon is doing (Setup – Server Settings – Logging – Settings) along with moving the Logs folder and User, Public and Queues folders to a physically separate disk. When moving logs, queues, or public folders to a separate drive, simply map a drive letter to the drive, then update the Directories section of the MDaemon.lni file (located in the MDaemon/App directory) with the new path to these directories.

    MDaemon directories
    Where MDaemon stores mail, queues, logs, etc.
  5. We recommend periodically purging and compacting the Outlook Connector database file (local cache). Follow these steps to compact the local cache file:
    1. Make sure Outlook is shut down, and navigate to the Windows control panel.
    2. Click on the Mail control panel.
    3. Click on Email Accounts.
    4. Double-click on your Outlook Connector account.
    5. Click on the Database Management tab.
    6. Locate the Purge Database section and click on the Purge button.
    7. Locate the Compact Database section, and click on the Compact button. You can also check “Compact database on Outlook shutdown” to compact the database each time Outlook is shut down.

      Outlook Connector Database Managemen
      Outlook Connector Database Managemen
  6. The local Outlook Connector cache file should be excluded from real-time scanning by third party desktop antivirus applications. By default, the local Outlook Connector cache is located at C:/Documents and Settings/-username-/Application Data/Alt-N/ Outlook Connector 4.x/ProfileName/account-name/User’sEmail@YourCompany.com.
  7. Outlook should only be configured to use HTML or Plain Text format for sending emails. Depending on the version of Outlook you are using, these settings can usually be found via Tools – Options – Mail Format tab. Outlook should not be configured to use Word as its email editor or to use Rich Text Format (RTF). Both of these methods result in emails which do not adhere to Internet standards.
  8. We recommend configuring Outlook Connector’s Send/Receive tab (located under the Account button in the Outlook Connector toolbar) to only check the Inbox folder for new items at each Outlook send/receive interval.
  9. Outlook Connector includes the option “Download Headers Only” under the Send/Receive tab of the Outlook Connector Client configuration screen. When this option is enabled, Outlook only downloads the information needed to show messages in the message list, and not the full content of each message. When you click on a message, the rest of the message is downloaded for viewing. Users may experience a slight delay in viewing messages in the preview pane when “Download Headers Only” is enabled because Outlook has to download the rest of the message when it is selected.
  10. We recommend configuring the Send/Receive schedule to check for new mail every 3 minutes.
  11. We recommend performing these housekeeping tasks regularly:
    1. Delete any email messages, calendar items, and contacts that are no longer needed.
    2. Empty the Deleted Items folder by right-clicking it and selecting Empty Folder.
    3. Delete unwanted items from the Sent Items folder.
    4. Move items out of the Inbox to other mail folders.
    5. Archive old messages. Mail server administrators can implement a server-wide archiving solution such as MailStore to help cut down on the amount of data stored in user mailboxes.

Following these guidelines will help ensure that Outlook Connector continues to run smoothly. For more information, please see our Outlook Connector how-to guides. As always, I’m available if you have questions!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Our eLearning Videos are Now Available on YouTube!

eLearningWould you like to brush up on your MDaemon or SecurityGateway skills? Well now you can, for free, on our YouTube channel! Topics for each course include:

MDaemon

  • Getting Started
  • Domain & Server Settings
  • Managing Accounts
  • Mailing Lists
  • Gateway Configuration
  • Security Settings
  • OpenPGP Encryption
  • WorldClient
  • Spam Filter Configuration
  • Mobile Device Management

SecurityGateway

  • Getting Started
  • Configuring Domains & Users
  • Mail Delivery & Filtering Settings
  • Spam Filter Configuration
  • Anti-Spoofing Tools
  • Anti-Abuse Tools
  • Server Maintenance

Click here to access the SecurityGateway tutorials.
Click here to access the MDaemon tutorials.

In the coming weeks, I will be updating these videos & adding new topics, so check back often for the latest eLearning lessons!

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Teach SecurityGateway to Recognize Spam

Recently, I wrote a post about teaching your MDaemon Inbox to recognize spam using the Bayesian learning feature. This feature helps to train the spam filter to be more accurate over time by feeding it samples of spam and non-spam messages. SecurityGateway also includes Bayesian learning features (in addition to many other security features designed to keep spam, viruses, malware and phishing attacks from hitting your mail server). Today, I’ll be explaining how to use these features to teach SecurityGateway how to get better at recognizing spam (false negatives – spam messages that were not filtered out) and non-spam (false positives – legitimate messages that were marked as spam).

Administrator Instructions

Administrators must first enable and configure Bayesian learning in SecurityGateway before users will be able to use it. Follow these steps to enable and configure Bayesian learning.

  1. Click on the Security tab, and then click on Heuristics & Bayesian under the Anti-Spam section.
  2. Make sure the first box, “Use heuristic rules and Bayesian classification to analyze messages” is checked. This setting basically turns the spam filter on and is enabled by default.
  3. Under “Location (all domains),” click on the link to configure SGSpamD. You can optionally select a domain in the drop-down menu at the top to configure these settings for a specific domain.

    Enable SGSpamD
    Enable SGSpamD
  4. Under the “Bayesian Classification” section, check the first box to enable Bayesian classification.

    Enable Bayesian Classification
    Enable Bayesian Classification
  5. By default, 200 samples of spam and 200 samples of non-spam are needed before Bayesian learning can take place. You can adjust this number in the blanks provided, but in most cases, this will not be necessary.
  6. By default, Bayesian learning takes place at midnight each night. You can select the second option under the “Bayesian Learning” section if you’d like to schedule Bayesian learning more frequently, at regular intervals. This is useful if you have a larger number of messages to learn from. You can also select the third option if you do not want Bayesian learning to run automatically based on a schedule. When this option is selected, you can use the link at the bottom of the Bayesian Learning section to perform Bayesian learning as needed.

    Bayes Schedule
    Bayes Schedule
  7. SecurityGateway needs to know where to find messages to be fed to the Bayesian learning engine. By default, messages are  placed inside the C:/Program Files/Alt-N technologies/SecurityGateway/BayesSpam and BayesHam directories. You can optionally use a different path mapped to a different drive to improve performance.

    Known Spam Directory
    Known Spam Directory
  8. In the following two blanks, enter the Spam and Non-Spam forwarding addresses. The default addresses are spamlearn and hamlearn, so if your domain is example.com, users can forward spam messages (as an attachment) to spamlearn@example.com to feed these messages to the Bayesian learning engine. This procedure is explained in greater detail later when we discuss how end users can submit spam and non-spam messages to the Bayesian learning engine.

    Spam Forwarding Addresses
    Spam Forwarding Addresses
  9. Most spam messages are relatively small, thus, you can place a size limit on messages to learn from by checking the box “Don’t learn from messages larger than” and entering a value (in bytes) in the blank blow. Placing a size limit on messages to learn from helps improve the performance of the Bayesian learning engine.

    Bayes Size Limit
    Bayes Size Limit
  10. You can automate the Bayesian learning process by enabling Automatic Bayesian Learning. By default, messages that score less than 0.1 are considered to be legitimate and only messages that score a 12.0 or above are considered to be spam for purposes of automatic Bayesian learning. Before enabling automatic Bayesian learning, I would recommend reviewing your message logs for false negatives and false positives and use their spam scores as guidelines for populating the spam and non-spam scoring thresholds. You can also optionally check the boxes to only learn non-spam messages from domain mail servers and authenticated sessions, and only learn spam from inbound messages.

    Bayes Automatic Learning
    Bayes Automatic Learning
  11. Before I explain the next setting, I want to explain the concept of “tokens.” When the Bayesian learning feature “learns” from a message, it takes snippets of information from the message, such as words or phrases, and uses this information to create tokens. These tokens are accumulated and when a new message is scanned by Bayesian learning, its contents are compared to these tokens to look for similarities. Under the Bayesian Database section, check the box to enable Bayesian automatic token expiration. This helps to limit the token database to a manageable size, expiring old tokens and replacing them with new ones when the maximum number of Bayesian database tokens (specified in the blank below) has been reached. When this number of tokens is reached, the Bayesian system removes the oldest, reducing the number to 75% of this value or 100,000 tokens, whichever is higher. 150,000 tokens make up about 8MB of data.
  12. Click Save and Close to save your changes.

End User Instructions

Now that SecurityGateway has been configured properly on the server, users can start feeding samples of spam and non-spam to the Bayesian learning engine.

There are two methods users can use to submit samples of spam and non-spam to the Bayesian learning engine in SecurityGateway. The first (and easier) way is to use the thumbs-up and thumbs-down icons in the SecurityGateway interface. The second way is by forwarding spam and non-spam messages (as attachments) to designated email addresses.

To mark messages as spam or non-spam using the SecurityGateway interface, follow these steps:

  1. Log into SecurityGateway.
  2. Click on My Message Log. This brings up a list of all of your inbound and outbound messages.
  3. Click on the message you wish to mark as spam or non-spam, and then click on the Thumbs-up button to mark the message as non-spam, or the thumbs-down button to mark the message as spam.
    Mark Message as Spam
    Mark Message as Spam

    You will receive confirmation that the message was marked as spam.

    Marked as Spam Confirmation
    Marked as Spam Confirmation

To feed messages to the Bayesian learning engine by forwarding them as attachments, simply attach the message to an email addressed to the designated hamlearn@ or spamlearn@ address for your domain (example: spamlearn@example.com). Note: SMTP authentication must be used.

If you are using WorldClient, you can right-click on the message and select “Forward as Attachment.” Then, populate the To: field with the spamlearn@ or hamlearn@ address and simply send the message.

Forward as Attachment
Forward as Attachment

When used properly, Bayesian Learning is a powerful tool for reducing spam and ensuring legitimate messages are not blocked by the spam filter. More information can be found in this knowledge base article.

Don’t let spam ruin your day. These tips can help you keep the bad stuff out of your Inbox so you can focus on your business!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

5 Steps to Achieving Inbox Zero

Inbox-ZeroUnless you live in a cave, chances are you use email as a primary method of business communication. You’re also likely to receive tons of annoying, non-business related email, such as newsletters, press releases, mailing list messages, and follow-up messages that clutter up your Inbox. Without a clear strategy for dealing with all of this distracting junk, valuable time is wasted on unimportant tasks, and productivity suffers. In other words, you may be afflicted with “email overload.”

So how do we deal with the influx of email that grabs at our limited supply of attention?  Merlin Mann invented the concept of Inbox Zero. From TechTarget, Inbox Zero is defined as “a rigorous approach to email management aimed at keeping the inbox empty — or almost empty — at all times.” According to Mann, zero does not refer to the number of messages in your Inbox. Instead, it refers to the amount of time one spends thinking about his Inbox. A key point that is made is that when one confuses his Inbox with a to-do list, productivity suffers. Mann states, “It’s about how to reclaim your email, your atten­tion, and your life. That zero? It’s not how many mes­sages are in your inbox–it’s how much of your own brain is in that inbox – especially when you don’t want it to be. That’s it.”

So with the daily influx of email, how can we achieve Inbox Zero? Mann says that for every email message, there are five possible actions to take:

  • Delete
  • Delegate
  • Respond
  • Defer
  • Do

Let’s take a closer look at these actions.

Delete:  When a new message arrives, the first thing you should ask yourself is “Am I REALLY going to read or respond to this email?” If you’re not sure, then chances are you’re not going to make it a priority, and then it will sit there in your Inbox while other messages that should have been deleted come piling in after it. As Merlin Mann says in this article, “every email you read, re-read, and re-re-re-re-re-read as it sits in that big dumb pile is actually incurring mental debt on your behalf.” So if you’re not going to do anything with a message, simply delete it and move on.

Delegate: If there’s a message that can be best answered by someone else, then immediately forward it on. Don’t try to handle it if it will take you twice as long as someone else.

Respond: Immediately respond to any new messages that can be answered in two minutes or less.

Defer: If a message cannot be answered in two minutes or less, or if a message can be answered later, then move it to a separate “requires response” folder and reply later.

Do: Set aside time each day to respond to email in the “requires response” folder or respond to mail in this folder throughout the day when you have time.

Mann also recommends what he calls “Email dashes.” Here are his recommendations.

  • Check for new email & look for items that can be responded very quickly: Two minutes every 20 minutes.
  • Non-critical responses – Every 90 minutes, answer 5 emails or spend 10 minutes responding.
  • Processing “the pile” – Two minutes every hour, plus 15 minutes at the end of the day.
  • Metawork – 15 minutes twice a week.
  • Further culling, responding & cleaning out “the pile” – Throughout the day, when available, in 5-8 minute dashes. These email dashes help you prioritize, avoid constant email notifications, and manage your time and attention.

Other tips for achieving Inbox Zero:

Don’t leave your email client open. An open email client can be a persistent distraction. It could be too tempting to check email when you’re working on another project while your email client is running in the background.

Use templates: You can use templates for often repeated messages that may only require a short or generic response, such as “Thank you” responses or responses to common questions. If you’re using WorldClient, MDaemon’s webmail client, this article has instructions for creating email templates.

Use Filters: Filters are useful for dealing with frequent, non-urgent items that can be dealt with later. Some examples include:

  • Mailing lists and forum threads
  • Social media “Friend” requests from sites like Facebook and Google+
  • Newsletters and product updates
  • Blog comments
  • Twitter follower notifications

Be careful when creating filters to ensure that you are only filtering out content that isn’t important. It is possible to filter out too much – for example, important but non-urgent messages that would be better addressed by dealing with them according to a schedule.

Use labels or folders: This tip could perhaps be combined with the above tip on using filters. The idea is to automate the process of acting on message that meet certain criteria by applying certain labels or moving them to designated folders. For example, I get a lot of blog comments from spambots, so by creating a filter that filters on the subject of a comment notification message, I can send those messages directly to my “Blog Comments” folder. Sometimes, I’ll get up to 200 comments in a day, so this saves me lots of time and headache weeding through all of that stuff in my Inbox.

Unsubscribe from email lists: How many times have you been asked by a retailer for your email address, or left the box checked when making a purchase on a company’s website authorizing them to bombard you with sales pitches on their other products?  Taking the time to unsubscribe from these mailing lists now can save you from having to deal with all that Inbox clutter later.

The concept of Inbox Zero is not to have zero messages in your Inbox. It’s to set up processes that allow you to spend as little time as possible THINKING about your Inbox. Merlin Mann created the concept several years ago, when there was far less email and far fewer distractions than there are today, so his ideas are even more relevant today. I hope you find these tips useful & that you can use them to take back any control your Inbox may have over you.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Quarantine Management with WorldClient Private Email

WorldClient Private Email makes spam management easy by providing users with the email and collaboration features found in WorldClient, MDaemon’s webmail client, and the security and spam filtering features found in SecurityGateway. This tutorial video covers the following topics:

  • How to allow users to manage their own quarantines in SecurityGateway
  • Quarantine management via the Quarantine Summary Email, and how often this email is sent to users
  • When to whitelist or blacklist the sender, and when & how to release a message from quarantine
  • Quarantine management via the SecurityGateway interface
  • Feeding the Bayesian spam and non-spam database – to improve the spam filter’s accuracy

Spam doesn’t have to be an overwhelming nuisance. When these practices are followed, spam is kept under control so you can spend less time dealing with spam and more time focusing on your business.

If you are interested in our WorldClient Private Email hosted email service, click here for pricing and features, or click here to sign up!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

New MDaemon Feature Helps Detect Spambots

Ever wonder why so much spam exists today? By some estimates, more than 100 billion spam messages are sent every day. This represents around 85 percent of global daily email traffic. Some of the most common types of spam messages include financial scams, phishing attempts, ransomware, and botnet malware. In this article, we focus primarily on botnets.

Spam is big business. The barriers to entry are low and the payoffs are high. If a spammer sends out 50,000 spam messages, but only a handful of users click on a link in one of these messages, the spammer’s efforts will likely have paid off.

A single spammer may not have the resources to send out a large-scale spam attack, however, a spammer’s job is made much easier by the use of botnets – networks of hundreds or even thousands of malware-infected computers (known as spambots) that can be remotely controlled over the internet.  Similar to legitimate cloud services such as Amazon’s AWS, a botnet-for-hire provides individuals with ample cloud-based resources to carry out large-scale spam campaigns with very little effort.

According to Spamhaus, the top five countries with the most spambots are India, Vietnam, China, Iran, and Brazil. As of May 23, 2016, India had close to 2 million spambots!

The botnet-for-hire industry is a growing industry that makes it easy for anyone to send out thousands of spam messages using the botnet as the attack vector.

In addition to sending out spam, botnets can be used to launch DDoS attacks by flooding a company with thousands of connections over a short period of time – in an effort to try to shut down a company’s network or to damage its reputation.

User education is likely the most important factor in preventing a computer from becoming a spambot. The following are a few guidelines that every email user should know by now.

  • Never open an email from an unknown source.
  • Never open an attachment from an unknown source.
  • Even if the sender appears to be someone you know, always verify – because spammers often forge the sender’s address.
  • Use anti-virus software on your local computer.
  • Learn how to recognize phishing
    • Messages that contain threats to shut your account down
    • Requests for personal information such as passwords or Social Security numbers
    • Words like “Urgent” – portraying a false sense of urgency
    • Forged email addresses
    • Poor writing or bad grammar
  • Don’t give your email address to sites you don’t trust.
  • Don’t post your email address to public websites or forums.
  • Understand that reputable businesses will never ask for personal information via email.

For more of these guidelines, see our blog posts – Email Safety Tips for End Users and Ransomware and Banking Trojans are Big Business.

Spambot Detection in MDaemon

The information provided above applies primarily to end users, but what actions can be taken by the mail server administrator to detect and prevent spambot activity? While MDaemon has many spam-fighting features, MDaemon 16 includes tools to detect spambot activity and block it from further communication with your server. This new feature is called Spambot Detection. Spambot Detection tracks the IP addresses that every return-path value (sender) uses over a period of time. If the same return-path is used by multiple IP addresses (more than can be expected from users switching between their computers and mobile devices) in a given timeframe, then it’s possible that this activity is being generated by a spambot. Of course, it’s also possible that this activity is completely legitimate. However, in some cases, tests have shown that this can be an effective tool at detecting a distributed spambot network as long as the same return-path is used in the spam messages. If a spambot is detected the connection is dropped and the return-path value is optionally blacklisted for a designated period of time.  You can also optionally blacklist all known spambot IPs for a designated period of time.

As with most MDaemon security features, various settings allow you to bypass Spambot Detection for mail from trusted sources. You can exempt specific IPs, senders, and recipients from Spambot Detection using the White list feature, and exempt connections from authenticated sessions or trusted IPs. Click on the Advanced buttons to view a list of return-paths or IPs that are currently blocked. If a return-path or IP is blocked by mistake, you can easily remove it from the list.

We demonstrate how to configure Spambot Detection in this tutorial video.

Spammers are always coming up with new ways to spam users. That’s why user education and a properly configured mail server are equally important in the war against spam.

Spambot Detection is one more tool in MDaemon’s arsenal of anti-spam and security features. When these features are enabled, MDaemon can help protect your users and your business from spam, phishing attempts, and malware. For more information on protecting your MDaemon server, check out our knowledge base article on recommended MDaemon security settings.

If you’re not yet an MDaemon user, and would like to take advantage of its robust security and anti-spam features, click here to download your free trial!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •