Whether you work in healthcare, finance, education, or another highly regulated industry, it’s likely that you’re required to meet increasingly stringent regulations on email security and privacy, such as the General Data Protection Regulation (GDPR). But even if these strict requirements do not apply to your industry, you still want to maintain customer trust by ensuring their confidential data is safe.
To address these concerns, MDaemon offers email encryption using OpenPGP.
In the past, implementations of OpenPGP have been cumbersome, requiring users to manually exchange encryption keys or to take complex steps to send encrypted messages. With MDaemon, in addition to providing various ways to automate the encryption key exchange and server-side encryption processes, MDaemon Webmail users can easily enable per-message encryption right from within the message compose window.
Here’s a quick video to demonstrate how easy it is to encrypt messages in MDaemon Webmail.
MDaemon’s webmail client is loaded with a variety of features for organization, collaboration and security. As a daily user of MDaemon Webmail (I use it almost exclusively instead of my desktop email client), I like to keep important messages organized so I can find them later. This is made easy with message categories (in addition to follow-up flags). Within the MDaemon webmail client, you’ll find a variety of built-in categories, or you can create your own custom categories. Multiple categories can be assigned to a message, and messages can be arranged by category, keeping all of your important messages in one, easy-to-find place.
If you’re like me, you like shortcuts that make life easier when performing common tasks. For example, if you work in finance or accounting, wouldn’t it be nice to be able to pull up all emails with the word “invoice” with a single mouse click? Well now you can. With the latest release of MDaemon, we introduced search folders in MDaemon Webmail. This week’s 30-Second Email Tips video will walk you through the setup process.
Search folders were added in MDaemon 17.5.1. If you’re running an older version of MDaemon, you could be missing out on some great new features!
If you’re what most would call a “power user,” then you may be used to using keyboard shortcuts. If you’re used to the keyboard shortcuts of another client, such as Outlook, Thunderbird or Eudora, MDaemon’s webmail client has a feature that allows you to continue using those shortcuts. So if you’re used to using Shift+P to print (which is an Outlook shortcut), then all you need to do in MDaemon’s web-based email client is go to the Options menu & select Personalize. Then select your preferred option in the Keyboard Shortcuts drop-down menu, as shown here:
More information on this feature can be found in the following page from our online manual:
If you have questions or comments about this feature, let us know! If you’re not an MDaemon user, but would like to learn more about its features, visit the MDaemon product page and have a look around!
You’ve probably heard that the vast majority of all email traffic is spam, but did you know the volume of spam as a percentage of all email traffic has gone down over the years? In April of 2014, spam made up almost 70% of all email traffic. The most recent records show spam at about 59% of all email traffic. While these numbers are down slightly, they are still quite significant, and thus email providers need to be armed with a variety of tools to combat spam.
For email administrators, one of the challenges of fighting spam is balancing tasks performed by the administrator with tasks that users can perform to take some of the workload from administrators. With SecurityGateway’s quarantine management features, users can be granted permissions to manage their own quarantines.
SecurityGateway can be configured to handle spam in various ways. Messages can be refused, quarantined, or accepted, and their spam scores can be adjusted accordingly. When messages are quarantined and held on the server, the administrator can determine whether, and how often, to send the user an emailed quarantine summary report. The administrator can also grant users permissions to view and manage their own quarantine folders in the SecurityGateway interface. The quarantine summary email allows users to release the message from quarantine, and whitelist or blacklist the sender. When the quarantine is viewed in the SecurityGateway interface, users have additional options, such as the ability to feed messages to SecurityGateway’s Bayesian spam learning engine. Giving users the ability to manage their own quarantines allows administrators to focus on other tasks.
We generally recommend using the Bayesian feature to mark a message as spam, rather than blacklisting the sender. Thus, to avoid any confusion, we’ve put together the following best practices guide on quarantine management in SecurityGateway.
We live in an era where the amount of valuable data businesses must store is increasing at an unprecedented pace. Consequently, the number of “bad guys” trying to gain access to that data is also increasing, and hackers have some pretty sophisticated tools at their disposal to try to force their way into your data. They use a variety of tactics, including social engineering, brute force attacks and dictionary attacks, among others.
Passwords are not just vulnerable to external threats. They must be protected from internal threats as well. Have you ever written down a password on a piece of paper, and then thrown it in the garbage? Have you ever discarded an old hard drive without destroying it? If this information gets in the wrong hands, it can lead to severe financial loss for a company, and damage to its reputation.
Passwords and usernames belong to one of three types of identification data:
Something you know
Something you own
Something you are or do (such as a fingerprint or other biometric element)
Passwords and usernames fall within the category of “something you know.” The three items listed above are considered factors of authentication, so when only one type of data is used to log into a system (such as a username and password), you are using a single factor of authentication.
Passwords alone are often not enough to protect your data against increasingly sophisticated attacks. Requiring a second factor of authentication can drastically reduce data theft.
Two-factor authentication is not a new concept. In fact, most of us already use it in other ways besides accessing our email. Here are some examples of two-factor authentication that many of us already use daily:
An ATM card (something you own) and a PIN (something you know)
A credit card (something you own) and a zip code (something you know)
A phone (something you own) and a fingerprint (something you are)
MDaemon includes two-factor authentication for WorldClient, MDaemon’s webmail client. With two-factor authentication, users must provide two forms of authentication – a password and a unique verification code that is obtained via any client that supports Google Authenticator (available in the Google Play store).
Two-factor authentication has many benefits:
It provides an extra layer of defense when a password isn’t strong enough.
It reduces online identity theft, phishing, and other techniques because a victim’s password isn’t enough to gain access to his or her data.
It helps companies in finance, health care, and other industries comply with PCI, HIPAA and other regulations.
It makes working remotely safer.
In this video, we demonstrate how to enable and use two-factor authentication in MDaemon and WorldClient.
If you’re concerned about privacy and security, two-factor authentication provides extra protection for your data. Download the latest version of MDaemon to take advantage of this extra security!
If you have an email account (and in 2017, you probably have more than one), you are a target. More specifically, your email password is a target and a coveted prize for hackers. And let’s face it – hackers are not going away anytime soon. Because the barriers to entry are so low and the potential payoffs so large, hackers are more motivated than ever to try to steal your login credentials. As an MDaemon administrator, you are tasked with making sure your users use strong passwords, but here are a few things to consider when evaluating your password & security policies:
People often reuse passwords.
People tend to use the same password across multiple sites.
Hackers have access to a variety of password-generating tools that are freely available on the Internet.
Automated systems installed in botnets can crack complex passwords in a matter of minutes.
Password dictionaries reduce the effectiveness of password complexity policies.
To address these threats, MDaemon’s new Dynamic Screening features can be configured to track authentication failures for all protocols, including SMTP, POP, IMAP, WorldClient, and ActiveSync (among others). When a specified number of authentication attempts from a given IP address fail in a designated period of time, subsequent connections from the IP are blocked for a specified period of time. The affected email account can also be frozen – meaning the mailbox can collect mail, but the user cannot login to check email or send out email messages.
Watch our latest tutorial video to learn more!
In the event that a hacker or spammer still manages to guess an account’s password, MDaemon’s Account Hijack Detection feature will disable or freeze the account after a specific number of messages have been sent from an authenticated session in a given timeframe.
Do you have questions or comments? Let us know via the Comments section!
As I announced recently in this post, MDaemon 17.5 has been released, with new security and collaboration features. One feature that our users will find particularly useful is the new Location Screening feature, which allows administrators to block incoming connections from specific countries. When you consider the scale and widespread distribution of global threats, blocking connections by country can provide the following benefits:
It can reduce the amount of email traffic on the server, freeing up system resources.
It has the added benefit of reducing the amount of spam received.
New spam domains, email zombies & phishing sites pop up all over the world every day. In fact, Cyren’s World Threat Map displays a handy visual representation of newly-discovered threats in real-time.
So if you know your company does not do business with certain countries, you can add these locations to MDaemon’s Location Screening feature and stop all traffic from these countries.
In previous versions of MDaemon, the best way to block connections by country was to use the DNS-BL feature, but with MDaemon 17.5, a new, intuitive check-box screen was added. In this tutorial video, I show you how easy it is to configure Location Screening in MDaemon.
Do you have questions or feedback? If so, click on the “Leave a Comment” link under the title of this post & let us know!
With the prevalence of data-destroying malware, more businesses are using an archiving solution such as MailStore to create backup copies of all email communications. Archiving is crucial for recovery when the unexpected disaster strikes, and useful for e-discovery and meeting legal requirements & regulations. I’ve written this article to help explain the value of archiving and why it’s so important:
For end-users, it’s important to have easy access to your archived messages, with the ability to search through your archives based on key words. With the addition of a custom button in the WorldClient toolbar that points to the MailStore login screen (performed by the MDaemon administrator), users can access their archive and perform a search in three easy steps. I’ll show you how in the following video:
MailStore works with virtually all email platforms and clients, and is the recommended choice for small-to-medium businesses worldwide. If you have questions or would like a personal demo, leave a comment below & let me know!
For many small-to-medium businesses, hosting an in-house Microsoft Exchange Server requires dedicated staff and deep pockets. In the mid-90’s, MDaemon was created as an affordable alternative to Exchange that wouldn’t break your IT budget & required no dedicated staff to administer it. With every installation of MDaemon comes the free Exchange migration utility – MDMigrator. MDMigrator will import all user accounts, email messages, public folders and other settings from Exchange to MDaemon. You can find step-by-step instructions in this knowledge base article: