10 Ways to Reduce Spam in Your Inbox

SpamBefore the invention of email, mail that arrived in your physical mailbox often contained pamphlets, sales brochures, credit card offers, and product catalogs. Much of this waste was thrown away and ended up in a landfill somewhere. Today, the equivalent and often more annoying nuisance is spam. Spam comes in many forms, and has evolved from dubious product claims, miracle supplements, conspiracy theories, and offers of easy money to more malicious threats such as ransomware attacks and targeted spear-phishing.

While the amount of spam as a percentage of total email traffic has gone down recently, the severity of email-borne  threats has increased.

So how can users protect themselves from becoming the next victim to these malicious threats? There are numerous spam fighting tools in MDaemon and other mail servers, but server-side tools are only half of the spam-fighting equation. The other half is user education. With this in mind, here are 10 things users can do to reduce the amount of spam they receive.

  1. Unsubscribe – How often have you been asked by a store clerk for your email address or placed an order online? In either of these situations, chances are you may have ended up on a company’s mailing list. When you receive email from these companies, take the time to open the message and click on the Unsubscribe link. But first, make sure the email is in fact coming from a reputable company (Here’s how). If you’re not completely sure where the email came from, then report the message as spam instead of unsubscribing.
  2. Create a secondary email account – While we’re on the topic of retailers having your email address, you might also consider having a second email address that’s used solely for the purpose of store records or placing orders. This allows you to keep solicitations from these vendors out of your primary inbox.
  3. Keep your email address private – If your email address is visible on social networking sites like Facebook or Twitter, then it’s also visible to spammers. Spammers have tools that can easily detect visible email addresses and add them to their mailing lists. This is why it’s often recommended that, if you MUST use your email address on one of these sites, you mask it by changing its format. For example, type out “at” instead of using the “@” symbol. With the prevalence of Business Email Compromise (BEC) attacks, it’s even more important for executives to be mindful of posting their email address or other personal information, as scammers will use this information to send out well-crafted spear-phishing emails.
  4. Before you join a mailing list, make sure the list owner cannot sell your email address – If the list you’re joining has a privacy policy, read it thoroughly and make sure your information cannot be sold to a third party.
  5. Don’t reply to ANY spam or unsolicited marketing messages – Most spam messages use forged sender (return-path) addresses, so replying to a spam message will almost never result in the spammer getting your message. Replying to legitimate marketing messages tells the sender that your email address is valid, and thus, they may continue to send you spam.
  6. Never click on links – Often, when you click on a link in a spam email, it specifically identifies you to the spammer as having received the message. Not only can clicking links in spam messages identify you to the spammer; you can also end up getting infected with malware.
  7. Block Images – Even if you don’t click any links, an image opening in your email can alert spammers to a valid address. Spammers often try to be stealthy by inserting images that are only one pixel wide. If your mail client is configured to automatically open images, spammers can be alerted that your email address is valid. We recommend configuring your email client to automatically block images to reduce spam. You can always choose to view images in specific emails if you are sure the sender and content are legitimate.
  8. Make your email address unique – Spammers often use common names to try to guess email addresses. If your email address is unique, it makes it harder for spammers to guess your email address.
  9. Don’t fall for scams – If you receive an anonymous email from someone who appears to be in dire need, who promises you large sums of money for your small up-front investment, you may be witnessing the familiar Nigerian email scam, or one of many other variants. What are the odds that someone you’ve never met, who’s in a desperate situation, would contact you for help? Don’t fall for this scam.
  10. Never forward email from someone you don’t know – I often see email messages with some type of public service announcement, petition, or other bit of advice, and often, there’s a request to forward the message to your friends. Don’t fall for this, as it’s a prime opportunity for spammers to harvest email addresses.

Blocking junk email is not just the job of the mail server administrator. A well-informed email user can mean the difference between spam that is manageable and spam that is out of control. These ten tips will help you reduce spam, and help prevent you from becoming a victim to phishing or malware.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Encrypting vs. Signing with OpenPGP. What’s the Difference?

Many businesses are responsible for maintaining large amounts of confidential data, including customer records, medical records, financial reports, legal documents, and much more. It’s very common for these types of information to be transmitted via email. So how can you ensure confidential data transmitted via email is kept private? How can you ensure the integrity of transmitted data and that a message actually came from its purported sender?

Businesses need to ensure confidentiality, data integrity, message authentication (proof of origin), and non-repudiation (proof of content and its origin). These goals can be accomplished using MDaemon’s OpenPGP message encryption and signing services. Read on to learn more about the differences between encrypting and signing, and when each is used.

The Need for Encryption

Businesses need to protect sensitive data and preserve confidentiality and privacy. Whether you work in healthcare, finance, legal, HR or education, chances are you’re familiar with the terms GDPR, HIPAA or FERPA (among others). Businesses that fail to meet these regulations risk data breaches that can lead to lost revenue or legal action, as well as steep fines. To address these issues, businesses can use encryption to make their sensitive data unreadable to unauthorized parties.

The Need for Signing

In addition to data privacy, businesses may need to ensure that a message was not altered during transit, and that it actually came from the purported sender. These tasks are accomplished with message signing (adding a digital signature) using OpenPGP. Much like your handwritten signature, a digital signature can be used for authentication purposes, but also cannot be forged.

Signing a message helps ensure the following:

  • Data Integrity – That the message was not altered from its original form.
  • Message Authentication (Proof of Origin) – That the message actually came from the purported sender.
  • Non-repudiation – That the sender cannot deny the authenticity of the message they sent and signed with OpenPGP.

Encrypting vs. Signing – What’s the Difference?

So what are the differences between encrypting & signing? Let’s discuss each.

What is Encryption?

Encryption is the act of converting plain text to cipher text. Cipher text is basically text that has been scrambled into non-readable format using an algorithm – called a cipher. MDaemon’s implementation of OpenPGP encryption uses public key encryption (also known as asymmetric key encryption) to encrypt email messages and attachments.

So How Does Public Key Encryption Work?

Public key encryption uses public/private key pairs. If you want me to send you an encrypted message, you send me your public key, which I import into my encryption software (using the OpenPGP configuration screen in MDaemon, in this case). I encrypt the message with your public key. When you receive the message, you decrypt it with your private key. Even though your public key can be freely distributed and used to encrypt messages addressed to you, these encrypted messages can only be decrypted with your own private key. This private key must always be kept secret. Data encrypted with the public key can only be decrypted with its corresponding private key; conversely, data encrypted with the private key can only be decrypted with its corresponding public key. We’ll talk about why you would encrypt a message with your own private key in the next section when we discuss message signing.

Encrypting email with OpenPGP
Encrypting email with OpenPGP

In our latest release of MDaemon, we’ve added the ability for MDaemon Webmail users to encrypt messages from within the message compose window. This procedure is explained in this blog post.

Check out the following video to see this process in action!

Encrypting a message helps ensure that the message is kept confidential. The message remains in its encrypted format until it is decrypted with the recipient’s private key.

What is Message Signing with OpenPGP?

As I mentioned above, messages are encrypted with the message recipient’s public key and decrypted with the corresponding private key. Message signing, on the other hand, uses the sender’s private key to sign (encrypt) the message, and his public key is used to read the signature (decrypt). Message signing binds the identity of the message source to the message. This helps ensure data integrity, message authentication, and non-repudiation.

For example, if John wants to digitally sign a message to Michelle, he uses his private key to encrypt the message, and sends it (along with his public key if it hasn’t already been sent) to Michelle. Since John’s public key is the only key that can decrypt the message, the digital signature is verified by simply decrypting the message with John’s public key.

Signing with OpenPGP
Signing an Email Message with OpenPGP

Signing a message with OpenPGP ensures that the message was not altered in transit, that it did in fact come from the purported sender, and that the sender cannot deny the authenticity of the message they sent and signed with OpenPGP.

More information on using MDaemon’s PGP encryption & signing features can be found in the following knowledge base article:

How to enable MDaemon PGP, configure who can use MDPGP, and create keys for specific users

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=1087

Do you have questions? Let us know in the Comments section below!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

The Recent Concerns with OpenPGP and S/MIME Encryption

On Monday, May 14th, the Electronic Frontier Foundation (EFF) reported that European researchers had discovered core problems and commonplace implementation flaws in the S/MIME and OpenPGP protocol specifications. The vulnerability, which the researchers have described as EFAIL, can reportedly expose the content of encrypted emails (even messages sent in the past) to be viewed. The EFAIL vulnerability affects many email clients that use S/MIME and OpenPGP. There is a list of email clients with vulnerabilities by protocol in an article posted at thehackernews.com.

It’s very important to understand that to be at risk for this vulnerability, attackers would need access to your emails. This means that your email system has been compromised by an attacker who has access to the encrypted emails through tactics such as eavesdropping on network traffic (also known as a man-in-the-middle (MITM) attack), compromised email accounts, access to email servers, backup systems or client computers, usually achieved through social engineering attacks, such as Phishing and other tactics.

We have checked our own web-based email client (MDaemon Webmail) and our MDaemon OpenPGP-based encryption feature. Our results show that MDaemon Webmail is not vulnerable. However, the MDaemon email server OpenPGP feature is partially vulnerable to one implementation flaw. We have released a patch for affected versions of MDaemon email software, which can be found here. The current version of the MDaemon email server, v18.0.1, includes this fix.

A Reminder on the Best Email Security Practices

This latest issue should remind us all about the importance of email security practices as a whole.  Implementing strong passwords, two-factor authentication, location screening, SSL/TLS, SMTP AUTH, IP Shielding, dynamic screening, freezing accounts after failed authentication attempts, all play a role in helping to keep your accounts and your email safe. You can review a list of email security features in MDaemon here.

If you’ve implemented security to help protect malicious people from accessing your email accounts, then you are less likely to have an account compromised and you will be better protected against these types of attacks and vulnerabilities.

Ongoing Monitoring

While the researchers go into some depth to expose issues deep within the S/MIME and OpenPGP specification documents, these encryption protocols may need specification changes to address the longer-term issues mentioned in the initial report. MDaemon Technologies will continue to monitor this issue.

Additional Resources

We have provided links to past blog posts that cover a number of email security topics to provide additional information:

Thwart Hackers with Strong Password Policies

Are You Taking the Security of Your Email Account Seriously?

Why Passwords May Not Keep Your Email Safe

Block Incoming Connections by Country with MDaemon’s New Location Screening Feature

SSL & TLS Best Practices

Block Hackers from Guessing Passwords with MDaemon’s Improved Dynamic Screening

Are You Doing Enough to Protect Your Email Privacy?

Follow These 13 Tips to Avoid Being Blacklisted

New Security & Collaboration Features for MDaemon 17.5!

Introducing SecurityGateway 5.0, with New Location Screening, Terms of Service Agreements, and More!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

How to Encrypt your Email Messages from MDaemon Webmail in Three Easy Steps!

Whether you work in healthcare, finance, education, or another highly regulated industry, it’s likely that you’re required to meet increasingly stringent regulations on email security and privacy, such as the General Data Protection Regulation (GDPR). But even if these strict requirements do not apply to your industry, you still want to maintain customer trust by ensuring their confidential data is safe.

To address these concerns, MDaemon offers email encryption using OpenPGP.

In the past, implementations of OpenPGP have been cumbersome, requiring users to manually exchange encryption keys or to take complex steps to send encrypted messages. With MDaemon, in addition to providing various ways to automate the encryption key exchange and server-side encryption processes, MDaemon Webmail users can easily enable per-message encryption right from within the message compose window.

Here’s a quick video to demonstrate how easy it is to encrypt messages in MDaemon Webmail.

A more comprehensive overview of MDaemon’s OpenPGP settings and how to configure them can be found in this knowledge base article.

Upgrade MDaemon to Take Advantage of the Latest Features!

Are you running an older version of MDaemon? Check out our Features by Version chart to see what you may be missing out on! Server-side email encryption with OpenPGP was introduced in MDaemon 15.5. Click here for upgrade & renewal instructions.

If you’re not currently using MDaemon and would like to see how an affordable, easy-to-use mail server can benefit your business, click here to download your free trial!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

10 Tips to Identify a Phishing Email

Don’t Risk Losing your Life Savings to Scammers. Follow these 10 Tips to Identify a Phishing Email.

From October 2013 to December 2016, phishing scams cost businesses approximately $1.6 billion, averaging roughly $500 million each year. While these figures are staggering, they continue to rise as scammers reap huge payouts from BEC (Business Email Compromise), CEO fraud and other phishing scams.

The real estate industry is a prime target for phishing because large sums of money change hands and there are various weak links in the transaction process. If any step within the transaction process becomes compromised with a successful phishing email, the attacker could gain access to a legitimate email address from which to launch other attacks. The fraudster could then lie in wait, scanning email messages for financial or transaction related details, and then send off fraudulent wire transfer instructions to an unsuspecting buyer, seller, or agent. For example, this happened to a 31 year-old first-time homebuyer in San Antonio, Texas. You can read details about this case here, but the short version of the story is that she felt that she was in a time crunch to send in her down payment and finalize other closing tasks, and felt that the title company was dragging its feet. This state of high anxiety made her a prime target for a phishing email she received stating that she had previously been given the wrong wire transfer information, and that she needed to wire her down payment to a new account. With 5 hours left to get everything done, she attempted to contact her title company to confirm the change, but no one responded, so in a panic, she hastily ran to the bank and wire transferred her $52,000 down payment. Unfortunately, she sent her life savings to scammers.

The phishing industry is so lucrative for scammers because the barriers to entry are low relative to potential huge payouts. With botnets-for-hire and Malware as a Service (Maas), spammers have an impressive arsenal of tools at their disposal to propagate their campaigns, so to fight this scourge, an educated user is the best defense against phishing scams. With this in mind, here are my top 10 tips on how to identify and protect yourself from phishing attacks.

  1. Watch out for messages disguised as something expected, like a shipment or payment notification. These often contain links to malware sites. Hover your mouse over any links to make sure they’re safe. Think before you click! Here’s an example using a phishing email I received claiming to come from HSBC.

    Payment notification phishing email
    Watch for unexpected payment or shipment notices
  2. Watch for messages asking for personal information such as account numbers, Social Security numbers, and other personal information. Legitimate companies will never ask for this over email.
  3. Beware of urgent or threatening messages claiming that your account has been suspended and prompting you to click on a link to unlock your account.
  4. Check for poor grammar or spelling errors. While legitimate companies are very strict about emails they send out, Phishing emails often contain poor spelling or grammar.
  5. Hover before you click! Phishing emails often contain links to malware sites. Don’t trust the URL you see! Always hover your mouse over the link to view its real destination. If the link claims to point to a known, reputable site, it’s always safer to manually type the URL into your browser’s address bar.
  6. Check the Greeting – Is the message addressed to a generic recipient, such as “Valued customer” or “Sir/Madam?” If so, be careful & think twice! Legitimate businesses will often use your real first and last name. In our HSBC example, notice the generic greeting.

    Watch for generic greetings in email messages
    Watch for generic greetings in email messages
  7. Check the Signature – In addition to the greeting, phishing emails often leave out important information in the signature. Legitimate businesses will always have accurate contact details in their signature, so if a message’s signature looks incomplete or inaccurate, chances are it’s spam. In our HSBC example, the sender’s name and contact information are missing from the signature.

    Watch for generic signatures in phishing email messages.
    Watch for generic signatures in phishing email messages.
  8. Don’t download Attachments – With the proliferation of Ransomware as a Service (Raas), spammers have an easy mechanism for distributing malware-laden spam messages to thousands of users. And because the payout for ransomware can be quite high, even one successful ransomware infection could net the spammer large amounts of money. If there’s ANY doubt about the identity of the message sender or the contents of an attachment, play it safe and don’t download the attachment.
  9. Don’t trust the From address – Many phishing emails will have a forged sender address. The From address is displayed in two places. The Envelope From is used by mail servers to generate NDR messages, while the Header From is used by the email client to display information in the From field. Both of these headers can be spoofed. MDaemon Webmail has built-in security features to help users identify spoofed emails. Many mail clients hide the From address, only showing the From name, which can be easily spoofed. In MDaemon Webmail, the From address is always displayed, giving users a clearer view into the source of the email and helping them identify spoofed senders. Using our HSBC example, I’ve highlighted the actual sender.
    Phishing email highlighting the actual sending address
    Phishing email highlighting the actual sending address

    MDaemon Webmail will also display information in the Security tag to help users identify messages from verified senders, as shown here.

    MDaemon Webmail - DKIM-Verified Sender
    MDaemon Webmail – DKIM-Verified Sender
  10. Don’t Enable Macros – And while we’re on the subject of ransomware, another common vector for ransomware infections is through macros in Microsoft Word documents. These documents often arrive in phishing emails claiming to have important content from HR, Finance, or another important department, and to trick the user, they request the user to enable macros. Never trust an email that asks you to enable macros before downloading a Word document.

While anti-spam and anti-malware tools are quite effective at filtering out the majority of scams, there’s really no substitute for good old-fashioned user education. Know the potential costs to your business and don’t become the next victim!

If you’re the MDaemon or SecurityGateway administrator and need help with your security settings to help block as much phishing as possible before it reaches your users, give us a call or drop us an email support request.

 

 

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

A New Year and a New Name

As we welcome in a New Year, we are also welcoming a new company name. Alt-N Technologies is transitioning to MDaemon Technologies. This change is now in motion and will be implemented gradually across our many company assets.

We are adopting the new name to better leverage the brand equity and recognition we have built over the many years with our trusted email server. The new name will consolidate our brand and align the company around a globally recognized name.

With the name change also brings the new tag line: Simple Secure Email. We believe this tag line summarizes the value many of our global customers and partners have expressed over the years and is synonymous with the attributes that have made MDaemon a popular email server with many IT professionals and resellers.

We may have a new name but our mission and focus remain the same: develop features in our email server and email gateway products that deliver value (reliability, security, and flexibility) to the IT professionals that put their trust in us.

For more than 20 years we have succeeded by listening to our global customers and delivering exceptional service. We treat our employees, customers and channel partners like family and we believe this is just one of the many reasons why we remain a trusted vendor in an ever changing and competitive email and email security market. We may not be the biggest company you will deal with, but we strive to be the best company you deal with!

To our current customers we thank you for allowing us the opportunity to earn your business. To prospective customers, we ask that you give us a try. Download a free 30 day trial of our products or look at our hosted services and partners.

We look forward to an exciting 2018 and the opportunity to serve you!

Happy New Year,
Kevin

Kevin Beatty
VP, Marketing & Business Development

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

SecurityGateway saves administrators time by letting users manage their own quarantines!

Email spam quarantine

You’ve probably heard that the vast majority of  all email traffic is spam, but did you know the volume of spam as a percentage of all email traffic has gone down over the years? In April of 2014, spam made up almost 70% of all email traffic. The most recent records show spam at about 59% of all email traffic. While these numbers are down slightly, they are still quite significant, and thus email providers need to be armed with a variety of tools to combat spam.

For email administrators, one of the challenges of fighting spam is balancing tasks performed by the administrator with tasks that users can perform to take some of the workload from administrators. With SecurityGateway’s quarantine management features, users can be granted permissions to manage their own quarantines.

SecurityGateway can be configured to handle spam in various ways. Messages can be refused, quarantined, or accepted, and their spam scores can be adjusted accordingly. When messages are quarantined and held on the server, the administrator can determine whether, and how often, to send the user an emailed quarantine summary report. The administrator can also grant users permissions to view and manage their own quarantine folders in the SecurityGateway interface. The quarantine summary email allows users to release the message from quarantine, and whitelist or blacklist the sender. When the quarantine is viewed in the SecurityGateway interface, users have additional options, such as the ability to feed messages to SecurityGateway’s Bayesian spam learning engine. Giving users the ability to manage their own quarantines allows administrators to focus on other tasks.

We generally recommend using the Bayesian feature to mark a message as spam, rather than blacklisting the sender. Thus, to avoid any confusion, we’ve put together the following best practices guide on quarantine management in SecurityGateway.

Click here to view the new SecurityGateway Quarantine Management guide.

Following the suggestions outlined in this guide will help ensure that you receive the messages you want, and block the messages you don’t want.

If you have questions, let us know in the comments section below!

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Why Passwords May Not Keep Your Email Safe

Two-factor Authentication using phone pin and passwordWe live in an era where the amount of valuable data businesses must store is increasing at an unprecedented pace. Consequently, the number of “bad guys” trying to gain access to that data is also increasing, and hackers have some pretty sophisticated tools at their disposal to try to force their way into your data. They use a variety of tactics, including social engineering, brute force attacks and dictionary attacks, among others.

The problem is made worse by the prevalence of weak passwords. Did you know that, even in 2017, one of the most common passwords is 12345678? In an experiment conducted in 2013, with the help of a list of hashed passwords obtained online, hackers were able to crack about 90% of a list of over 16,000 passwords.

Passwords are not just vulnerable to external threats. They must be protected from internal threats as well. Have you ever written down a password on a piece of paper, and then thrown it in the garbage? Have you ever discarded an old hard drive without destroying it? If this information gets in the wrong hands, it can lead to severe financial loss for a company, and damage to its reputation.

Passwords and usernames belong to one of three types of identification data:

  1. Something you know
  2. Something you own
  3. Something you are or do (such as a fingerprint or other biometric element)

Passwords and usernames fall within the category of “something you know.” The three items listed above are considered factors of authentication, so when only one type of data is used to log into a system (such as a username and password), you are using a single factor of authentication.

Passwords alone are often not enough to protect your data against increasingly sophisticated attacks. Requiring a second factor of authentication can drastically reduce data theft.

Two-factor authentication is not a new concept. In fact, most of us already use it in other ways besides accessing our email. Here are some examples of two-factor authentication that many of us already use daily:

  • An ATM card (something you own) and a PIN (something you know)
  • A credit card (something you own) and a zip code (something you know)
  • A phone (something you own) and a fingerprint (something you are)

MDaemon includes two-factor authentication for WorldClient, MDaemon’s webmail client. With two-factor authentication, users must provide two forms of authentication – a password and a unique verification code that is obtained via any client that supports Google Authenticator (available in the Google Play store).

Two-factor authentication has many benefits:

  • It provides an extra layer of defense when a password isn’t strong enough.
  • It reduces online identity theft, phishing, and other techniques because a victim’s password isn’t enough to gain access to his or her data.
  • It helps companies in finance, health care, and other industries comply with PCI, HIPAA and other regulations.
  • It makes working remotely safer.

In this video, we demonstrate how to enable and use two-factor authentication in MDaemon and WorldClient.

If you’re concerned about privacy and security, two-factor authentication provides extra protection for your data. Download the latest version of MDaemon to take advantage of this extra security!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Block Hackers from Guessing Passwords with MDaemon’s Improved Dynamic Screening

If you have an email account (and in 2017, you probably have more than one), you are a target. More specifically, your email password is a target and a coveted prize for hackers. And let’s face it – hackers are not going away anytime soon. Because the barriers to entry are so low and the potential payoffs so large, hackers are more motivated than ever to try to steal your login credentials. As an MDaemon administrator, you are tasked with making sure your users use strong passwords, but here are a few things to consider when evaluating your password & security policies:

  • People often reuse passwords.
  • People tend to use the same password across multiple sites.
  • Hackers have access to a variety of password-generating tools that are freely available on the Internet.
  • Automated systems installed in botnets can crack complex passwords in a matter of minutes.
  • Password dictionaries reduce the effectiveness of password complexity policies.

To address these threats, MDaemon’s new Dynamic Screening features can be configured to track authentication failures for all protocols, including SMTP, POP, IMAP, WorldClient, and ActiveSync (among others). When a specified number of authentication attempts from a given IP address fail in a designated period of time, subsequent connections from the IP are blocked for a specified period of time. The affected email account can also be frozen – meaning the mailbox can collect mail, but the user cannot login to check email or send out email messages.

Watch our latest tutorial video to learn more!

In the event that a hacker or spammer still manages to guess an account’s password, MDaemon’s Account Hijack Detection feature will disable or freeze the account after a specific number of messages have been sent from an authenticated session in a given timeframe.

Do you have questions or comments? Let us know via the Comments section!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Block Incoming Connections by Country with MDaemon’s New Location Screening Feature

Block connections by country with Location Screening
Block connections by country with Location Screening

As I announced recently in this post, MDaemon 17.5 has been released, with new security and collaboration features. One feature that our users will find particularly useful is the new Location Screening feature, which allows administrators to block incoming connections from specific countries. When you consider the scale and widespread distribution of global threats, blocking connections by country can provide the following benefits:

New spam domains, email zombies & phishing sites pop up all over the world every day. In fact, Cyren’s World Threat Map displays a handy visual representation of newly-discovered threats in real-time.

So if you know your company does not do business with certain countries, you can add these locations to MDaemon’s Location Screening feature and stop all traffic from these countries.

In previous versions of MDaemon, the best way to block connections by country was to use the DNS-BL feature, but with MDaemon 17.5, a new, intuitive check-box screen was added.  In this tutorial video, I show you how easy it is to configure Location Screening in MDaemon.

Do you have questions or feedback? If so, click on the “Leave a Comment” link under the title of this post & let us know!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •