The Recent Concerns with OpenPGP and S/MIME Encryption

May 16, 2018May 16, 2018 ~ Kevin Beatty ~ Leave a comment

On Monday, May 14^th, the Electronic Frontier Foundation (EFF) reported that European researchers had discovered core problems and commonplace implementation flaws in the S/MIME and OpenPGP protocol specifications. The vulnerability, which the researchers have described as EFAIL, can reportedly expose the content of encrypted emails (even messages sent in the past) to be viewed. The EFAIL vulnerability affects many email clients that use S/MIME and OpenPGP. There is a list of email clients with vulnerabilities by protocol in an article posted at thehackernews.com.

It’s very important to understand that to be at risk for this vulnerability, attackers would need access to your emails. This means that your email system has been compromised by an attacker who has access to the encrypted emails through tactics such as eavesdropping on network traffic (also known as a man-in-the-middle (MITM) attack), compromised email accounts, access to email servers, backup systems or client computers, usually achieved through social engineering attacks, such as Phishing and other tactics.

We have checked our own web-based email client (MDaemon Webmail) and our MDaemon OpenPGP-based encryption feature. Our results show that MDaemon Webmail is not vulnerable. However, the MDaemon email server OpenPGP feature is partially vulnerable to one implementation flaw. We have released a patch for affected versions of MDaemon email software, which can be found here. The current version of the MDaemon email server, v18.0.1, includes this fix.

A Reminder on the Best Email Security Practices

This latest issue should remind us all about the importance of email security practices as a whole. Implementing strong passwords, two-factor authentication, location screening, SSL/TLS, SMTP AUTH, IP Shielding, dynamic screening, freezing accounts after failed authentication attempts, all play a role in helping to keep your accounts and your email safe. You can review a list of email security features in MDaemon here.

If you’ve implemented security to help protect malicious people from accessing your email accounts, then you are less likely to have an account compromised and you will be better protected against these types of attacks and vulnerabilities.

Ongoing Monitoring

While the researchers go into some depth to expose issues deep within the S/MIME and OpenPGP specification documents, these encryption protocols may need specification changes to address the longer-term issues mentioned in the initial report. MDaemon Technologies will continue to monitor this issue.

Additional Resources

We have provided links to past blog posts that cover a number of email security topics to provide additional information:

Thwart Hackers with Strong Password Policies

Are You Taking the Security of Your Email Account Seriously?

Why Passwords May Not Keep Your Email Safe

Block Incoming Connections by Country with MDaemon’s New Location Screening Feature

SSL & TLS Best Practices

Block Hackers from Guessing Passwords with MDaemon’s Improved Dynamic Screening

Are You Doing Enough to Protect Your Email Privacy?

Follow These 13 Tips to Avoid Being Blacklisted

New Security & Collaboration Features for MDaemon 17.5!

Introducing SecurityGateway 5.0, with New Location Screening, Terms of Service Agreements, and More!

Spread the love

A New Year and a New Name

January 2, 2018 ~ Kevin Beatty ~ Leave a comment

As we welcome in a New Year, we are also welcoming a new company name. Alt-N Technologies is transitioning to MDaemon Technologies. This change is now in motion and will be implemented gradually across our many company assets.

We are adopting the new name to better leverage the brand equity and recognition we have built over the many years with our trusted email server. The new name will consolidate our brand and align the company around a globally recognized name.

With the name change also brings the new tag line: Simple Secure Email. We believe this tag line summarizes the value many of our global customers and partners have expressed over the years and is synonymous with the attributes that have made MDaemon a popular email server with many IT professionals and resellers.

We may have a new name but our mission and focus remain the same: develop features in our email server and email gateway products that deliver value (reliability, security, and flexibility) to the IT professionals that put their trust in us.

For more than 20 years we have succeeded by listening to our global customers and delivering exceptional service. We treat our employees, customers and channel partners like family and we believe this is just one of the many reasons why we remain a trusted vendor in an ever changing and competitive email and email security market. We may not be the biggest company you will deal with, but we strive to be the best company you deal with!

To our current customers we thank you for allowing us the opportunity to earn your business. To prospective customers, we ask that you give us a try. Download a free 30 day trial of our products or look at our hosted services and partners.

We look forward to an exciting 2018 and the opportunity to serve you!

Happy New Year,
Kevin

Kevin Beatty
VP, Marketing & Business Development

Spread the love

Alt-N Technologies is Renamed MDaemon Technologies

January 2, 2018February 1, 2018 ~ Daniel Draney ~ Leave a comment

New Name to Leverage Global Brand Equity of Company’s Flagship Email Server

Grapevine, TX (USA) – January 2, 2018 – Alt-N Technologies announced today that, effective immediately, the Company’s legal name will be MDaemon Technologies, and that it will begin doing business under the new company name.

“We are adopting the new name to better leverage the brand equity and recognition we have built over the many years with our trusted email server,” said Jerry Donald, CEO of MDaemon Technologies. “The new name will consolidate our brand and align the company around a globally recognized name.”

With the name change also brings a new tag line: “Simple Secure Email. This tag line summarizes the value many of the Company’s global customers and partners have expressed over the years and is synonymous with the attributes that have made MDaemon a popular email server with many IT professionals and resellers.

More information about the name change can be found by visiting the MDaemon Technologies Blog.

About MDaemon Technologies

MDaemon Technologies develops email and email security software for the global small and medium enterprise business market. Founded in 1996, its products are trusted by organizations in over 140 countries and 25 languages. The company’s flagship products, MDaemon Messaging Server and SecurityGateway for Email Servers can be deployed in virtual, hosted cloud or private on-premise environments. The company’s products include the latest security technologies and require minimal support and administration to operate and maintain. The company uses a network of global distributors and resellers for the sale and support of its products.

###

Media Contact:
Kevin Beatty
MDaemon Technologies
(817) 601-3222 x214
kevin.beatty@mdaemon.com
www.mdaemon.com

Spread the love

MDaemon 17.5.1 is Now Available – with Improved Logging for Let’s Encrypt, WorldClient Enhancements, and More!

October 24, 2017 ~ Brad Wyro ~ Leave a comment

Today, we released a minor update to MDaemon – MDaemon 17.5.1. This update includes various minor improvements, including:

Improved logging for Let’s Encrypt.
Defaults for the Dynamic Screening settings have been changed. Account freeze is off by default and fewer notifications are enabled.
Enhanced WorldCient Instant Messenger chat room experience to prevent spoofing.
When using the WorldClient and LookOut themes, users can now display their saved searches in the Favorites folder list.

These are just a few highlights. For a complete rundown of all new features & enhancements, visit our Downloads page to to view the MDaemon release notes or to download MDaemon.

Spread the love

Outlook Connector 4.5.1 is Now Available – Addresses Issues with Windows 10 Creators Update

July 27, 2017 ~ Brad Wyro ~ Leave a comment

The release of Microsoft Windows 10 Creators Update introduced various issues for Outlook users related to certain DLL files. Today, we’ve released Outlook Connector 4.5.1, which fixes these issues.

Click here to download Outlook Connector 4.5.1.

Remember – there are two components to Outlook Connector – one for the server, and one for the client. There is a link to the latest Outlook Connector client on the above link. We recommend installing this update on the server as well as on all clients.

If you have questions, feel free to leave a comment below!

Spread the love

Outlook Problems Caused By Creators Update for Microsoft Windows 10

July 5, 2017 ~ Brad Wyro ~ 6 Comments

Note: July 27 – A fix to Outlook that was caused by the Windows Creators Update is now available by upgrading to most current version of OutlookConnector – version 4.5.1. Click here to download the update.

The Creators Update for Microsoft Windows 10 has introduced various technical issues. One of the issues is that it may cause Outlook to become unstable when Outlook Connector is used. The issues with Outlook are not isolated to Alt-N products.

Our technical team is working to find a solution to address the issues as soon as possible.

Who is affected?

Customers using Outlook Connector with the Windows 10 Creators Update are affected.

What is the issue?

After installing the Creators Update, Outlook may, under some circumstances, crash or stop working. We have also had reports of searches not returning results.

How do I fix it?

There are a number of workarounds available but the only solution at this time is to uninstall the Windows Creators Update and install the Windows 10 Anniversary Update (version 1607). Using older versions of the Windows operating system can put your system at risk; please use caution.

How do I install the Microsoft update – version 1607?

To get the earlier cumulative Microsoft update version 1607, please follow this link:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4019472

Additional information, including updates & fixes, will be published to the following knowledge base article, so check back often for the latest updates.

Windows 10 Creator Update and Outlook Connector:

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=1183

Questions? Let us know via the Comments section below, or click here to if you need additional support.

Spread the love

MDaemon 17 Adds New Security and Collaboration Features

March 22, 2017 ~ Brad Wyro ~ Leave a comment

Dropbox Integration for Webmail Users, Popular IM Client Connections, Support for Let’s Encrypt, new Message Scheduling, and More!

Businesses around the world have depended on the reliability and security of MDaemon for over 20 years.

With the release of MDaemon 17, we’ve included additional security features and introduced several new features for WorldClient, MDaemon’s feature-packed web-based email client.

Below, you’ll find a summary of key new features. A more comprehensive list of all new features and enhancements can be found in the MDaemon release notes on the MDaemon Download page.

New Security Features

MDaemon Health Check Utility

MDaemon’s new health check utility will analyze all security-related settings and display a report of each feature that is not configured with the recommended setting. This report includes the name of the feature, the current setting for that feature, its recommended setting, and the GUI path to the setting. Administrators can select an entry in the report and click on “Set to Recommended” to re-configure the selected feature with the recommended setting, or by holding down CTRL or SHIFT, multiple items can be selected and re-configured simultaneously.

Enhanced Password Security

An option has been added to store mailbox passwords using non-reversible encryption. This protects the passwords from being decrypted by MDaemon, the administrator, or a possible attacker.

More information on this feature can be found in the following knowledge base article:
How to store mailbox passwords using non-reversible encryption

Access to Free Certificates

MDaemon now supports “Let’s Encrypt,” a certificate authority service that uses an automated process to provide free certificates for Transport Layer Security (TLS) encryption for secure websites.

New Webmail Features

Dropbox Integration

WorldClient users can save message attachments directly to their Dropbox accounts and attach files directly from Dropbox when composing a message.

More information on Dropbox integration:
How to set up Dropbox integration

Flexible Chat Client Options

WorldClient Instant Messenger now uses the XMPP protocol for instant messaging instead of WorldClient’s proprietary protocol. This gives users more chat client options (those that support XMPP), especially when wanting to use mobile chat clients to connect with MDaemon users on their desktop.

Message Scheduling

WorldClient users now have the option of sending a message at a later date and time. This feature is located under the Advanced button in the message compose window. Simply select the desired date and time in the new drop-down menus, and then click on Send. For more information on how to enable this feature, please see the MDaemon release notes.

Support for Multiple Email Signatures

WorldClient now supports multiple email signatures. This is useful in situations where a user has additional aliases for his account, such as sales@example.com, etc. A default signature can be assigned to the user’s primary email address and to each alias. When composing a message, users can use the default signature assigned to the email address (or alias) currently used, or choose from among their other signatures via the Advanced button in the message Compose window.

Easily Share Contacts with Other Email Clients

When using the LookOut or WorldClient themes, WorldClient users can now import vCards (.vcf files) into their default contacts folder. vCards enable users to send and receive contact information in a format that can be easily read in other email programs. A vCard may contain a contact’s name, title, phone number, email address, mailing address, and other information.

Enhanced Desktop Notifications

Desktop notifications are now available for WorldClient tasks and events. When a reminder is configured for an event or task, a pop-up window will display to alert the user.

Other Improvements

ActiveSync Corrupt Message Notifications notify administrators if a particular message cannot be processed.
The ActiveSync Migration Client now supports the ability to select which folder types to migrate.
A new content filter option has been added which will quarantine the entire message when it contains a restricted attachment.
The Retry Queue configuration screen has a new checkbox which enables sending of a “successful delivery” DSN (delivery status notification message) any time a message is delivered which has previously been delayed and placed in the retry queue for whatever reason.
Options have been added to the Outlook Connector centralised management for local cache filename and attachments directory.

If your license is current, you can upgrade to MDaemon 17 for free. You can check for MDaemon updates via the Help menu in MDasemon, or click here to visit the MDaemon purchase page.

Visit our Downloads page to download the latest MDeamon, or click here to read the release notes.

Spread the love

Happy New Year 2017

January 5, 2017 ~ Kevin Beatty ~ Leave a comment

2016 was an exciting year for Alt-N Technologies as it marked the 20^th anniversary of the MDaemon email server for Windows and our ongoing efforts to bring affordable, secure, and reliable email and email security software to the small-to-medium business segment. And as many of you know, a lot has changed in the last 20 years. One thing that hasn’t changed over the years is the ongoing threat of people trying to use email as the primary method to attack an organization or steal personal information.

Like any form of communication, it can be used for good or bad. Unfortunately, when email was initially developed, its creators didn’t anticipate the ways bad actors would exploit the technology through methods like phishing, hacking, and launching disabling applications like ransomware, Trojans, etc.

On this front, Alt-N will continue its efforts to improve the security and privacy of email with features like the ones we added in 2016, such as two-factor authentication, client and server-side encryption, and others.

2016 also reflected changes the industry continues to see in the area of deployment options. We saw some resellers and customers turning over the management of their email to MSPs (Managed Service Provider) or other third-party providers. The driver for this behavior varied by customer and industry but can be summarized by the desire to move hardware and software costs from capital expenditures (CAPex) to operational expenditures (OPex), with pros and cons to each approach. Alt-N worked with many existing and new channel partners to see MDaemon Private Cloud hosted email services introduced into new markets like Africa, Asia Pacific, and Latin America with continued growth in existing markets like North America and Europe.

With regards to hosted email services, we also received growing requests from direct customers asking Alt-N to manage their email. In response, Alt-N launched its own service using the MDaemon Private Cloud version of the software by introducing WorldClient Private Email for Business. With this new service offer, we have been able to meet the needs of direct customers who want us to manage their email, such as a 600-user customer who chose our service and support after having a large Office365 reseller attempt to convert them away from MDaemon!

For 2017, we will look for sales growth in new and emerging markets while working hard to earn and retain the loyalty and support of our existing customers. We will continue our efforts to add valuable features to MDaemon and SecurityGateway for Email Servers as those products remain the focus of our development efforts. We will be working on improving features that support cloud-based deployments while keeping a close eye on the needs of customers who want the control of on-premise and hybrid environments. And we will continue to look for new ways to enhance and bring value through our partnerships with complimentary vendors like MailStore, as well as seek out new technologies and vendors to make integration with our software simple and easy to use.

As we begin 2017, we want to express our sincere gratitude to those customers and channel partners who have helped Alt-N Technologies grow these past 20 years. We also look forward to earning the business of new customers and partners as we work toward a successful 2017.

As always, we invite you to tell us what you think by sending us your feedback. You can reach me directly at kevin(dot)beatty(at)altn(dot)com.

Happy New Year,

Kevin

Kevin Beatty
VP, Marketing & Business Development

Spread the love

2016 Year in Review

December 20, 2016 ~ Brad Wyro ~ Leave a comment

Well, another year is almost over, but over the past year, we’ve managed to pack in lots of new features and enhancements to our products, and thanks to people like you sharing your ideas with us via the Alt-N Idea Engine, or on our community forums, our development staff can have a direct dialog with customers. For 2016, we’ve added the following new features to MDaemon:

Two-factor authentication – Requires users to provide a verification code in addition to the username and password.
Spambot detection – When multiple messages claiming to come from the same sender are received from multiple IP addresses, a spambot is often the culprit. This feature helps keep those pesky Spambots from sending mail to your server.
XML API for complimentary applications – Allows third-party developers to integrate complimentary applications (such as CPanel, etc.) with MDaemon.
CardDAV support – Allows users to synchronize their contacts with their favorite mobile device or other mail client.
ActiveSync migration client – The ActiveSync migration client makes it easy to import data over from any other mail server that supports ActiveSync protocol version 14.1.
Third-party chat (XMPP) client – Users now have more options for chatting with their colleagues. In addition to the standard WorldClient Instant Messenger, users can now chat with their favorite XMPP client from their desktop or even their mobile device!
Automatic updates – With automatic updates, the administrator no longer has to manually check for new versions and install them. The automatic update feature will notify the postmaster when a new version is available. Updates can be automatically downloaded and installed at a designated time.
Centralized management of Outlook Connector settings – Outlook Connector settings can now be pushed out to users. All that’s needed is the email address and password. No more guessing at what to put in the other fields! We’ve updated our Outlook Connector Quick-Start guide to help you get started with this new functionality.

We also released SecurityGateway 4, which includes the following new features:

Enhanced anti-spoofing support with DMARC – DMARC allows domain owners to specify what actions to take for messages that don’t align with DKIM or SPF. This helps take out the guesswork on how to handle messages that may be spoofed.
Improved user interface for mobile devices – SecurityGateway’s web interface now scales to fit any screen size, so whether you’re using a mobile device or a PC, you’ll see a friendly, responsive interface that has been designed for the screen size you are using.
Send mail from each domain’s IP address – When you have more than one IP address on your server, each domain can be bound to a specific IP address. Mail from the domain will be sent from its assigned IP address.

We launched our blog over three years ago to provide another communication channel for our customers, to keep people updated on the latest email industry and security news, tips, product releases, and more. For 2016, we’ve compiled a list of the ten blog posts that generated the most interest. With email security featured prominently in the news over the last year, it comes as no surprise that the topics that generated the most interest revolve around email security and privacy.

Here are the top ten blog posts from 2016:

Need a quick video lesson on a particular feature? This year, we also added all of our eLearning videos for MDaemon and SecurityGateway to our YouTube channel.

While 2016 is almost over, our development staff is already hard at work to bring you new & exciting features for 2017, so check back often for the latest updates!

Spread the love