Avoid Business Email Compromise and CEO Fraud Attacks with these 10 Best Practices to Protect Your Business

Top 10 Business Email Compromise Protection TipsIn part one of our three-part series on Business Email Compromise (BEC), I explained what a BEC attack is and provided examples and statistics. As you’ll recall from the examples discussed, businesses have suffered staggering losses to these attacks, and while users are becoming more aware of them, their own human nature dictates that these threats will continue. In fact, a recent report by Get Safe Online indicated that over a third (37%) of employees don’t know what to look for to identify common email scams. The report also stated that one in 20 email fraud victims were so ashamed that they hid their mistakes from their colleagues.

In part two, I discussed the following 4 steps cybercriminals take to conduct a BEC attack.

  1. Identify the target victim
  2. Grooming
  3. Exchange of information
  4. Payment

Businesses can make Step 1 more difficult by carefully crafting and monitoring online content such as company websites, LinkedIn profiles and other publicly available information, but as long as employees can be influenced by excessive trust, intimidation, or simply lack of awareness, businesses will need to implement additional preventive measures to avoid potentially devastating losses. After all, once a credible target has been identified, the best defense is a well-informed workforce.

Top 10 Business Email Compromise  Protection Tips

  1. Train Users to recognize these Common Impersonation Tactics used by Cybercriminals

Domain Name Spoofing – Domain name spoofing involves either spoofing the sender’s “Mail From”  to match the recipient’s domain in the message envelope, or using a legitimate domain in the “Mail From” value but using a spoofed “Reply-To” domain in the message header.

Here is an example that has been spoofed to look like it was sent from HSBC Bank:

Domain Name SpoofingA quick examination of the message headers reveals a return-path address that is not associated with the From address. A reply to this message would go to frank.thomas@example.com.

Domain Name Spoofing

 

 

 

 

 

 

 

Display Name Spoofing – Most BEC attacks use this technique. With display name spoofing, the attacker will register a free email account that may contain the name of a company executive. The attacker would then configure the display name to match your CEO or some other executive, and then send phishing messages from this account. This technique works because recipients often only look at the display name and not the actual email address. In fact, many email clients (particularly on mobile devices) will only show the display name when viewing the message, making it easier to hide the sender’s real identity. Because the sender’s email address is not forged, messages using this spoofing technique are often more difficult to block than those using domain name spoofing, where the addition of three DNS records (DKIM, SPF and DMARC) have been shown to be more effective at blocking spoofed emails.

Here is an example showing a spoofed display name of HSBC Bank. To help users identify suspect emails, MDaemon Webmail has a handy security feature that displays the actual sender address as well as the display name.

Display Name Spoofing
Display Name Spoofing

Lookalike Domain Spoofing – Lookalike domain name spoofing involves registering fake domains that contain characters that look similar to others and sending phishing emails from them in an attempt to trick the recipient into thinking the message is from a legitimate domain.  An example would be using an upper-case I in place of a lower-case L.

Business Email Compromise email using lookalike domain
Business Email Compromise email using lookalike domain

Compromised Email Account – Another common tactic is the use of legitimate email accounts that have been compromised through malware or social engineering to steal data or funds.

  1. Secure your domain

Register domain names similar to yours to protect against lookalike domain spoofing.

  1. Don’t over-share on social media

Be careful what you post on social media, especially job titles and responsibilities, corporate structure information, and out-of-office details.

  1. Use SPF, DKIM and DMARC

Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC) are anti-spoofing and email authentication techniques that use DNS records to validate the sender of an email. Make sure your domain has valid SPF, DKIM and DMARC records, and make sure your mail server/provider is analyzing all inbound email traffic using these tools. For more information, refer to this blog post.

  1. Use two-factor authentication

With two-factor authentication, users must provide two forms of authentication – a password and another form of verification such as a unique verification code or a fingerprint. Two-factor authentication is discussed further in this blog post.

  1. Use strong password policies

Use strong passwords and require regular password changes. Strong passwords must meet the following criteria:

  • Must meet a minimum length requirement.
  • Must contain both letters and numbers.
  • Must contain both upper and lower case letters.
  • May not contain the account mailbox or full name data.
  • Never use commonly guessed passwords such as Password1 or Letmein.
  1. Don’t trust unknown sources

Never open emails, click on links, or download files from unknown senders. To help users verify the identity of a message sender, MDaemon Webmail displays the full email header in addition to the display name.

  1. Establish strict processes for wire transfers

You may recall from my previous post that cybercriminals have been known to target all parties in a real estate transaction. If you receive a request to change the payment type or the original recipient’s financial information, be sure to verify the information through already-established channels of communication.

Before responding to wire transfer requests, verify the identity of approved vendors and the authenticity of their invoices. Confirm in person or by phone using previously known numbers. Don’t trust the phone number on the invoice.

  1. Provide regular end-user training

User education must be reinforced on a regular basis for stronger awareness. Every employee who uses email should know how to recognize a spoofed email or a phishing attempt.

  1. Run antivirus software often

Make sure your antivirus software is up-to-date and run it regularly.

While traditional security measures such as network defenses and email gateways can be effective at blocking most varieties of spam, the bottom line is that user awareness and education are critical to avoid falling victim to BEC attacks.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Four-Step Swindle: The Anatomy of a Business Email Compromise Attack

This week, we continue our series on Business Email Compromise. Click here to read Part 1, which includes an overview and various statistics on this growing threat.

It takes time and effort to launch a successful Business Email Compromise (BEC) attack. In a typical attack, several messages are exchanged in an attempt to convince the target to authorize large payments to the attacker’s bank account. From start to finish, the steps involved in a BEC attack consist of identifying a target, grooming, exchanging information, and finally, transfer of funds.

Let’s go over these four steps in detail.

Step 1 – Identify the Target Victim

Step 1 – Identify the Target Victim The first step in a BEC attack may be the most time-consuming. During this step, a criminal organization researches the victim to develop an accurate profile of the company. Through publicly available information, attackers look for the names and positions of company executives, especially those on the finance team. They scour social media, online articles, and anything else that will provide specific details about the company and its employees. Scammers who are able to infiltrate a company’s network with malware may spend weeks or months monitoring information on the company’s vendors, billing and payment systems, and employee vacation schedules. They have also been known to monitor the executive’s writing style in order to craft a convincing email using a spoofed email address or lookalike domain claiming to come from the CEO.

Step 2 – Grooming

Phishing - Business Email CompromiseArmed with the information obtained in Step 1, the scammer moves on to Step 2. During this step, the scammer uses spear-phishing, phone calls or other social engineering tactics to target employees with access to company finances. The grooming phase often takes several days of back and forth communication in order to build up trust. During this phase, the scammer may impersonate the CEO or another company executive and use his or her authority to pressure the employee to act quickly.

Here is an example sent to one of our Finance executives in which the sender used display name spoofing to spoof the name of our CEO. Cybercriminals will often use a free email address (notice the comcast.net domain), which can be easy to miss if you’re using a mobile device or some other client that doesn’t display the full email header.

Spear-phishing with Spoofed Display Name
Spear-phishing with Spoofed Display Name

 

 

 

 

 

 

 

 

Step 3 – Exchange of Information

phishing back accountDuring step 3, the victim is convinced that he is conducting a legitimate business transaction, and is then provided with wire transfer instructions.

Step 4 – Payment

And finally, funds are transferred and deposited into a bank account controlled by the criminal organization.Business Email Compromise bank transfer

What to Do if You Are a Victim

If you’ve suffered losses due to Business Email Compromise schemes, it is important to act quickly.

  • Contact your financial institution immediately.
  • Request your financial institution contact the institution that received the fraudulent funds.
  • Contact your local FBI office and report the incident.
  • File a complaint with the FBI’s Internet Crime Complaint Center (IC3).

You can find more detailed instructions in the FBI’s Public Service Announcement.

Want to learn more about how to protect yourself from Business Email Compromise scams? In Part 3, we’ll go over a few best practices, so check back soon!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Alt-N Technologies is Renamed MDaemon Technologies

New Name to Leverage Global Brand Equity of Company’s Flagship Email Server

Grapevine, TX (USA) January 2, 2018 Alt-N Technologies announced today that, effective immediately, the Company’s legal name will be MDaemon Technologies, and that it will begin doing business under the new company name.

“We are adopting the new name to better leverage the brand equity and recognition we have built over the many years with our trusted email server,” said Jerry Donald, CEO of MDaemon Technologies. “The new name will consolidate our brand and align the company around a globally recognized name.”

With the name change also brings a new tag line: “Simple Secure Email. This tag line summarizes the value many of the Company’s global customers and partners have expressed over the years and is synonymous with the attributes that have made MDaemon a popular email server with many IT professionals and resellers.

More information about the name change can be found by visiting the MDaemon Technologies Blog.

About MDaemon Technologies

MDaemon Technologies develops email and email security software for the global small and medium enterprise business market. Founded in 1996, its products are trusted by organizations in over 140 countries and 25 languages. The company’s flagship products, MDaemon Messaging Server and SecurityGateway for Email Servers can be deployed in virtual, hosted cloud or private on-premise environments. The company’s products include the latest security technologies and require minimal support and administration to operate and maintain. The company uses a network of global distributors and resellers for the sale and support of its products.

###

Media Contact:
Kevin Beatty
MDaemon Technologies
(817) 601-3222 x214
kevin.beatty@mdaemon.com
www.mdaemon.com

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Is spam being sent out from a local machine on your network? Follow these steps to track down a spambot.

Has this happened to you? Let’s say you’re the MDaemon administrator for your company, and you’ve noticed that somewhere, somehow, spam messages are being sent from within your network. Perhaps one of your PCs has been compromised. What do you do? Here are some tips to help you track the issue down.

First, make sure you have the option “Authentication is always required when mail is from local accounts” enabled (Security | Security Settings | SMTP Authentication). Also enable “Credentials used must match those of the return-path address” and “Credentials used must match those of the From header address.” Then, make sure “…unless message is sent to a local account” is unchecked to prevent intra-domain spam (between local domain users).

SMTP Authentication in MDaemeon
Make sure the appropriate boxes are checked to require SMTP authentication

Next, find out if the spam messages are coming in from an authenticated session. To do this, locate one of the spam messages & open it up in Notepad to view its headers (or you can open it in Queue & Statistics Manager). Does the message have an X-Authenticated-Sender header? It will look something like this:

X-Authenticated-Sender: SpammerUser@example.com

If this header is present, then that is the user who authenticated to send the message. The first thing you should do in this case is to change the account’s password via the Accounts menu in MDaemon. Even if the spamming is going through the user’s mail client, until you give the user the new password and they update their mail client the authentication credentials will be rejected and the spamming will be temporarily stopped.

In newer versions of MDaemon, we’ve added Account Hijack Detection, which will automatically disable an account if it sends a specified number of outbound messages via an authenticated session in a given period of time. We recommend enabling this feature. In MDaemon, it’s located under Security | Security Settings | Screening | Hijack Detection.

Account Hijack Detection
Account Hijack Detection

The next step is to look at the Received headers. Find the one where the message was received by your server. Here is an example of what this header would look like:

Received from computer1 (computer1@example.com (192.198.1.121) by example.com (MDaemon PRO v17) with ESMTP id md50000000001.msg for <UserWhoWasSpammed@example.com >, Fri, 13 Sep 2016 21:00:00 -0800

Find the connecting IP (192.198.1.121) in the above example. This is the machine that is sending out spam. Locate that machine to deal directly with the spambot on that machine.

If the message wasn’t authenticated or wasn’t sent from your local network, locate the Message-ID header and copy that value.

Message-ID: <123.xyx.someone@example.net>

Then open the MDaemon SMTP-IN log that covers the time when that message was received by MDaemon (based on the timestamp in the received header) and search for that Message-ID in the log (in the 250 response line when the message is accepted):

Thu 2016-09-12 20:00:00: –> 250 Ok, message saved <Message-ID: <123.xyx.someone@example.net>>

Look at the rest of transaction and see why the message was accepted/not rejected – spam score, DNSBLs, etc.

Also, if your external domain is listed in the Trusted Hosts list (Security | Security Settings | Trusted Hosts), try removing it from this list.

Check back often for more tips & tricks!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Easy Backup & Recovery with MDaemon

MDaemon’s user-friendly flat-file structure makes it easy to backup and recover your email messages, user accounts, security settings, and any other data stored in MDaemon. No extra Windows components or third-party applications are required, and you won’t have to navigate through any confusing dialog boxes to backup & recover your data. Backing up and restoring MDaemon is as easy as drag & drop. All you would need to do is map a drive letter from the MDaemon server to another drive on your network, then drag over the files you want to back up.

In this example, we’ve backed up our users’ email directories, our configuration files, and our mail queues.

MDaemon Backup FoldersIf you’ve accidentally deleted users, you can simply restore the Userlist.dat file, located in the MDaemon/App directory. In this example, let’s assume user01, user02 and user03 were all deleted.

MDaemon Users DeletedSimply drag the userlist.dat file from your backup back to the MDaemon/App directory, as shown here.

Userlist drag & dropAnd if email messages were deleted, they can easily be restored as well. Email messages are stored within the Users directory under the specific domain and user. Simply drag the .msg files from the backup to the User’s folder on the MDaemon server.

Restoring Email MessagesYou can do a lot more with MDaemon’s file structure, including restoring a user’s contacts when they were accidentally deleted, moving public folders, and much more.

Click here to learn more about MDaemon’s file structure.

If you’re new to MDaemon, visit our MDaemon product page to learn more!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Follow These 13 Tips to Avoid Being Blacklisted

Tips to Avoid Being BlacklistedWith the prevalence of spam circulating the globe in massive amounts, it becomes increasingly important for administrators to understand the potential causes of their IP address ending up on a blacklist. Spammers employ all kinds of tricks to try to send out as many spam messages as possible without revealing their identities. They do this through various techniques such as social engineering, employing malware, botnets, forging of message headers, and exploiting weaknesses in email systems or network infrastructures. For the spammer, it’s basically a numbers game. It costs next to nothing to send out thousands of spam messages, and if even a small handful of people click on a link or purchase a product advertised in a spam message, the spammer can profit. If your email infrastructure is not properly secured, then you risk being infected with malware and becoming part of a spam botnet. Even if your server is not infected with malware, if your firewall and mail server security settings are not configured properly, your IP address could wind up on a blacklist. To protect yourself from being blacklisted, consider the following recommendations:

  • Require strong passwords – It is common for spammers to perform dictionary attacks on mail servers. A dictionary attack uses a large list of words that are commonly used as passwords to try to guess a password and take over an account. To combat this, your users should always use strong passwords. Passwords such as “password1” should be avoided. Users should use passwords that contain both uppercase and lowercase letters, numbers, and symbols. In MDaemon, you can require strong passwords via the Accounts | Account Settings | Passwords menu.
  • Require SMTP Authentication – We recommend requiring all users to use SMTP authentication. In MDaemon, go to Security | Security Settings | Sender Authentication | SMTP Authentication. Then, check the box “Authentication is always required when mail is from local accounts.” Make sure “…unless message is to a local account” is unchecked. In SecurityGateway, these settings can be found under Security | Anti-Abuse | SMTP Authentication.
  • Do not allow relaying – Relaying occurs when mail that is neither to nor from a local account is sent through your mail server. It is very common for spammers to exploit open relays; therefore, you should ensure that your server does not relay mail. In MDaemon, go to Security | Security Settings | Relay Control, and check the following three boxes:

–          Do not allow message relaying

–          SMTP MAIL address must exist if it uses a local domain

–          SMTP RCPT address must exist if it uses a local domain

We do not recommend checking the exclusion boxes on this screen.

In SecurityGateway, these settings can be found at Security | Anti-Abuse | Relay Control.

  • Make sure you have a valid PTR record that matches your outbound public IP to your mail server name or fully qualified domain name or FQDN (mail.example.com). Your ISP can create this record for you. A PTR record allows receiving servers to perform a reverse DNS lookup on the connecting IP address to verify that the server name is actually associated with the IP address from where the connection was initiated.
  • Set up an SPF record – SPF (Sender Policy Framework) is an anti-spoofing technique that determines if an incoming email from a domain was sent from a host that is authorized to send mail for that domain. This is basically the opposite of an MX record, which specifies hosts that are authorized to receive mail for a domain.
  • Configure the IP Shield – IP Shielding is a security feature that allows you to specify IP addresses or IP address ranges that are allowed to send mail for a particular domain.  You should configure your IP shield to only accept mail from your local domain if it came from an authorized IP address (such as one on your local network). This feature can be found under Security | Security Settings | IP Shield. For your users who may be sending email from outside of your network, you can configure exceptions by checking the box “Don’t apply IP Shield to authenticated sessions.” In SecurityGateway, the IP shield can be found under Security | Anti-Abuse | IP Shielding.
  • Enable SSL – SSL (Secure Sockets Layer) is a method for encrypting the connection between a mail client and the server. In MDaemon, go to Security | Security Settings | SSL & TLS. Click on MDaemon, and check the box “Enable SSL, STARTTLS, and STLS.” Also, make sure you have a valid certificate in the blank below. More information on configuring SSL can be found in this knowledge base article:
    http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-02305

Make sure all mail clients are communicating with the mail server over the SSL ports (587 – MSA, 465 – SMTP, 995 – POP or 993 – IMAP).

In SecurityGateway, these settings can be found under Setup/Users | System | Encryption.

  • Enable Account Hijack Detection – The account hijack detection feature can be used to limit the number of messages an account can send in a given period of time. This feature applies to authenticated sessions only, and is used to prevent a compromised account from being used to send out massive amounts of spam and risk getting your server blacklisted. In MDaemon, this setting can be found under Security | Security Settings | Screening | Hijack Detection. In SecurityGateway, it can be found under Security | Anti-Abuse | Account Hijack Detection.
  • Enable Dynamic Screening – Similar to account hijack detection, dynamic screening can be used to block connections from IP addresses based on the behavior of activity coming from those IPs. For example, dynamic screening can be used to block connections from IPs that fail a specified number of authentication attempts, or IPs that try to connect a specified number of times in a given period of time. In MDaemon, this feature can be found under Security | Security Settings | Screening. In SecurityGateway, it can be found under Security | Anti-Abuse | Dynamic Screening.
  • Sign Messages with DKIM – DomainKeys Identified Mail (DKIM) helps protect email users against email address identity theft and email message content tampering. It does this by providing positive identification of the signer’s identity along with an encrypted “hash” of the message content.  With DKIM, a private & public key are created. The public key is published to the signing domain’s DNS records, and outbound messages are signed with the private key. The receiving server can then read this key from the DKIM-Signature header of the message, and then compare it with the public key in the sending domain’s DNS records. For more information on DKIM signing in MDaemon, please see the following knowledge base article: http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-02577. In SecurityGateway, these settings are located at Security | Anti-Spoofing | DKIM Signing.
  • Trusted Hosts & Trusted IPs – Make sure only hosts or IPs that you trust are listed on the Trusted Hosts and Trusted IPs screens. Trusted Hosts and trusted IPs are exempt from various security settings, so if any IPs or hosts that you do not completely trust are listed, your server may become vulnerable to relaying and sending out spam. In MDaemon, this feature is located under Security | Security Settings.
  • Block port 25 outbound on your network – Configure your firewall to only allow outbound connections on port 25 from your mail server or spam filter appliance. No other computers on your network should be allowed to send outbound data on port 25. If you suspect that you have a device on your network that is sending out spam over port 25, then see my post “Tracking Down a Spambot” for more information.
  • Configure your firewall to log all outbound activity on port 25 from all machines on your network – to help track down any machines that may be relaying mail.
  • Use a static IP– Various problems can arise from using a dynamic IP on your mail server. If the server loses its internet connection, then comes back online with a different IP address, your DNS records will still point to the old IP address. If another computer gets your old IP address, then other problems can arise. For example, if the computer has a properly configured MTA on port 25, then your mail would be bounced. If the computer has an open relay MTA on port 25, then your mail will be relayed by this machine. If the machine is on a blacklist, your mail will be lost. For these reasons, we recommend using a static IP on the mail server.

If you follow these recommendations, your chances of being blacklisted are greatly reduced.  These practices will help ensure that you are not relaying mail, that your communications are encrypted, that users are authenticated, and that spambots have not been able to send out mail from your network.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

SSL & TLS Best Practices

You may have heard the terms SSL and TLS, but do you know what they are and how they’re different?

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are methods of securing (encrypting) the connection between a mail client and mail server (Outlook and MDaemon, for example) or between mail servers (MDaemon and another mail server, for example). They are also methods for securing communications between websites and your browser. In this post, we’ll focus on its uses for encrypting email connections.

Without SSL or TLS, data sent between mail clients and servers would be sent in plain text. This potentially opens up your business to theft of confidential information, credentials being stolen and accounts being used to send spam. SSL and TLS can be used to help protect that data. SSL and TLS allow users to securely transmit sensitive information such as social security numbers, credit card numbers, or medical information via email.

How do SSL and TLS work?

In order to use SSL or TLS, you’ll need an SSL certificate to establish an SSL/TLS connection. SSL certificates use a key pair (a public and private key) to establish a secure connection. When a mail client or server wants to connect to another server using SSL, an SSL connection is established using what’s known as an “SSL handshake.” During this process, three keys are used to establish an SSL connection – a public key, a private key, and a session key. Data encrypted with the public key can only be decrypted with the corresponding private key, and vice-versa. Encryption via the public & private keys only takes place during the SSL handshake to create a symmetric session key. Once the secure connection is made, all transmitted data is encrypted with the session key.

This diagram provides a simplified overview of how an SSL connection is established.

How SSL & TLS workBoth SSL and TLS protect data privacy through data-in-motion encryption, provide server-side and (optionally) client-side encryption of the communication channel, and help ensure message integrity.

POP, IMAP and SMTP traffic are transmitted over designated ports. By default, IMAP uses port 143, POP uses port 110, and SMTP uses port 25. IMAP over SSL/TLS uses port 993. POP over SSL/TLS uses port 995, and SMTP over SSL/TLS uses port 465. For SSL to take place over these connection types, the mail client and mail server must both be configured to use the proper ports, and a valid SSL certificate must be installed on the server.

What are the Differences between SSL and TLS?

So what are the differences between SSL and TLS? TLS is the successor to SSL. It was introduced in 1999 as an upgrade to SSL 3.0, so TLS 1.0 is most similar to SSL 3.0 & is sometimes referred to as SSL 3.1, though TLS is not compatible with SSL 3.0. The version numbers for SSL are 1.0, 2.0 and 3.0, while TLS uses a different numbering pattern – 1.0, 1.1, 1.2.

Because TLS is incompatible with SSL 3.0, the client and server must agree on which protocol to use. This is accomplished via what’s known as a “handshake.” If TLS cannot be used, the connection may fall back to SSL 3.0.

Without getting too technical (there are plenty of online resources that explain the technical differences between SSL and TLS), here are some of the differences between SSL and TLS:

TLS has more alert descriptions – When a problem is encountered with an SSL or TLS connection, the party who encountered the problem would send an alert message.

SSL had the following 12 alert messages:

  • Close Notify
  • Unexpected Message
  • Bad Record MAC
  • Decompression Failure
  • Handshake Failure
  • No Certificate
  • Bad Certificate
  • Unsupported Certificate
  • Certificate Revoked
  • Certificate Expired
  • Certificate Unknown
  • Illegal Parameter

TLS has the following additional alert messages:

  • Decryption Failed
  • Record Overflow
  • Unknown CA (Certificate Authority)
  • Access Denied
  • Decode Error
  • Decrypt Error
  • Export Restriction
  • Protocol Version
  • Insufficient Security
  • Internal Error
  • User Canceled
  • No Renegotiation
  • Unsupported Extension
  • Certificate Unobtainable
  • Unrecognized Name
  • Bad Certificate Status Response
  • Bad Certificate Hash Value
  • Unknown PSK
  • No Application Protocol

TLS uses HMAC for message authentication – SSL verifies message integrity (to determine whether a message has been altered) using Message Authentication Codes (MACs) that use either MD5 or SHA. TLS, on the other hand, uses HMAC, allowing it to work with a wider variety of hash functions – not just MD5 and SHA.

TLS uses a different set of cipher suites.

A cipher suite is basically a combination of authentication, encryption, message authentication code (MAC) and key exchange algorithms used to negotiate security settings for a network connection. More information can be found here: https://en.wikipedia.org/wiki/Cipher_suite

Why are SSL and TLS Important?

Businesses have a responsibility to protect financial data such as credit card information, and consumer records such as names, addresses, phone numbers, and medical information. Without some form of encryption, whether via an encrypted connection using SSL & TLS, or by encrypting the message itself using Virtru or OpenPGP, sensitive data may be vulnerable to hackers & other forms of unauthorized access.

Which method is recommended?

SSL 3.0 suffers from a well-known vulnerability called the POODLE vulnerability. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. Click here for a thorough overview of this vulnerability and recommended actions.  One workaround recommended in the overview is to completely disable the SSL 3.0 protocol on the mail client and server. This might not be practical, as it may affect legacy systems that are still using SSL 3.0.

We recommend using TLS whenever possible. TLS 1.2 is currently the best version for security, but it is not yet universally supported. TLS 1.1+ support was not added until Windows 7 and Server 2008 R2, in 2009.

The encryption protocol and cipher used by MDaemon and SecurityGateway depend on the operating system and can be configured via the registry. You can use the free IIS Crypto tool to set the appropriate registry keys. More information can be found here:
https://www.nartac.com/Products/IISCrypto

I hope this information helps clarify any questions about SSL and TLS, and which encryption method is recommended. As always, if you have questions or comments, let us know!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Is Slow Outlook Performance Making you Pull Your Hair Out?

If you’ve used Microsoft Outlook for an extended period of time, you may have noticed that it doesn’t run quite as smoothly as it used to. Outlook’s performance is affected by many things, including the amount of data it has to keep track of, any add-ons that are installed, how often it checks for new mail (checking more frequently can improve performance), and various other factors. Whether you use POP, IMAP, ActiveSync or Outlook Connector, you can perform various tasks to improve Outlook’s performance. Follow the steps outlined below to keep Outlook running like a well-oiled machine.

Outlook Connector Users

Compact the Outlook Connector Local Cache File

Unlike POP, which stores data in a PST file, Outlook Connector stores a local copy of account data in a local cache file. If you are using Outlook Connector, you can compact the local cache file to improve performance. Follow these steps to compact the local cache file:

  1. Make sure Outlook is shut down, and navigate to the Windows control panel.
  2. Click on the Mail control panel.
  3. Click on Email Accounts.
  4. Double-click on your Outlook Connector account.
  5. Click on the Database Management tab.
  6. Locate the Purge Database section and click on the Purge button.
  7. Locate the Compact Database section, and click on the Compact button. You can also check “Compact database on Outlook shutdown” to compact the database each time Outlook is shut down.
Outlook Connector Options
Outlook Connector Options

NOTE: Outlook Connector includes the option “Download Headers Only” under the Send/Receive tab of the Outlook Connector Client configuration screen. When this option is enabled, Outlook only downloads the information needed to show messages in the message list, and not the full content of each message. When you click on a message, the rest of the message is downloaded for viewing. Users may experience a slight delay in viewing messages in the preview pane when “Download Headers Only” is enabled because Outlook has to download the rest of the message when it is selected. If messages are show to appear in the preview pane or when viewing, try disabling “Download headers only.”

Please see the Outlook Connector for MDaemon – Guidelines page at www.altn.com for more information on getting the best performance out of Outlook Connector.

POP, IMAP, ActiveSync or Outlook Connector Users

Perform Regular Housekeeping

Performing the following housekeeping tasks regularly will help minimize the amount of data that Outlook must process, and will reduce the amount of memory used by the program.

We recommend performing these housekeeping tasks regularly:

  • Delete any email messages, calendar items, and contacts that are no longer needed.
  • Empty the Deleted Items folder by right-clicking it and selecting Empty Folder.
  • Delete unwanted items from the Sent Items folder.
  • Move items out of the Inbox to other mail folders.
  • Archive old messages. Mail server administrators can implement a server-wide archiving solution such as MailStore to help cut down on the amount of data stored in user mailboxes.

Disable Add-Ins

Having too many Outlook add-ins can bog down Outlook’s performance. When Outlook is installed for the first time, it comes with its own set of add-ins. Not all of these add-ins will be activated, and there may be add-ins enabled that you don’t need. Here is a list of default Outlook add-ins:

  • Business Connectivity Services Add-in
  • Microsoft Exchange Add-in
  • Microsoft Outlook Social Connector / Outlook Social Connector 2013
  • Microsoft SharePoint Server Colleague Import Add-In
  • Microsoft Exchange Unified Messaging
  • OneNote Notes about Outlook Items
  • Microsoft Access Outlook Add-In for Data Collection and Publishing
  • Microsoft VBA for Outlook Add-in
  • Windows Search Email Indexer

This page contains a List of all default Outlook Add-ins, plus other add-ins you might encounter.

In addition, other third-party applications can add their own Outlook add-ins. Fortunately, it’s easy to disable unwanted add-ins.

In Outlook 2007: Go to Tools | Trust Center | Add-ins. In the Manage drop-down list, select which add-ins you’d like to disable. Press Go, and make your changes.

In Outlook 2010, 2013 and 2016: Go to File | Options | Add-ins. Locate the Manage drop-down menu at the bottom, and select Com Add-ins, then click on Go. To disable specific add-ins, simply un-check the items you don’t need, and click on OK. You can also use the Remove button to remove selected items completely. For some add-ins, you may need to restart Outlook for your changes to take effect.

Disable Outlook Add-Ins
Disable Outlook Add-Ins

Disable RSS Feeds

If you have a lot of RSS feeds that are synchronized with Outlook, these syncing tasks could bring Outlook to a crawl. If you aren’t using Outlook as an RSS reader, you can disable this feature from Outlook by following these steps:

In Outlook 2007: Go to Tools | Options. Select the Other tab, and then click on Advanced Options. Then, uncheck both options under RSS Feeds.

In Outlook 2010 / 2013 / 2016: Go to File | Options. Click on the Advanced button in the left-hand navigation menu. Under the RSS Feeds section, uncheck both options.

Disable RSS in Outlook
Disabling RSS in Outlook

Adjusting the Send/Receive Frequency

Adjusting Outlook’s Send/Receive schedule can often improve performance. If email messages are slow showing up in your Inbox, you can configure Outlook to send/receive messages more frequently so that it doesn’t have to download as much data each time it checks for new messages. If your send/receive schedule is set to check less-frequently, say, every 30 minutes, try changing it to send/receive every 3 minutes.

Outlook 2010, 2013 and 2016 users can find this setting via File | Options | Advanced. Locate the Send/Receive section and click on the Send/Receive button. Then, under Send/Receive Groups |  All Accounts, adjust the timing for “Schedule an automatic send/receive every…” as shown here:

Outlook Send Receive Schedule
Outlook Send Receive Schedule

POP, IMAP & ActiveSync Users

Compact or Repair PST Files

PST files can be another source of Outlook sluggishness. You can help improve Outlook’s performance by:

  • Using multiple PST files.
  • Keeping attachments out of PST files.
  • Compacting PST files.

To compact a PST file in Outlook 2010, 2013 and 2016:

  • Delete any items you no longer need, and then empty the Deleted Items folder.
  • Click on the File tab on the ribbon, and then select the Info tab.
  • Click on Account Settings, and then click on Account Settings again.
  • Click on the Data Files tab.
  • Select your PST file in the list, and then click on Settings.
  • On the General tab, click on Compact Now.
  • Click on OK and Close.

    Compacting a PST in Outlook
    Compacting a PST in Outlook

To compact a PST file in Outlook 2007:

  • Delete any items you no longer need, and then empty the Deleted Items folder.
  • Navigate to Tools | Account Settings.
  • Select your desired account, and then click on Change.
  • Click on More Settings.
  • On the Advanced tab, click on Offline Folder File Settings.
  • Click on Compact Now.

Sometimes, your PST files can develop errors or data inconsistencies, resulting in unexpected behavior in Outlook. When you suspect that there’s an issue with the integrity of your PST file, you can run Scanpst.exe to repair your PST files.

Scanpst can be tricky to locate. By default, you should be able to find it in the Program Files | Microsoft Office | Office14 folder, but you may need to perform a search if you can’t find it in its default location. This location may vary depending on which version of Outlook you are using. You may also want to create a shortcut to this file on your desktop for easier access.

Before using this tool, we recommend making a backup copy of your PST file in case any errors or file corruptions occur to the original file. This shouldn’t be an issue, however, because if Scanpst finds any errors, it will prompt you to make a backup before attempting to repair the file.

Keep Windows Up-to-Date

Microsoft periodically releases Windows updates and service packs. Having the latest updates and service packs can help improve your computer’s overall performance as well as Outlook’s performance.

Conclusion

Nobody should have to put up with sluggish Outlook performance. Following the above suggestions will help ensure that you spend less time waiting for things to happen, and more time making things happen!

UPDATE: This information can now be found in our new how-to guide on improving Outlook Performance, located on our Literature page. Click here to download the PDF.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Are You Receiving Replies to Messages you Never Sent?

Image "Return to Sender"

Have you ever logged into your email to find tons of bounce-back messages (out-of-office replies, NDR messages, invalid recipient messages) in response to messages you never sent? For many users, their first thought is that they need to change their email password. However, changing your email password will not prevent this. Why? Because what you are receiving is known as backscatter, and has nothing to do with your email account being hacked.

Spammers often forge the return-path in their outbound messages to cover up their true identity. If the forged address in these spam messages was your address, then you are likely to receive the bounce-back messages and auto-responders in response to these messages.

So how do you prevent this? MDaemon includes Backscatter Protection. Backscatter Protection works by adding a special key to the return-path of all outbound mail. When MDaemon receives an out-of-office reply or non-delivery message, it looks for that special key. If the key is missing, then we know the bounce-back message is not legitimate and can be discarded.

When Backscatter Protection is disabled, the return-path of a message looks like this:
X-Return-Path: frank.thomas@example.com

When Backscatter Protection is enabled, an extra series of characters beginning with prvs= is added to the return path – like this:
X-Return-Path: prvs=163898ff65=frank.thomas@example.com

It is this extra series of characters that the Backscatter Protection feature looks for in bounce-back messages.

Check out the following video to learn more about Backscatter Protection and how to enable it in MDaemon. If you have questions, please feel free to leave us a comment & let us know!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •