Most of us don’t wake up thinking about email, but without it, business communications would be set back at least 20 years. We rely on email for many basic business functions, so we want email management features that simplify communications & make collaboration easier and more efficient.
With MDaemon Webmail, users can perform a variety of tasks via the Options menu. But, following the theme of making things easier, did you know you can perform many of these same tasks with the click of the right mouse button without leaving your Inbox?
On Monday, May 14th, the Electronic Frontier Foundation (EFF) reported that European researchers had discovered core problems and commonplace implementation flaws in the S/MIME and OpenPGP protocol specifications. The vulnerability, which the researchers have described as EFAIL, can reportedly expose the content of encrypted emails (even messages sent in the past) to be viewed. The EFAIL vulnerability affects many email clients that use S/MIME and OpenPGP. There is a list of email clients with vulnerabilities by protocol in an article posted at thehackernews.com.
It’s very important to understand that to be at risk for this vulnerability, attackers would need access to your emails. This means that your email system has been compromised by an attacker who has access to the encrypted emails through tactics such as eavesdropping on network traffic (also known as a man-in-the-middle (MITM) attack), compromised email accounts, access to email servers, backup systems or client computers, usually achieved through social engineering attacks, such as Phishing and other tactics.
We have checked our own web-based email client (MDaemon Webmail) and our MDaemon OpenPGP-based encryption feature. Our results show that MDaemon Webmail is not vulnerable. However, the MDaemon email server OpenPGP feature is partially vulnerable to one implementation flaw. We have released a patch for affected versions of MDaemon email software, which can be found here. The current version of the MDaemon email server, v18.0.1, includes this fix.
A Reminder on the Best Email Security Practices
This latest issue should remind us all about the importance of email security practices as a whole. Implementing strong passwords, two-factor authentication, location screening, SSL/TLS, SMTP AUTH, IP Shielding, dynamic screening, freezing accounts after failed authentication attempts, all play a role in helping to keep your accounts and your email safe. You can review a list of email security features in MDaemon here.
If you’ve implemented security to help protect malicious people from accessing your email accounts, then you are less likely to have an account compromised and you will be better protected against these types of attacks and vulnerabilities.
While the researchers go into some depth to expose issues deep within the S/MIME and OpenPGP specification documents, these encryption protocols may need specification changes to address the longer-term issues mentioned in the initial report. MDaemon Technologies will continue to monitor this issue.
We have provided links to past blog posts that cover a number of email security topics to provide additional information:
Whether you work in healthcare, finance, education, or another highly regulated industry, it’s likely that you’re required to meet increasingly stringent regulations on email security and privacy, such as the General Data Protection Regulation (GDPR). But even if these strict requirements do not apply to your industry, you still want to maintain customer trust by ensuring their confidential data is safe.
To address these concerns, MDaemon offers email encryption using OpenPGP.
In the past, implementations of OpenPGP have been cumbersome, requiring users to manually exchange encryption keys or to take complex steps to send encrypted messages. With MDaemon, in addition to providing various ways to automate the encryption key exchange and server-side encryption processes, MDaemon Webmail users can easily enable per-message encryption right from within the message compose window.
Here’s a quick video to demonstrate how easy it is to encrypt messages in MDaemon Webmail.
MDaemon’s webmail client is loaded with a variety of features for organization, collaboration and security. As a daily user of MDaemon Webmail (I use it almost exclusively instead of my desktop email client), I like to keep important messages organized so I can find them later. This is made easy with message categories (in addition to follow-up flags). Within the MDaemon webmail client, you’ll find a variety of built-in categories, or you can create your own custom categories. Multiple categories can be assigned to a message, and messages can be arranged by category, keeping all of your important messages in one, easy-to-find place.
If you’re like me, you like shortcuts that make life easier when performing common tasks. For example, if you work in finance or accounting, wouldn’t it be nice to be able to pull up all emails with the word “invoice” with a single mouse click? Well now you can. With the latest release of MDaemon, we introduced search folders in MDaemon Webmail. This week’s 30-Second Email Tips video will walk you through the setup process.
Search folders were added in MDaemon 17.5.1. If you’re running an older version of MDaemon, you could be missing out on some great new features!
If you’re what most would call a “power user,” then you may be used to using keyboard shortcuts. If you’re used to the keyboard shortcuts of another client, such as Outlook, Thunderbird or Eudora, MDaemon’s webmail client has a feature that allows you to continue using those shortcuts. So if you’re used to using Shift+P to print (which is an Outlook shortcut), then all you need to do in MDaemon’s web-based email client is go to the Options menu & select Personalize. Then select your preferred option in the Keyboard Shortcuts drop-down menu, as shown here:
More information on this feature can be found in the following page from our online manual:
If you have questions or comments about this feature, let us know! If you’re not an MDaemon user, but would like to learn more about its features, visit the MDaemon product page and have a look around!
We live in an era where the amount of valuable data businesses must store is increasing at an unprecedented pace. Consequently, the number of “bad guys” trying to gain access to that data is also increasing, and hackers have some pretty sophisticated tools at their disposal to try to force their way into your data. They use a variety of tactics, including social engineering, brute force attacks and dictionary attacks, among others.
Passwords are not just vulnerable to external threats. They must be protected from internal threats as well. Have you ever written down a password on a piece of paper, and then thrown it in the garbage? Have you ever discarded an old hard drive without destroying it? If this information gets in the wrong hands, it can lead to severe financial loss for a company, and damage to its reputation.
Passwords and usernames belong to one of three types of identification data:
Something you know
Something you own
Something you are or do (such as a fingerprint or other biometric element)
Passwords and usernames fall within the category of “something you know.” The three items listed above are considered factors of authentication, so when only one type of data is used to log into a system (such as a username and password), you are using a single factor of authentication.
Passwords alone are often not enough to protect your data against increasingly sophisticated attacks. Requiring a second factor of authentication can drastically reduce data theft.
Two-factor authentication is not a new concept. In fact, most of us already use it in other ways besides accessing our email. Here are some examples of two-factor authentication that many of us already use daily:
An ATM card (something you own) and a PIN (something you know)
A credit card (something you own) and a zip code (something you know)
A phone (something you own) and a fingerprint (something you are)
MDaemon includes two-factor authentication for WorldClient, MDaemon’s webmail client. With two-factor authentication, users must provide two forms of authentication – a password and a unique verification code that is obtained via any client that supports Google Authenticator (available in the Google Play store).
Two-factor authentication has many benefits:
It provides an extra layer of defense when a password isn’t strong enough.
It reduces online identity theft, phishing, and other techniques because a victim’s password isn’t enough to gain access to his or her data.
It helps companies in finance, health care, and other industries comply with PCI, HIPAA and other regulations.
It makes working remotely safer.
In this video, we demonstrate how to enable and use two-factor authentication in MDaemon and WorldClient.
If you’re concerned about privacy and security, two-factor authentication provides extra protection for your data. Download the latest version of MDaemon to take advantage of this extra security!
With the prevalence of data-destroying malware, more businesses are using an archiving solution such as MailStore to create backup copies of all email communications. Archiving is crucial for recovery when the unexpected disaster strikes, and useful for e-discovery and meeting legal requirements & regulations. I’ve written this article to help explain the value of archiving and why it’s so important:
For end-users, it’s important to have easy access to your archived messages, with the ability to search through your archives based on key words. With the addition of a custom button in the WorldClient toolbar that points to the MailStore login screen (performed by the MDaemon administrator), users can access their archive and perform a search in three easy steps. I’ll show you how in the following video:
MailStore works with virtually all email platforms and clients, and is the recommended choice for small-to-medium businesses worldwide. If you have questions or would like a personal demo, leave a comment below & let me know!
In MDaemon 17, we added support for DropBox integration for WorldClient, MDaemon’s web-based email client. Now, users can easily save attachments in inbound messages to their DropBox account, or insert links to their DropBox files in outbound attachments. Because files are stored in DropBox and not on the mail server, disk space and bandwidth are reduced.
We’ve put together the following tutorial video to help you get started with WorldClient’s DropBox file sharing features.
Step-by-step instructions can be found in the following knowledge base article:
2016 was an exciting year for Alt-N Technologies as it marked the 20th anniversary of the MDaemon email server for Windows and our ongoing efforts to bring affordable, secure, and reliable email and email security software to the small-to-medium business segment. And as many of you know, a lot has changed in the last 20 years. One thing that hasn’t changed over the years is the ongoing threat of people trying to use email as the primary method to attack an organization or steal personal information.
Like any form of communication, it can be used for good or bad. Unfortunately, when email was initially developed, its creators didn’t anticipate the ways bad actors would exploit the technology through methods like phishing, hacking, and launching disabling applications like ransomware, Trojans, etc.
2016 also reflected changes the industry continues to see in the area of deployment options. We saw some resellers and customers turning over the management of their email to MSPs (Managed Service Provider) or other third-party providers. The driver for this behavior varied by customer and industry but can be summarized by the desire to move hardware and software costs from capital expenditures (CAPex) to operational expenditures (OPex), with pros and cons to each approach. Alt-N worked with many existing and new channel partners to see MDaemon Private Cloud hosted email services introduced into new markets like Africa, Asia Pacific, and Latin America with continued growth in existing markets like North America and Europe.
With regards to hosted email services, we also received growing requests from direct customers asking Alt-N to manage their email. In response, Alt-N launched its own service using the MDaemon Private Cloud version of the software by introducing WorldClient Private Email for Business. With this new service offer, we have been able to meet the needs of direct customers who want us to manage their email, such as a 600-user customer who chose our service and support after having a large Office365 reseller attempt to convert them away from MDaemon!
For 2017, we will look for sales growth in new and emerging markets while working hard to earn and retain the loyalty and support of our existing customers. We will continue our efforts to add valuable features to MDaemon and SecurityGateway for Email Servers as those products remain the focus of our development efforts. We will be working on improving features that support cloud-based deployments while keeping a close eye on the needs of customers who want the control of on-premise and hybrid environments. And we will continue to look for new ways to enhance and bring value through our partnerships with complimentary vendors like MailStore, as well as seek out new technologies and vendors to make integration with our software simple and easy to use.
As we begin 2017, we want to express our sincere gratitude to those customers and channel partners who have helped Alt-N Technologies grow these past 20 years. We also look forward to earning the business of new customers and partners as we work toward a successful 2017.
As always, we invite you to tell us what you think by sending us your feedback. You can reach me directly at kevin(dot)beatty(at)altn(dot)com.