SecurityGateway saves administrators time by letting users manage their own quarantines!

Email spam quarantine

You’ve probably heard that the vast majority of  all email traffic is spam, but did you know the volume of spam as a percentage of all email traffic has gone down over the years? In April of 2014, spam made up almost 70% of all email traffic. The most recent records show spam at about 59% of all email traffic. While these numbers are down slightly, they are still quite significant, and thus email providers need to be armed with a variety of tools to combat spam.

For email administrators, one of the challenges of fighting spam is balancing tasks performed by the administrator with tasks that users can perform to take some of the workload from administrators. With SecurityGateway’s quarantine management features, users can be granted permissions to manage their own quarantines.

SecurityGateway can be configured to handle spam in various ways. Messages can be refused, quarantined, or accepted, and their spam scores can be adjusted accordingly. When messages are quarantined and held on the server, the administrator can determine whether, and how often, to send the user an emailed quarantine summary report. The administrator can also grant users permissions to view and manage their own quarantine folders in the SecurityGateway interface. The quarantine summary email allows users to release the message from quarantine, and whitelist or blacklist the sender. When the quarantine is viewed in the SecurityGateway interface, users have additional options, such as the ability to feed messages to SecurityGateway’s Bayesian spam learning engine. Giving users the ability to manage their own quarantines allows administrators to focus on other tasks.

We generally recommend using the Bayesian feature to mark a message as spam, rather than blacklisting the sender. Thus, to avoid any confusion, we’ve put together the following best practices guide on quarantine management in SecurityGateway.

Click here to view the new SecurityGateway Quarantine Management guide.

Following the suggestions outlined in this guide will help ensure that you receive the messages you want, and block the messages you don’t want.

If you have questions, let us know in the comments section below!


Why Passwords May Not Keep Your Email Safe

Two-factor Authentication using phone pin and passwordWe live in an era where the amount of valuable data businesses must store is increasing at an unprecedented pace. Consequently, the number of “bad guys” trying to gain access to that data is also increasing, and hackers have some pretty sophisticated tools at their disposal to try to force their way into your data. They use a variety of tactics, including social engineering, brute force attacks and dictionary attacks, among others.

The problem is made worse by the prevalence of weak passwords. Did you know that, even in 2017, one of the most common passwords is 12345678? In an experiment conducted in 2013, with the help of a list of hashed passwords obtained online, hackers were able to crack about 90% of a list of over 16,000 passwords.

Passwords are not just vulnerable to external threats. They must be protected from internal threats as well. Have you ever written down a password on a piece of paper, and then thrown it in the garbage? Have you ever discarded an old hard drive without destroying it? If this information gets in the wrong hands, it can lead to severe financial loss for a company, and damage to its reputation.

Passwords and usernames belong to one of three types of identification data:

  1. Something you know
  2. Something you own
  3. Something you are or do (such as a fingerprint or other biometric element)

Passwords and usernames fall within the category of “something you know.” The three items listed above are considered factors of authentication, so when only one type of data is used to log into a system (such as a username and password), you are using a single factor of authentication.

Passwords alone are often not enough to protect your data against increasingly sophisticated attacks. Requiring a second factor of authentication can drastically reduce data theft.

Two-factor authentication is not a new concept. In fact, most of us already use it in other ways besides accessing our email. Here are some examples of two-factor authentication that many of us already use daily:

  • An ATM card (something you own) and a PIN (something you know)
  • A credit card (something you own) and a zip code (something you know)
  • A phone (something you own) and a fingerprint (something you are)

MDaemon includes two-factor authentication for WorldClient, MDaemon’s webmail client. With two-factor authentication, users must provide two forms of authentication – a password and a unique verification code that is obtained via any client that supports Google Authenticator (available in the Google Play store).

Two-factor authentication has many benefits:

  • It provides an extra layer of defense when a password isn’t strong enough.
  • It reduces online identity theft, phishing, and other techniques because a victim’s password isn’t enough to gain access to his or her data.
  • It helps companies in finance, health care, and other industries comply with PCI, HIPAA and other regulations.
  • It makes working remotely safer.

In this video, we demonstrate how to enable and use two-factor authentication in MDaemon and WorldClient.

If you’re concerned about privacy and security, two-factor authentication provides extra protection for your data. Download the latest version of MDaemon to take advantage of this extra security!

Introducing SecurityGateway 5.0, with New Location Screening, Terms of Service Agreements, and More!

SecurityGateway provides businesses with additional layers of email security for their mail server. Developed with over 20 years of email security expertise, SecurityGateway is loaded with anti-spam, anti-abuse, and anti-malware features, as well as email encryption, data leak prevention, and more. With our latest release, SecurityGateway 5.0, businesses can benefit from the following new features.

Block Traffic from Specific Countries with Location Screening

Location Screening, a feature that was also recently introduced in MDaemon, allows administrators to block email from specific countries. This is useful if you don’t have users in certain regions. By default, all email traffic is blocked, but if you prefer to only block authentication attempts from these regions, you can simply check the box to block these attempts.

Block connections by country with Location Screening
Block connections by country with Location Screening


Enhanced Compliance Options with Terms of Service Agreement

In order to assist administrators with compliance to laws such as the General Data Protection Regulation in the EU, administrators can now add a terms of service statement which must be accepted by the users each time they login.

Terms of Use Agreement
Terms of Use Agreement


Download Message in Readable Format from Within the Logs

When viewing the message logs, administrators can now download a message in EML format by clicking on a link in the log. These EML messages can then be viewed in various email clients.

Download EML File
Download EML File

These are the main highlights. For a complete overview of new features & enhancements, click here to view the latest release notes, or click here to download SecurityGateway.

Questions? Comments? Let us know!

MDaemon 17.5.1 is Now Available – with Improved Logging for Let’s Encrypt, WorldClient Enhancements, and More!

Today, we released a minor update to MDaemon – MDaemon 17.5.1. This update includes various minor improvements, including:

  • Improved logging for Let’s Encrypt.
  • Defaults for the Dynamic Screening settings have been changed. Account freeze is off by default and fewer notifications are enabled.
  • Enhanced WorldCient Instant Messenger chat room experience to prevent spoofing.
  • When using the WorldClient and LookOut themes, users can now display their saved searches in the Favorites folder list.

These are just a few highlights. For a complete rundown of all new features & enhancements, visit our Downloads page to to view the MDaemon release notes or to download MDaemon.

Block Hackers from Guessing Passwords with MDaemon’s Improved Dynamic Screening

If you have an email account (and in 2017, you probably have more than one), you are a target. More specifically, your email password is a target and a coveted prize for hackers. And let’s face it – hackers are not going away anytime soon. Because the barriers to entry are so low and the potential payoffs so large, hackers are more motivated than ever to try to steal your login credentials. As an MDaemon administrator, you are tasked with making sure your users use strong passwords, but here are a few things to consider when evaluating your password & security policies:

  • People often reuse passwords.
  • People tend to use the same password across multiple sites.
  • Hackers have access to a variety of password-generating tools that are freely available on the Internet.
  • Automated systems installed in botnets can crack complex passwords in a matter of minutes.
  • Password dictionaries reduce the effectiveness of password complexity policies.

To address these threats, MDaemon’s new Dynamic Screening features can be configured to track authentication failures for all protocols, including SMTP, POP, IMAP, WorldClient, and ActiveSync (among others). When a specified number of authentication attempts from a given IP address fail in a designated period of time, subsequent connections from the IP are blocked for a specified period of time. The affected email account can also be frozen – meaning the mailbox can collect mail, but the user cannot login to check email or send out email messages.

Watch our latest tutorial video to learn more!

In the event that a hacker or spammer still manages to guess an account’s password, MDaemon’s Account Hijack Detection feature will disable or freeze the account after a specific number of messages have been sent from an authenticated session in a given timeframe.

Do you have questions or comments? Let us know via the Comments section!

Block Incoming Connections by Country with MDaemon’s New Location Screening Feature

Block connections by country with Location Screening
Block connections by country with Location Screening

As I announced recently in this post, MDaemon 17.5 has been released, with new security and collaboration features. One feature that our users will find particularly useful is the new Location Screening feature, which allows administrators to block incoming connections from specific countries. When you consider the scale and widespread distribution of global threats, blocking connections by country can provide the following benefits:

New spam domains, email zombies & phishing sites pop up all over the world every day. In fact, Cyren’s World Threat Map displays a handy visual representation of newly-discovered threats in real-time.

So if you know your company does not do business with certain countries, you can add these locations to MDaemon’s Location Screening feature and stop all traffic from these countries.

In previous versions of MDaemon, the best way to block connections by country was to use the DNS-BL feature, but with MDaemon 17.5, a new, intuitive check-box screen was added.  In this tutorial video, I show you how easy it is to configure Location Screening in MDaemon.

Do you have questions or feedback? If so, click on the “Leave a Comment” link under the title of this post & let us know!

Outlook Connector 5.0 Adds New Control & Reporting Features

In addition to all of the new security & collaboration enhancements introduced in MDaemon 17.5, our latest release of Outlook Connector adds additional control for administrators as well as configuration reporting for end users.

Allow or Block Certain Third-Party Outlook Add-ins to Improve Performance

With the wide variety of Outlook add-ins that users can install, one common challenge is making sure these add-ins don’t negatively impact Outlook performance. Beginning with MDaemon 17.5 and Outlook Connector 5.0, administrators can control which add-ins are enabled or disabled on client machines.

Administrator Control of Outlook Add-Ins
Administrator Control of Outlook Add-Ins

New Outlook Connector Features for End Users

Generate an Outlook  Configuration Report to Assist with Support Requests

When submitting an Outlook Connector support request, it is helpful for our support staff to know as much as possible about the Outlook configuration settings on the client computer. Beginning with Outlook Connector 5.0, users can generate a configuration report containing information such as:

  • All Outlook Connector Profiles, including the email address plus the location and size of the local cache file
  • Information about when the Outlook Connector database was last compacted, and the size of the database
  • The current version of the Outlook Connector plug-in
  • Send/receive intervals
Outlook Connector - Generate Configuration Report
Outlook Connector – Generate Configuration Report

In addition to these major updates, we’ve included various minor fixes & enhancements. More information can be found in the release notes, or if you can download our free trial to start using Outlook Connector today!

New Security & Collaboration Features for MDaemon 17.5!

Our continued focus to make email safe and simple to use has resulted in some great new features in the most recent release of MDaemon 17.5. We’ve highlighted some of the features for email administrators and end users below. So, let’s have a closer look.

New MDaemon Features for Administrators

Stop Spam and Malware Sent from Specific Countries

Many email administrators want an easy way to block connections from specific countries that send spam and malware. New country screening settings allow administrators to block incoming SMTP, POP, and IMAP connections from designated countries. This benefits businesses by allowing them to block messages from countries with which they do not do business, and provides an extra layer of spam protection when certain countries are known sources of spam.

MDaemon Location Screening
Block incoming connections by country via the new Location Screening feature

Prevent and Set Alerts When Hackers Try to Access Your Email

MDaemon’s new Dynamic Screening features can be configured to track authentication failures for all protocols, including SMTP, POP, IMAP, WorldClient, and ActiveSync (among others). After receiving a specified number of failed authentication attempts from a given IP address in a designated period of time, subsequent connections from the IP are blocked for a specified period of time. This helps prevent further connection attempts and password guessing by hackers & spammers.

MDaemon Dynamic Screening & Authentication Failure Tracking
MDaemon Dynamic Screening & Authentication Failure Tracking

If you’re looking for the previous dynamic screening settings, they are still located under the Security Settings screen, but this screen has been renamed to SMTP Screen.

Flexible Filtering to Manage Messages

Administrators can set multiple IMAP filtering parameters based on the message size or the contents of any message header, and perform actions such as moving, deleting, forwarding, or redirecting the message.

Complex IMAP filters
Complex IMAP filters

Improving Server-Side Encryption Key Exchange

An option has been added that allows the process of exchanging public keys for OpenPGP to take place during the SMTP message delivery process. When this feature is enabled, authorized users will no longer need to manually send their public key to another user from whom they wish to receive encrypted email.

Automatic Encryption Key Exchange
Automatic Encryption Key Exchange

Improved Message Search Capabilities

A new Message Search page has been added to MDaemon Remote Administration, allowing administrators to search a single user’s messages based on keywords in the sender, recipient, subject, or attachment name. Searches can be performed on all messages, or only messages within a specified date range.

New Message Search for MDaemon Remote Administration
New Message Search for MDaemon Remote Administration

New MDaemon Features for End Users

Flexible Search Filters for Inbox Management

Improved search filters have been added to MDaemon’s web-based email (WorldClient) allowing users to specify filtering rules based on the message size or any message header. Message results based upon the filter criteria can be moved to another folder, deleted, forwarded, or redirected.

Complex filters for WorldClieint, MDaemon's web-based email client
Complex filters for WorldClieint, MDaemon’s web-based email client

Custom Buddy List Groups for Instant Messaging

WorldClient Instant Messenger users can now arrange their buddy lists into custom groups.

WorldClient Instant Messenger - Buddy List Grouping
WorldClient Instant Messenger – Buddy List Grouping

Adding Attachments to Calendars, Contacts, Tasks and Notes

Attachments can now be added to calendar items, contacts, tasks, and notes via WorldClient, Outlook (using Outlook Connector) or your favorite CalDAV or CardDAV client.  When scheduling a meeting, attachments added to calendar events will be sent to all meeting attendees.

Attachment Support for Meetings, Contacts, Tasks
Attachment Support for Meetings, Contacts, Tasks

Import and Export Groups/Distribution Lists to/from a Contact Folder

WorldClient users can now import and export groups/distribution lists to & from their Contacts folders. The ability to import groups allows users to avoid the extra steps needed to add group members individually.

Import Groups
Import Groups

Using Email Voice Memos

WorldClient’s new voice recorder allows users to record voice memos and attach them to email messages, save them to their WorldClient Documents folder, or save them to the desktop.

WorldClient Voice Recorder
WorldClient Voice Recorder

Simplified Folder Management Options

WorldClient users can now perform the following folder management tasks without having to go to the Options | Folders menu:

  • Move folders from one parent folder to another via drag & drop.
  • Add folders to Favorites via drag & drop.
  • Rename folders in the Favorites list by clicking on the folder name.
  • Show folders by type in the LookOut theme (previously only available in the WorldClient theme).
WorldClient Folder Drag & Drop
WorldClient Folder Drag & Drop

Export a Contact in vCard 4.0 Format

WorldClient users can now export individual contacts in VCard format, a file format standard for electronic business cards supported by a wide variety of email clients. VCards contain various details about a contact, including name, company name, email address, postal address, phone number, and additional comments. They can be downloaded locally or sent to a designated email address, and then imported into any email client that supports the VCard format.

WorldClieint - Export Contact in vCard Format
WorldClieint – Export Contact in vCard Format

Password Protected Chat Rooms

For added security, WorldClient Instant Messenger users can now chat with others via password protected chat rooms. When creating a new chat room via the WorldClient Instant Messenger application, simply enter the password that is required to join in the new Password field.

WorldClient Instant Messenger - Password Protected Chat Rooms
WorldClient Instant Messenger – Password Protected Chat Rooms

Other Enhancements

In addition to all of this, other improvements include:

  • By default, messages that cannot be scanned by SecurityPlus are quarantined. The antivirus quarantine exclusion settings have been improved. In previous versions, administrators could configure exclusions from antivirus scanning based on attachment file type. Now, administrators can also configure antivirus scanning exclusions based on the sender or recipient address.
  • When using the WorldClient theme, the look of WorldClient Notes has been updated. An option was added that allows users to change the color of the note by clicking on the note icon in the top left corner of the note.
  • When using the LookOut and WorldClient themes, WorldClient users can now search for attachment names using advanced search.

For more information please refer to the following resources:

MDaemon Release Notes
Click here to download MDaemon

If you’ve got questions or comments, let us know via the Comments link below!

Email Help for Texas & Louisiana Businesses Affected by Harvey

Hosted Email Help for Businesses Affected by Hurrican Harvey

Our hearts go out to all who have been impacted by hurricane Harvey. As a provider of email messaging software and services, we understand that many businesses have lost communications infrastructure, including their email services, which for many, are the primary channel of communication with customers. We want to help, so we are offering free, temporary email services for businesses who have experienced email disruptions due to Harvey.

Learn more about how we can help your business during this time of disruption:

MDaemon Has been Updated to Version 17.0.3

Update_stickyAs any software company knows, it’s important to listen to our customers and address any issues that may be reported. With this in mind, our development team has released MDaemon 17.0.3. This minor update includes various improvements to WorldClient Instant Messenger and other minor fixes.

Click here to read the release notes, and click here to download the latest MDaemon.

If you’re not yet an MDaemon user, you can find more product information here, and click here to compare us to your current messaging solution.

Do you have questions or comments? Let us know via the Comments section below!