Using DKIM, SPF & DMARC to Protect your Brand and Customers from Spear Phishing

Introduction

Scammers use a variety of tactics to get users to give out personal information. One very common tactic is known as phishing. Phishing is a scam where tech-savvy con artists use spam and malicious websites to deliver malware, or to trick people into giving them personal information such as social security numbers, bank account numbers, and credit card information. A more targeted (and often more dangerous) type of phishing is known as spear phishing.

What is Spear Phishing?

Spear phishing is a targeted attack that’s usually addressed to a specific individual. With spear phishing, the perpetrator knows something personal about you. He may know your name, email address, or the name of a friend, or he may have information about a recent online purchase you made. While most phishing emails will have a generic greeting such as “Dear Sir or Madam,” a spear phishing email may address you by name, such as “Hello John.” It may also appear to come from someone you know.

According to Allen Paller, director of research at the SANS Institute, 95% of all attacks on enterprise networks are the result of spear phishing attacks. Earlier this year, Symantec issued a warning about an ongoing spear phishing attack targeting small and midsize businesses in the United States, India, and the UK that infects users with a remote access Trojan (RAT). A RAT gives an attacker remote access to a machine & can lead to disclosure of sensitive information and financial losses. Based on campaigns run by Symantec’s Phishing Readiness technology, on average, employees are susceptible to email-based attacks 18 percent of the time.

How can You Protect Yourself & Your Business?

Protecting your company from spear phishing attacks is the responsibility of employees as well as the mail server administrator. For employees, user education is key. This post contains helpful email safety tips for end users. For the administrator, implementing DKIM, SPF and DMARC can help reduce data breaches, financial losses, and other threats to your business. These three methods are described in greater detail below.

How DKIM Works

DKIM (DomainKeys Identified Mail) is a cryptographic email verification system that can be used to prevent spoofing. It can also be used to ensure message integrity, or to ensure that the message has not been altered between the time it left the sending mail server and the time it arrived at yours. Here’s how DKIM works:

  • An encrypted public key is published to the sending server’s DNS records.
  • Each outgoing message is signed by the server using the corresponding encrypted private key.
  • For incoming messages, when the receiving server sees that a message has been signed by DKIM, it will retrieve the public key from the sending server’s DNS records and then compare that key with the message’s cryptographic signature to determine its validity.
  • If the incoming message cannot be verified then the receiving server knows it contains a spoofed address or has been tampered with or changed. A failed message can then be rejected, or it can be accepted but have its spam score adjusted.

You can refer to the following knowledge base article for DKIM setup instructions in MDaemon:

How to enable DKIM signing and configure records

You can refer to this knowledge base article for DKIM setup instructions in SecurityGateway:

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=496

How SPF Works

Another technique to help prevent spoofing is known as SPF. SPF (Sender Policy Framework) allows domain owners to publish DNS records (SPF records) to identify those locations authorized to send messages for their domain. By performing an SPF lookup on incoming messages, you can attempt to determine whether or not the sending server is permitted to deliver mail for the purported sending domain, and consequently determine whether or not the sender’s address may have been forged or spoofed.

MDaemon’s SPF settings are located under Security | Security Settings | Sender Authentication | SPF Verification. This screenshot displays the recommended settings.

SPF Settings in MDaemon
Recommended Sender Policy Framework Settings

Recommended SPF settings for SecurityGateway are outlined in this knowledge base article:

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=497

These are the recommended settings for verifying SPF records of other domains. To help protect against spear phishing attacks that spoof your own domain, you should set up an SPF record in DNS. You can find helpful information on SPF record syntax and deployment at www.openspf.org.

DMARC (Domain-Based Message Authentication, Reporting & Conformance)

When a message fails DKIM or SPF, it is up to the receiving mail server’s administrator as to how to handle the message. The problem with this is that if DKIM or SPF is not set up properly, it can lead to problems. DMARC (Domain-based Message Authentication, Reporting and Conformance) takes out the guesswork on how to handle messages from a domain that are not properly aligned with DKIM or SPF.

DMARC defines a scalable mechanism by which a mail sender can express, using DNS records (DMARC records), domain level policies governing how messages claiming to come from his or her domain should be handled when they do not fully align with DKIM and SPF lookup results. In other words, if you perform SPF, DKIM and DMARC record lookups on a message claiming to come from my domain (example.com), and it does not align with SPF, DKIM, or both, my DMARC record can tell you how I want you to handle messages that are unaligned with SPF & DKIM. My DMARC record can specify whether I want you to accept, quarantine, or reject unaligned messages, and I can even go a step further and specify what percentage of unaligned messages I want you to reject or quarantine based on my policy preferences. This is useful when first deploying DMARC, as it allows you to be more lenient with rejection of unaligned messages until you’re sure DKIM & SPF are configured properly.

You can view the following recorded webinar for a more in-depth overview of DMARC, including examples and syntax of DMARC records and deployment strategy.

https://youtu.be/vrMMKmxCmqs?list=PLt-aAHf-ocsYYmpXFABce39b_CgJXXubp

This knowledge base article will also be useful:

How to Enable DMARC and Configure Records

Conclusion

While we must be vigilant against spoofing and phishing attacks, we must also acknowledge that cautious, informed users and properly implemented SPF, DKIM and DMARC policies are the best defense against cybercriminals who are intent on stealing your data and damaging your brand.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

SSL & TLS Best Practices

You may have heard the terms SSL and TLS, but do you know what they are and how they’re different?

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are methods of securing (encrypting) the connection between a mail client and mail server (Outlook and MDaemon, for example) or between mail servers (MDaemon and another mail server, for example). They are also methods for securing communications between websites and your browser. In this post, we’ll focus on its uses for encrypting email connections.

Without SSL or TLS, data sent between mail clients and servers would be sent in plain text. This potentially opens up your business to theft of confidential information, credentials being stolen and accounts being used to send spam. SSL and TLS can be used to help protect that data. SSL and TLS allow users to securely transmit sensitive information such as social security numbers, credit card numbers, or medical information via email.

How do SSL and TLS work?

In order to use SSL or TLS, you’ll need an SSL certificate to establish an SSL/TLS connection. SSL certificates use a key pair (a public and private key) to establish a secure connection. When a mail client or server wants to connect to another server using SSL, an SSL connection is established using what’s known as an “SSL handshake.” During this process, three keys are used to establish an SSL connection – a public key, a private key, and a session key. Data encrypted with the public key can only be decrypted with the corresponding private key, and vice-versa. Encryption via the public & private keys only takes place during the SSL handshake to create a symmetric session key. Once the secure connection is made, all transmitted data is encrypted with the session key.

This diagram provides a simplified overview of how an SSL connection is established.

How SSL & TLS workBoth SSL and TLS protect data privacy through data-in-motion encryption, provide server-side and (optionally) client-side encryption of the communication channel, and help ensure message integrity.

POP, IMAP and SMTP traffic are transmitted over designated ports. By default, IMAP uses port 143, POP uses port 110, and SMTP uses port 25. IMAP over SSL/TLS uses port 993. POP over SSL/TLS uses port 995, and SMTP over SSL/TLS uses port 465. For SSL to take place over these connection types, the mail client and mail server must both be configured to use the proper ports, and a valid SSL certificate must be installed on the server.

What are the Differences between SSL and TLS?

So what are the differences between SSL and TLS? TLS is the successor to SSL. It was introduced in 1999 as an upgrade to SSL 3.0, so TLS 1.0 is most similar to SSL 3.0 & is sometimes referred to as SSL 3.1, though TLS is not compatible with SSL 3.0. The version numbers for SSL are 1.0, 2.0 and 3.0, while TLS uses a different numbering pattern – 1.0, 1.1, 1.2.

Because TLS is incompatible with SSL 3.0, the client and server must agree on which protocol to use. This is accomplished via what’s known as a “handshake.” If TLS cannot be used, the connection may fall back to SSL 3.0.

Without getting too technical (there are plenty of online resources that explain the technical differences between SSL and TLS), here are some of the differences between SSL and TLS:

TLS has more alert descriptions – When a problem is encountered with an SSL or TLS connection, the party who encountered the problem would send an alert message.

SSL had the following 12 alert messages:

  • Close Notify
  • Unexpected Message
  • Bad Record MAC
  • Decompression Failure
  • Handshake Failure
  • No Certificate
  • Bad Certificate
  • Unsupported Certificate
  • Certificate Revoked
  • Certificate Expired
  • Certificate Unknown
  • Illegal Parameter

TLS has the following additional alert messages:

  • Decryption Failed
  • Record Overflow
  • Unknown CA (Certificate Authority)
  • Access Denied
  • Decode Error
  • Decrypt Error
  • Export Restriction
  • Protocol Version
  • Insufficient Security
  • Internal Error
  • User Canceled
  • No Renegotiation
  • Unsupported Extension
  • Certificate Unobtainable
  • Unrecognized Name
  • Bad Certificate Status Response
  • Bad Certificate Hash Value
  • Unknown PSK
  • No Application Protocol

TLS uses HMAC for message authentication – SSL verifies message integrity (to determine whether a message has been altered) using Message Authentication Codes (MACs) that use either MD5 or SHA. TLS, on the other hand, uses HMAC, allowing it to work with a wider variety of hash functions – not just MD5 and SHA.

TLS uses a different set of cipher suites.

A cipher suite is basically a combination of authentication, encryption, message authentication code (MAC) and key exchange algorithms used to negotiate security settings for a network connection. More information can be found here: https://en.wikipedia.org/wiki/Cipher_suite

Why are SSL and TLS Important?

Businesses have a responsibility to protect financial data such as credit card information, and consumer records such as names, addresses, phone numbers, and medical information. Without some form of encryption, whether via an encrypted connection using SSL & TLS, or by encrypting the message itself using Virtru or OpenPGP, sensitive data may be vulnerable to hackers & other forms of unauthorized access.

Which method is recommended?

SSL 3.0 suffers from a well-known vulnerability called the POODLE vulnerability. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. Click here for a thorough overview of this vulnerability and recommended actions.  One workaround recommended in the overview is to completely disable the SSL 3.0 protocol on the mail client and server. This might not be practical, as it may affect legacy systems that are still using SSL 3.0.

We recommend using TLS whenever possible. TLS 1.2 is currently the best version for security, but it is not yet universally supported. TLS 1.1+ support was not added until Windows 7 and Server 2008 R2, in 2009.

The encryption protocol and cipher used by MDaemon and SecurityGateway depend on the operating system and can be configured via the registry. You can use the free IIS Crypto tool to set the appropriate registry keys. More information can be found here:
https://www.nartac.com/Products/IISCrypto

I hope this information helps clarify any questions about SSL and TLS, and which encryption method is recommended. As always, if you have questions or comments, let us know!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

New MDaemon Feature Helps Detect Spambots

Ever wonder why so much spam exists today? By some estimates, more than 100 billion spam messages are sent every day. This represents around 85 percent of global daily email traffic. Some of the most common types of spam messages include financial scams, phishing attempts, ransomware, and botnet malware. In this article, we focus primarily on botnets.

Spam is big business. The barriers to entry are low and the payoffs are high. If a spammer sends out 50,000 spam messages, but only a handful of users click on a link in one of these messages, the spammer’s efforts will likely have paid off.

A single spammer may not have the resources to send out a large-scale spam attack, however, a spammer’s job is made much easier by the use of botnets – networks of hundreds or even thousands of malware-infected computers (known as spambots) that can be remotely controlled over the internet.  Similar to legitimate cloud services such as Amazon’s AWS, a botnet-for-hire provides individuals with ample cloud-based resources to carry out large-scale spam campaigns with very little effort.

According to Spamhaus, the top five countries with the most spambots are India, Vietnam, China, Iran, and Brazil. As of May 23, 2016, India had close to 2 million spambots!

The botnet-for-hire industry is a growing industry that makes it easy for anyone to send out thousands of spam messages using the botnet as the attack vector.

In addition to sending out spam, botnets can be used to launch DDoS attacks by flooding a company with thousands of connections over a short period of time – in an effort to try to shut down a company’s network or to damage its reputation.

User education is likely the most important factor in preventing a computer from becoming a spambot. The following are a few guidelines that every email user should know by now.

  • Never open an email from an unknown source.
  • Never open an attachment from an unknown source.
  • Even if the sender appears to be someone you know, always verify – because spammers often forge the sender’s address.
  • Use anti-virus software on your local computer.
  • Learn how to recognize phishing
    • Messages that contain threats to shut your account down
    • Requests for personal information such as passwords or Social Security numbers
    • Words like “Urgent” – portraying a false sense of urgency
    • Forged email addresses
    • Poor writing or bad grammar
  • Don’t give your email address to sites you don’t trust.
  • Don’t post your email address to public websites or forums.
  • Understand that reputable businesses will never ask for personal information via email.

For more of these guidelines, see our blog posts – Email Safety Tips for End Users and Ransomware and Banking Trojans are Big Business.

Spambot Detection in MDaemon

The information provided above applies primarily to end users, but what actions can be taken by the mail server administrator to detect and prevent spambot activity? While MDaemon has many spam-fighting features, MDaemon 16 includes tools to detect spambot activity and block it from further communication with your server. This new feature is called Spambot Detection. Spambot Detection tracks the IP addresses that every return-path value (sender) uses over a period of time. If the same return-path is used by multiple IP addresses (more than can be expected from users switching between their computers and mobile devices) in a given timeframe, then it’s possible that this activity is being generated by a spambot. Of course, it’s also possible that this activity is completely legitimate. However, in some cases, tests have shown that this can be an effective tool at detecting a distributed spambot network as long as the same return-path is used in the spam messages. If a spambot is detected the connection is dropped and the return-path value is optionally blacklisted for a designated period of time.  You can also optionally blacklist all known spambot IPs for a designated period of time.

As with most MDaemon security features, various settings allow you to bypass Spambot Detection for mail from trusted sources. You can exempt specific IPs, senders, and recipients from Spambot Detection using the White list feature, and exempt connections from authenticated sessions or trusted IPs. Click on the Advanced buttons to view a list of return-paths or IPs that are currently blocked. If a return-path or IP is blocked by mistake, you can easily remove it from the list.

We demonstrate how to configure Spambot Detection in this tutorial video.

Spammers are always coming up with new ways to spam users. That’s why user education and a properly configured mail server are equally important in the war against spam.

Spambot Detection is one more tool in MDaemon’s arsenal of anti-spam and security features. When these features are enabled, MDaemon can help protect your users and your business from spam, phishing attempts, and malware. For more information on protecting your MDaemon server, check out our knowledge base article on recommended MDaemon security settings.

If you’re not yet an MDaemon user, and would like to take advantage of its robust security and anti-spam features, click here to download your free trial!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Quarantine Management in SecurityGateway

SecurityGateway quarantine management best practicesSecurityGateway can be configured to handle spam in various ways. Messages can be refused, quarantined, or accepted, and their spam scores can be adjusted accordingly. When messages are quarantined and held on the server, the administrator can determine whether, and how often, to send the user an emailed quarantine summary report. The administrator can also grant users permissions to view and manage their own quarantine folders in the SecurityGateway interface. The quarantine summary email allows users to release the message from quarantine, and whitelist or blacklist the sender. When the quarantine is viewed in the SecurityGateway interface, users have additional options, such as the ability to feed messages to SecurityGateway’s Bayesian spam learning engine.

We generally recommend using the Bayesian feature to mark a message as spam, rather than blacklisting the sender. Thus, to avoid any confusion, we’ve put together a new best practices guide on quarantine management in SecurityGateway.

Click here to view the new SecurityGateway Quarantine Management guide.

Following the suggestions outlined in this guide will help ensure that you receive the messages you want, and block the messages you don’t want.

If you have questions, let us know in the comments section below!

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Thwart Hackers with Strong Password Policies

For spammers, the barriers to entry are very low and the potential payoffs are very high relative to the small amounts of effort required to send out lots of spam. Spammers typically look for the “low hanging fruit” of an email system, such as mail servers that are not configured to prevent relaying, or accounts with weak passwords. If a hacker manages to guess an account’s password, he can use that account to send out large amounts of unsolicited spam email messages. This can result in your server winding up on a blacklist. Additionally, if large amounts of spam are sent out before the issue is corrected, your business can suffer lost trust and a reduction in revenue.

MDaemon’s Account Hijack Detection feature can be used to disable the account once a specified number of messages have been sent from an authenticated session within a given period of time. But it would be better to not even let a hacker get that far. Having strong passwords that are difficult to guess would help prevent an account from being hijacked in the first place.

Today, we focus on the issue of weak passwords and how to thwart hackers by implementing strong password policies. These settings are located in MDaemon under the Accounts | Account Settings configuration screen. In today’s video tutorial, we demonstrate how to require strong passwords, how to force accounts with a weak password to change their password, and how to send a Weak Passwords report to a designated email address.

Email is one of the most valuable intellectual property assets a company can have. Protect your email by enacting strong security and password policies & keep the hackers out.

Click here to learn more about MDaemon and why many small-to-medium businesses have migrated to it from Microsoft Exchange Server, or click here to download your free trial!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

For Security & Privacy – Easy Email & Attachment Encryption with Virtru

Recently, I created a video and blog post about Virtru Email Encryption for MDaemon, to demonstrate its features, benefits, and ease of use. Following along with its ease of use, I’ve created the following animation to show you just how easy Virtru is to use. Simply enable Virtru support in WorldClient (MDaemon’s webmail client), enable the Virtru features by clicking on the small “V” button within the email compose window, and then click on “Send Encrypted.” It really is that simple!

Virtru Email and Attachment Encryption
It’s easy to encrypt email and attachments using Virtru

For a more thorough overview of Virtru’s features, please see this blog post, or click here to visit our main Virtru page.

Virtru (email and attachment encryption) is included with the MDaemon Messaging Server. Virtru Pro features include Message Revoke, Disable Forwarding, Set Message Expiration, and automatic encryption. Click here if you’d like to purchase Virtru Pro.

Want to learn more about the encryption features offered by MDaemon? Then click here to learn more!

Protect your business from unauthorized access to your important and confidential email messages. Download your free trial of MDaemon today!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

SecurityGateway 3.0.3 Has Been Released

Today, we released SecurityGateway 3.0.3. Here are some highlights on what’s new for this latest release.

  • Compressed archive files, such as .zip and .rar, can now be scanned for restricted attachments.
  • An option has been added which allows a global administrator to export all whitelists and blacklists to a CSV file.
  • Adobe Flash is no longer required to display traffic and mailbox charts.
  • Global administrators can now be automatically alerted when a new user is created.

There are many more new features and enhancements. For a complete list, click here to read the SecurityGateway release notes.

Want to learn more? Check out our recorded webinar for an overview of SecurityGateway.

Click here to download your free trial of SecurityGateway.

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Keeping Email Private with Virtru Client-Side Encryption

Have you ever created an account on a website that you wouldn’t want others to know about, or made travel arrangements, purchased personal items, or set a doctor’s appointment online? If so, then it’s possible that sensitive information about you has been transmitted via email. If any of these situations apply to you, or if you just don’t want anyone to see the cat photos you sent as an email attachment to your neighbor, then you should be encrypting your email. If you send personal or financial information, it’s best to assume that at any given time, someone out there is trying to gain access to that information.

Many small businesses think data breaches only happen to large companies, however, no company is too small to protect itself from outside threats. In fact, many hackers know that smaller companies might be a bit more lax in their security practices, and thus target them more aggressively. This is why email security and encryption are so important.

Virtru recently wrote a blog titled “Four Enterprise Security Statistics that Might Scare You Straight.” Here are some interesting statistics cited in the article:

  • 87% of Senior Managers Upload Business Files to a Personal Email or Cloud Account
  • Email Malware Creation is up 26% Year Over Year, with 317 Million New Pieces of Malware Created in 2014
  • Hackers Targeted 5 out of 6 Large Companies Using Email Attacks Last Year — an Annual Increase of 40%
  • Cybercrime has a 1,425% ROI

So with the above statistics in mind, do we even need to ask why we need encryption? If these reasons aren’t convincing enough, consider these:

  • Firewalls, antivirus, and anti-spyware may provide good protection, but they may not be enough. If one of the above is breached, encryption helps keep data safe.
  • Encryption can help shield businesses and users from government surveillance or other unauthorized access.
  • When you need to send sensitive data, encryption helps keep this data away from unauthorized viewers.
  • Encryption helps companies stay in compliance with HIPAA, CJIS, FERPA, and other government regulations.
  • Encryption helps keep sensitive data out of the hands of criminals and competitors.
  • Encryption helps companies preserve data integrity and privacy policies.

Client-side vs. Server-Side Encryption

Now that we’ve discussed why encryption is important, let’s discuss Virtru and its benefits.

First, we need to make a distinction between client-side and server-side encryption. With client-side encryption, email messages and attachments are encrypted by the sending mail client, and remain encrypted until an authorized recipient opens the message. With server-side encryption, messages and attachments are encrypted on the mail server with no user interaction. MDaemon users can use Virtru to encrypt messages on the client, and MDaemon administrators can use PGP to encrypt messages as they pass through the mail server. In this blog post, we’re going to focus on the client-side Virtru encryption features. If you’d like to learn more about MDaemon’s server-side encryption options using OpenPGP, then check out this blog post & video.

What is Virtru?

Virtru is an easy to use email encryption service that lets you protect private information while using your existing email service.  Encryption converts plain text into gibberish (cipher text) that is unreadable to all except the intended recipient. Virtru offers end-to-end encryption, ensuring that only authorized parties can decrypt your content.

When you send messages with Virtru, your emails and files are locked using strong encryption. Only you and your recipients can decrypt your messages. Separation of content and encryption gives you an extra level of privacy.

Why use Virtru?

Virtru was designed for user privacy and ease of use. Virtru never has access to your passwords and does not store any of your email content on their servers; only the encryption keys. Virtru helps users avoid headaches by managing their encryption keys for them.

Users have two versions of Virtru to choose from. The free version provides encryption and decryption of email and attachments. The Pro version provides the same encryption and decryption features, plus the ability to set message expiration dates, revoke emails, and disable forwarding.

Want to learn more about Virtru? Then  check out the video below for a demonstration, or visit the Virtru page on our website. You can also try out Virtru’s features by downloading your free trial of MDaemon.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Server-side Encryption, Decryption & Key Management with OpenPGP

Whether you work in health care, finance, government, or any other field that requires the storage of data, there’s always someone out there who would love to gain access to your confidential records. Don’t let the bad guys steal your data. Protect it with server-side encryption. Our latest release of MDaemon supports OpenPGP, which allows MDaemon to perform encryption, decryption, and key management tasks. Learn how to enable OpenPGP support in MDaemon, and how to send encrypted mail in our latest video.

Click here to learn more about MDaemon’s email encryption features, or click here to download your free trial of MDaemon and see for yourself how easy it is to use!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Training the Bayesian Spam Learning Engine in WorldClient

MDaemon’s built-in spam filter includes a feature known as Bayesian Learning. Bayesian Learning allows MDaemon to “learn” what types of messages are spam and what types are not spam. This allows the spam filter to become more accurate over time.

It is important for users to properly train the Bayes system so that messages are correctly flagged as spam or non-spam. We do not recommend blacklisting the sender of spam messages because this does not help the Bayes engine learn from the message, and thus, has no effect on reducing spam. The easiest way to train the Bayes engine is for users to use the thumbs-up and thumbs-down icons in WorldClient (MDaemon’s webmail client) to feed the Bayes engine samples of spam and non-spam. The more spam and non-spam samples you feed to the Bayes engine, the more accurate the spam filter will become over time, thus, it is very important for users to use the thumbs-down icon on every spam message – whether it arrives in your Inbox or in your Junk Email folder. Likewise, for every false-positive (legitimate, non-spam message that is flagged as spam), you can use the thumbs-up icon to flag the message as non-spam.

This knowledge base article provides a more thorough explanation of Bayesian Learning and how to train the Bayesian Learning engine.

This video explains further.

If you are an end user and you do not see the thumbs-up and thumbs-down icons in WorldClient, the MDaemon administrator can take steps outlined in this video and blog post to make those icons appear.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •