by Steve Galloway | Apr 23, 2015
It is good practice to change email passwords occasionally. Sometimes, ComStat may ask you to change passwords if we suspect that a third party has compromised your account. If users do not know passwords, we can force a password change, however you should take responsibility of your passwords and we ask users to log in to their email accounts and overwrite our forced password changes with passwords of their own. To manage your passwords:
1. Go to your Webmail control panel at http://webmail.example.com (replace example.com with your own domain name).
2. Login with your email address and the password if you know it, or the password we have given you. Click open the settings icon. The image below shows you where this icon is.
This is your Webmail account, and you can use this control panel to manage your email and your email settings, review mail statistics, and more.
3. In the next screen check that the control panel is opened to the “Account Settings” preferences, and the “User” tab, and then input your passwords and click save. A time of writing you will need a capital letter and a number in your password. Our policy may change from time to time. When you have entered your passwords, click “save”, which is located above the “User” tab.
You have now changed your password. Also, changing your password will mean you need to update settings on any devices that connect to Office 365, including desktops, laptops, tablets, or mobile phones. This process will allow you to manage one account at a time. To manage another account, log out of your Webmail account, and then log in to the next account with that user’s credentials, and repeat.
by Steve Galloway | Dec 16, 2014
This article explains how to connect Outlook 2007 to Exchange Online email services on Office 365. Business Premium and Enterprise users should download Office 2013 App suite from the Office 365 portal. . Outlook 2007 can be connected to Exchange Online, however its architecture was not designed with any anticipation of Microsoft’s Cloud computing services in mind. Outlook 2010 was the first release of Outlook that included considerations for Office 365.
In this respect, Outlook 2007 is not an ideal solution for business users. Outlook 2007 users who do not want to purchase Outlook 2013 for desktop, or do not have access to Outlook 2013 App via their Office 365 subscriptions, should consider using Outlook Web Access (OWA). OWA is a fully specified browser-based alternative to desktop Outlook solutions, and we have experience of companies using OWA as their principle email client to save licensing costs.
Connect Outlook 2007 to Exchange Online
NOTE: Outlook 2007 supports only one Exchange connection per Outlook profile. If Outloo returns an error when you try to add a second Exchange connection to an Outlook 2007 profile, you may need to create a new profile before you can use an Exchange connection with Outlook 2007. For information, see “What else do I need to know?” later in this article.
- Open Outlook 2007. If the Outlook 2007 Startup wizard displays automatically, on the first page of the wizard, click Next. Then, on the E-mail Accounts page of the wizard, click Next again to set up an email account. If the Outlook 2007 Startup wizard does not appear, navigate to the Tools menu and click Account Settings. In the Account Settings dialog box, on the E-mail tab, click New.
- On the Auto Account Setup page, Outlook may try to automatically fill in the Your Name and E-mail Address settings based on how you are logged on to your computer. If the settings are filled in and they are correct, click Next so that Outlook can establish your settings. If the settings in the Auto Account Setup page are not filled in or are inaccurate or wrong, do the following:
- If the settings on the Auto Account Setup page aren’t filled in for you, type the correct settings based on the information that was provided to you by the person who manages your email account.
- If the name in the Your Name box is not correct, you may need to reset the options on the Auto Account Setup page before you can edit your name. To reset the options, select and then clear the check box next to Manually configure server settings or additional server types.
After you click Next on the Auto Account Setup page of the wizard, Outlook will perform an online search to find your email server settings.Outlook 2007 will display a message that asks you to allow a website to automatically set up your account. Outlook must connect to that website periodically to make sure your account is up to date. If you don’t want to see this message every time Autodiscover runs, select Don’t ask me about this website again, and then click Allow.
Outlook 2007 will continue setting up your account. You will be asked for your user name and password before Outlook 2007 can connect to your account. Make sure you enter your full email address (for example, tony@contoso.com) as your user name. You may be prompted to enter your user name and password several times before you connect.
- If Outlook is able to set up your account, you will see the following text: Your email account is successfully configured to use Microsoft Exchange. Click Finish.
- If Outlook is not able to set up your account, see “What else do I need to know?” later in this topic.
What else do I need to know?
- If your email account is the type that requires registration, you need to register it the first time you sign in to Outlook Web App. You won’t be able to connect to your email account using Outlook if you haven’t registered your account through Outlook Web App. After you sign in to your account, sign out. Then try to connect using Outlook. For more information about how to sign in to your account using Outlook Web App, see Sign in to Outlook Web App.
- If Auto Account Setup can’t successfully connect you to your account, do one or more of the following:
- Wait a few minutes and try again.
- If you need to connect to your email account immediately, use a Web browser or an email program that supports POP or IMAP to connect to your account using Outlook Web App. For information about how to connect using a Web browser, see Sign in to Outlook Web App. For information about how to connect using a POP or IMAP email program, see Use IMAP or POP email programs.
- If you know the name of the person who manages your mailbox (sometimes called an email administrator), contact them and report the error you’re getting when you try to connect with Outlook.
- Outlook 2007 supports only one Exchange email account per Outlook profile. If you try to add a second Exchange connection while Outlook is running, you may get the following error. You cannot add a Microsoft Exchange account to this profile while Outlook is running. Exit Outlook and use the Mail icon in the Control Panel to add a Microsoft Exchange account.
- If you already have an Exchange connection in your Outlook profile, you may need to delete the current profile or create a new profile before you can follow the steps in this topic. For more information about Outlook profiles, see Add or remove an email account at the Microsoft Office Online Web site.
by Steve Galloway | Dec 13, 2014
IP blacklisting happens when an email sent to a recipient is returned with an error message that includes the terse statement:
error 550: Message rejected due to sender IP reputation ([xx.xx.xx.xx])
A “Blacklist”, more properly called a “DNS-based Blackhole List”, is a real-time database that uses criteria to determine if an IP address is sending email that could be considered spam. There are over a hundred influential public blacklists including Spamhaus, Barracuda Reputation Block List, and SpamCop. They all have their own criteria for accepting inbound mail and all can seriously impair email delivery.
Perversely, blacklisting happens when an important email addressed to an important customer or supplier is returned and, worse, all subsequent messages are returned, followed by a contagion that spreads to effective paralysis.
Initially, users call their email supplier for help. However, the supplier has limited options. For instance, email was being despatched, and in one sense the “error 550” delivery failure message proves that the sender’s equipment worked well enough to have sent the email in the first place.
How does blacklisting happen?
The problem lies with the IP address associated with the sender’s email. Email is routed using IP addresses. Once, engineers imagined the number of IP addresses using “version” 4 would be impossible to consume. However, as the “Internet of things” continues to grow, “IPv4” faces a crunch. There are not enough IP addresses using the IPv4 convention to supply all devices with unique values, future growth notwithstanding. To keep costs down, engineers use techniques to delegate individual public IP addresses to cover several users. This has become a vulnerability. Larger organisations tend to use dedicated solutions which circumvent this vulnerability.
For example, company A (see “witness.org” in the illustration above) uses a mail server which is uniquely identified on the Internet as 67.36.243.81. However, company B has its owns services, but those services sit within server 67.36.243.81’s environment. In this way, potentially, several hundred organisations can use a common IP address. This practice is most commonly used in retail, or entry level, web hosting.
When an email address has been blacklisted, the IP address attached to an email has been associated with suspicious activity by virtue of the IP address (e.g. 67.36.243.81) which matches an existing entry held by a public blacklist as a source of unusual volumes or otherwise suspicious activity. The activity is not necessarily attributable to the sender at witness.org, in the case of the example above. However all users subscribed to 67.36.243.81 are seen by a public blacklist as one entity. The good news is that the message is returned to sender so that there is a chance for the sender to understand there is a problem.
If an email services have been blacklisted, it could be because a user with a common IP address has been detected distributing suspicious email. This is not always the case, though. It could also mean that the user’s own workstation or office network is responsible, using resources to distribute large mail volumes which might include the business’ own sensitive data. The only way to know a business’ web servers or local machines have not been infiltrated is to conduct a full security review.
There are several reasons that contribute to blacklisting. Perhaps the most usual culprits are catch-all email services, email forwarding, and poorly managed bulk email.
How to fix blacklisting problems
Blacklisting is such a common problem that ISPs need dedicated departments to manage this and other security issues. In terms of mail flow, the bottleneck happens at the recipient’s end. The sender’s services have despatched email, so the sender’s equipment works. However, in practice there is not much motivation for the recipient to intervene to clear the blacklisting block. Usually, the sending ISP intervenes to lift the block by tracing contaminated IP addresses and corresponding with the public blacklists involved. If the underlying reason for a blacklisting is not eliminated and blacklisting persists, eventually public blacklists will permanently block an implicated IP address. Further, if an ISP has reason to believe its user is breaking its contractual terms by causing suspected email to cross its networks, ISPs will usually terminate email services until the user can demonstrate what steps it is taking to arrest the abuse. Potentially, an ISP may seek financial penalties from its user.
More often, businesses are finding that premium services like Exchange, Hosted Exchange, etc. are increasingly necessary to provide the reliability they need.
by Steve Galloway | Dec 5, 2014
Website contact forms lead owners into dangerous territory for a variety of reasons, not least of which is that it is the first port of call for “bots” or even a plain old mischievous pair of hands to infiltrate.
The problem with contact forms is that there is no measure to report the kind of problem which is so troublesome. Contact forms can seemingly be operating fine for months, and users assume that the reason why the contact form is quiet is because the website is quiet. There is, however, a darker reason.
More often than not, the contact form is being used, but the website owner receives nothing.
There is a pattern in this. Firstly, if contact forms were really that unreliable, people would not use them. The truth is that well designed and widely subscribed plugins do their job very well. Secondly, email usually leaves the website in tact. We know this, because emails that fall over at the website are invariably well documented and reported to both sender and receiver. Thirdly, the problem more often than not coincides with GMail, Live (Hotmail), Yahoo, and other bulk email services that small business users operate to keep costs down and it is here, at the perimeter of the website owner’s provider, where the smoking gun smoulders.
By way of illustration, this portrays how Microsoft’s Exchange Online service manages incoming email. GMail and other providers will use similar processes.
Users might be surprised at the scale of the processes illustrated. Notably the flowchart focuses on the recipient’s services. For example, a successfully delivered email must tranist 17 different tests to reach a recipient once it reaches the end user’s supplier. This is partly because there is scope of end users in this kind of system to manually update their own needs in the filtering system. Gmail etc. will use similar approaches, but critically their tools for customising end user needs ranges from minimal to none. When an email is sent from a WordPress contact form plugin, the email is already authenticated, so it does not go through a testing process. It just “goes”, and the conduct for the handling of the email really falls to other parties from this point. At the other end, it only takes a few emails – as few as 3 or 4 within the space of a day at Hotmail – to trigger a block at the first evaluation. When this happens, end users do not even get notice by way of delivery to their own spam box.
Contact form email outages pose serious commercial risks to owners: site visitors assume the email got through and nobody cares, or in cases where contact forms support event calendaring or tangible purchases, the consequences can be terminal for organisers or sellers. Whatever the purpose of the form, the reputational damage for an otherwise efficient back office is difficult to lift once the damage is done, and as long as users rely on free email services, there is not much that website designers and network engineers can do to circumvent issues which unfortunately tends to lead to misplaced attitudes towards the IT provisioners. The answer lies in email, upgrading services, and just as importantly managing associated email services to keep email addresses “clean”.
Contact forms are so widely used because publishing an email address in recognisable characters on a web page or blog is the easiest way to get the email address into the open for abuse. Contact forms mask the website owner’s email address so that it is invisible to public scrutiny. Some will argue that their inboxes are well managed by, for instance, GMail, so that spam is not an issue for them. However this is dangerous territory. Once an email address is in the open, it becomes one of the very metrics that security services establish to measure the veracity of email, and apart from customers spamming your own “contaminated” email, it is not unknown for site owner’s contact forms to lose functionality because the owner’s own antivirus tools have blacklisted the very email address the owner relies on.
Once, users could rely on freely available services like GMail, Yahoo, Hotmail, etc. There is a widening gap, however, between the reliability of email traffic delivered to “subscription” users who are given dedicated email services and tools (e.g. configurable antivirus/spam and even “connectors” which effectively tunnel emails between trading partners or configured resources like contact forms) and “free” services, whose solutions are provided “as is” and which do not provide adequate tools for customisation of email services.
Others point to social media, which is fine if everybody subscribes to Facebook, for example.. Really, businesses need a minimum variety of contact points, and contact forms are not easily left out of the solution.
Hard pressed web site owners might also remember the days when people just picked up the phone and called someone. True. One reason we use the web, though, is to reach a geographically broader audience, and some network engineers would argue that people actually do call – at 4:00am!
It is frustrating for users on the one hand that advances in web authoring tools like WordPress empower small business users, while the increasing complexities of email and other technologies still make it difficult for those same users to compete on an even playing field with larger organisations. Small business solutions are still judged to the same standard that large organisations enjoy, albeit with hefty investments. Although some users rely on freely available niche providers, some of whom are pretty good, the question looms – how long can a loss sustaining business model last in the first place, and what happens if it goes down, taking an end user’s services with it?
In terms of email, the idea of a two-tier “Internet” is already here. The good news for small businesses who are committed to online services is that solutions like Exchange Online are available at a fraction of the price that corporates and government departments have paid over the last two decades to produce these services. Exchange Online starts at £2.50 per month, for instance although it still needs some professional support to pull all the leavers.
In a world of choice, website owners can continue to persevere with freely available email and many will, partly because they do not know their email provider is trashing their contact form email. In this case, though, their Gmail account is not serving much purpose, either.
For advice with issues about contact forms, please contact either Fred Dreiling or Steve Galloway using our contact page.
by Steve Galloway | Dec 4, 2014
We are upgrading our IMAP email platform in early 2015. This is a major system upgrade which is being released in a staged roll-out. We do not have confirmed dates, so be sure to check back for updates.
The IMAP service was introduced in 2014 to cope with users who needed email synchronisation on multiple devices. During 2014 ComStat gained Microsoft Cloud Partner certification and comsequently we intend to deprecate both POP3 and IMAP email services in favour of our Microsoft Exchange service during 2015. Exchange provides a broader service specification for users who need SLA-backed reliability.
Although this service is scheduled for deprecation, we will continue to support the platform for existing users until pending renewal.
The engineering work does not affect ComStat’s Exchange/Office 365 users.
During the IMAP platform re-build we expect some degradation of service and possible disruption. IMAP users who require continuous service may want to consider migrating to Exchange in advance of their normal renewal dates – please contact Steve Galloway on 07834 461 266 for more guidance.
