Change password – IMAP email account

It is good practice to change email passwords occasionally. Sometimes, ComStat may ask you to change passwords if we suspect that a third party has compromised your account. If users do not know passwords, we can force a password change, however you should take responsibility of your passwords and we ask users to log in to their email accounts and overwrite our forced password changes with passwords of their own. To manage your passwords:

1. Go to your Webmail control panel at http://webmail.example.com (replace example.com with your own domain name).

2. Login with your email address and the password if you know it, or the password we have given you. Click open the settings icon. The image below shows you where this icon is.

imap password change 1

This is your Webmail account, and you can use this control panel to manage your email and your email settings, review mail statistics, and more.

3. In the next screen check that the control panel is opened to the “Account Settings” preferences, and the “User” tab, and then input your passwords and click save. A time of writing you will need a capital letter and a number in your password. Our policy may change from time to time. When you have entered your passwords, click “save”, which is located above the “User” tab.

imap password change 2

You have now changed your password. Also, changing your password will mean you need to update settings on any devices that connect to Office 365, including desktops, laptops, tablets, or mobile phones. This process will allow you to manage one account at a time. To manage another account, log out of your Webmail account, and then log in to the next account with that user’s credentials, and repeat.

Email blacklisting

Email blacklisting

IP blacklisting happens when an email sent to a recipient is returned with an error message that includes the terse statement:

error 550: Message rejected due to sender IP reputation ([xx.xx.xx.xx])

A “Blacklist”, more properly called a “DNS-based Blackhole List”, is a real-time database that uses criteria to determine if an IP address is sending email that could be considered spam. There are over a hundred influential public blacklists including Spamhaus, Barracuda Reputation Block List, and SpamCop. They all have their own criteria for accepting inbound mail and all can seriously impair email delivery.

Perversely, blacklisting happens when an important email addressed to an important customer or supplier is returned and, worse, all subsequent messages are returned, followed by a contagion that spreads to effective paralysis.

blacklist

 

Initially, users call their email supplier for help. However, the supplier has limited options. For instance, email was being despatched, and in one sense the “error 550” delivery failure message proves that the sender’s equipment worked well enough to have sent the email in the first place.

How does blacklisting happen?

The problem lies with the IP address associated with the sender’s email. Email is routed using IP addresses. Once, engineers imagined the number of  IP addresses using “version” 4 would be impossible to consume. However, as the “Internet of things” continues to grow, “IPv4” faces a crunch. There are not enough IP addresses using the IPv4 convention to supply all devices with unique values, future growth notwithstanding. To keep costs down, engineers use techniques to delegate individual public IP addresses to cover several users. This has become a vulnerability. Larger organisations tend to use dedicated solutions which circumvent this vulnerability.

For example, company A (see “witness.org” in the illustration above) uses a mail server which is uniquely identified on the Internet as 67.36.243.81. However, company B has its owns services, but those services sit within server 67.36.243.81’s environment. In this way, potentially, several hundred organisations can use a common IP address. This practice is most commonly used in retail, or entry level, web hosting.

When an email address has been blacklisted, the IP address attached to an email has been associated with suspicious activity by virtue of the IP address (e.g. 67.36.243.81) which matches an existing entry held by a public blacklist as a source of unusual volumes or otherwise suspicious activity. The activity is not necessarily attributable to the sender at witness.org, in the case of the example above. However all users subscribed to 67.36.243.81 are seen by a public blacklist as one entity. The good news is that the message is returned to sender so that there is a chance for the sender to understand there is a problem.

error_550

 

If an email services have been blacklisted, it could be because a user with a common IP address has been detected distributing suspicious email. This is not always the case, though. It could also mean that the user’s own workstation or office network is responsible, using resources to distribute large mail volumes which might include the business’ own sensitive data. The only way to know a business’ web servers or local machines have not been infiltrated is to conduct a full security review.

There are several reasons that contribute to blacklisting. Perhaps the most usual culprits are catch-all email services, email forwarding, and poorly managed bulk email.

How to fix blacklisting problems

Blacklisting is such a common problem that ISPs need dedicated departments to manage this and other security issues. In terms of mail flow, the bottleneck happens at the recipient’s end. The sender’s services have despatched email, so the sender’s equipment works. However, in practice there is not much motivation for the recipient to intervene to clear the blacklisting block. Usually, the sending ISP intervenes to lift the block by tracing contaminated IP addresses and corresponding with the public blacklists involved. If the underlying reason for a blacklisting is not eliminated and blacklisting persists, eventually public blacklists will permanently block an implicated IP address. Further, if an ISP has reason to believe its user is breaking its contractual terms by causing suspected email to cross its networks, ISPs will usually terminate email services until the user can demonstrate what steps it is taking to arrest the abuse. Potentially, an ISP may seek financial penalties from its user.

More often, businesses are finding that premium services like Exchange, Hosted Exchange, etc. are increasingly necessary to provide the reliability they need.

WordPress, contact forms, & the smoking gun

WordPress, contact forms, & the smoking gun

Website contact forms lead owners into dangerous territory for a variety of reasons, not least of which is that it is the first port of call for “bots” or even a plain old mischievous pair of hands to infiltrate.

The problem with contact forms is that there is no measure to report the kind of problem which is so troublesome. Contact forms can seemingly be operating fine for months, and users assume that the reason why the contact form is quiet is because the website is quiet. There is, however, a darker reason.

More often than not, the contact form is being used, but the website owner receives nothing.

There is a pattern in this. Firstly, if contact forms were really that unreliable, people would not use them. The truth is that well designed and widely subscribed plugins do their job very well. Secondly, email usually leaves the website in tact. We know this, because emails that fall over at the website are invariably well documented and reported to both sender and receiver. Thirdly, the problem more often than not coincides with GMail, Live (Hotmail), Yahoo, and other bulk email services that small business users operate to keep costs down and it is here, at the perimeter of the website owner’s provider, where the smoking gun smoulders.

By way of illustration, this portrays how Microsoft’s Exchange Online service manages incoming email. GMail and other providers will use similar processes.

antiV_800

 

Users might be surprised at the scale of the processes illustrated. Notably the flowchart focuses on the recipient’s services. For example, a successfully delivered email must tranist 17 different tests to reach a recipient once it reaches the end user’s supplier. This is partly because there is scope of end users in this kind of system to manually update their own needs in the filtering system. Gmail etc. will use similar approaches, but critically their tools for customising end user needs ranges from minimal to none. When an email is sent from a WordPress contact form plugin, the email is already authenticated, so it does not go through a testing process. It just “goes”, and the conduct for the handling of the email really falls to other parties from this point. At the other end, it only takes a few emails – as few as 3 or 4 within the space of a day at Hotmail – to trigger a block at the first evaluation. When this happens, end users do not even get notice by way of delivery to their own spam box.

Contact form email outages pose serious commercial risks to owners: site visitors assume the email got through and nobody cares, or in cases where contact forms support event calendaring or tangible purchases, the consequences can be terminal for organisers or sellers. Whatever the purpose of the form, the reputational damage for an otherwise efficient back office is difficult to lift once the damage is done, and as long as users rely on free email services, there is not much that website designers and network engineers can do to circumvent issues which unfortunately tends to lead to misplaced attitudes towards the IT provisioners. The answer lies in email, upgrading services, and just as importantly managing associated email services to keep email addresses “clean”.

Contact forms are so widely used because publishing an email address in recognisable characters on a web page or blog is the easiest way to get the email address into the open for abuse. Contact forms mask the website owner’s email address so that it is invisible to public scrutiny. Some will argue that their inboxes are well managed by, for instance, GMail, so that spam is not an issue for them. However this is dangerous territory. Once an email address is in the open, it becomes one of the very metrics that security services establish to measure the veracity of email, and apart from customers spamming your own “contaminated” email, it is not unknown for site owner’s contact forms to lose functionality because the owner’s own antivirus tools have blacklisted the very email address the owner relies on.

Once, users could rely on freely available services like GMail, Yahoo, Hotmail, etc. There is a widening gap, however, between the reliability of email traffic delivered to “subscription” users who are given dedicated email services and tools (e.g. configurable antivirus/spam and even “connectors” which effectively tunnel emails between trading partners or configured resources like contact forms) and “free” services, whose solutions are provided “as is” and which do not provide adequate tools for customisation of email services.

Others point to social media, which is fine if everybody subscribes to Facebook, for example.. Really, businesses need a minimum variety of contact points, and contact forms are not easily left out of the solution.

Hard pressed web site owners might also remember the days when people just picked up the phone and called someone. True. One reason we use the web, though, is to reach a geographically broader audience, and some network engineers would argue that people actually do call – at 4:00am!

It is frustrating for users on the one hand that advances in web authoring tools like WordPress empower small business users, while the increasing complexities of email and other technologies still make it difficult for those same users to compete on an even playing field with larger organisations. Small business solutions are still judged to the same standard that large organisations enjoy, albeit with hefty investments. Although some users rely on freely available niche providers, some of whom are pretty good, the question looms – how long can a loss sustaining business model last in the first place, and what happens if it goes down, taking an end user’s services with it?

In terms of email, the idea of a two-tier “Internet” is already here. The good news for small businesses who are committed to online services is that solutions like Exchange Online are available at a fraction of the price that corporates and government departments have paid over the last two decades to produce these services. Exchange Online starts at £2.50 per month, for instance although it still needs some professional support to pull all the leavers.

In a world of choice, website owners can continue to persevere with freely available email and many will, partly because they do not know their email provider is trashing their contact form email. In this case, though, their Gmail account is not serving much purpose, either.

For advice with issues about contact forms, please contact either Fred Dreiling or Steve Galloway using our contact page.

IMAP Network Upgrade

IMAP Network Upgrade

We are upgrading our IMAP email platform in early 2015. This is a major system upgrade which is being released in a staged roll-out. We do not have confirmed dates, so be sure to check back for updates.

The IMAP service was introduced in 2014 to cope with users who needed email synchronisation on multiple devices. During 2014 ComStat gained Microsoft Cloud Partner certification and comsequently we intend to deprecate both POP3 and IMAP email services in favour of our Microsoft Exchange service during 2015. Exchange provides a broader service specification for users who need SLA-backed reliability.

Although this service is scheduled for deprecation, we will continue to support the platform for existing users until pending renewal.

The engineering work does not affect ComStat’s Exchange/Office 365 users.

During the IMAP platform re-build we expect some degradation of service and possible disruption. IMAP users who require continuous service may want to consider migrating to Exchange in advance of their normal renewal dates – please contact Steve Galloway on 07834 461 266 for more guidance.