Complete Guide to Identifying and Reporting Phishing Email
Don’t get scammed again! Easily Identify Phishing Email.
Don’t get scammed again! Easily Identify Phishing Email.
I have always despised Outlook as a POP3 or IMAP client. It’s heavy, slow, bloated software that is designed to integrate with Exchange server, an enterprise-level application. Corporations have teams of network engineers working to keep Exchange server and associated Outlook clients running. The average small to medium-sized business is not so lucky. We just want a trouble-free mail client that works every time we open it. Unfortunately, that is not Outlook.
Why not use Outlook? It’s heavy bloated software that struggles to perform simple email retrieval functions without having issues. Using it for POP3 or IMAP is a miserable experience. Since email is literally the cornerstone of business, this is unacceptable! In my year of using it, I experienced more downtime and frustration with Outlook than any other mail client I have ever used.
Some of the annoyances and issues I continuously encounter are:
The last time Outlook crashed, I finally had enough. It had to GO!
After some searching and reading reviews, I decided to take a chance on eM Client.
I opted for the Pro version which has a list of features that blows every other mail client away. The install was quick and easy and it loaded up all my IMAP messages quickly. After a few day of using eM Client, I was certain this was the mail client I had been looking for.
Things I love about eM Client:
Things that need improvement:
I have just scratched the surface of the capabilities of eM Client. I will report back here as I discover more pros and cons of eM Client. Check out eM Client for yourself!
For customers using our email services, we have added a secure email port to our hosting server that is available to start using now. We added this for customers using iPhones which try to use this port by default. However, the port is available for everyone to use if you choose to do so.
Anyone who is *not* using SSL/TLS won’t be getting any warnings, and don’t need to change anything. So the rule is, anyone with SSL or TLS turned on (and it may be forced to “on” in some clients like iPhones) should use securemail.houstonshost.com for the incoming and outgoing server name.
Secure mail uses an encrypted SSL connection for both incoming POP and outgoing SMTP.
The new setting for secure mail are:
Incoming server: securemail.houstonshost.com
Port for POP3: 995
Outgoing server: securemail.houstonshost.com
If using SSL, then Port: 465
If using TLS, then Port: 587
Note that if you are using another email service like Office 365, Rackspace or Gmail, this does not apply to you.
If you are using Horde Webmail to delete mail on the server, these are the steps you will need to take before you can remove mail entirely. By default, Horde does not come with a “Trash” folder so this must be created before you are allowed to delete mail.
1) Login and click on “New Messages”
2) Click on the “Folder Actions” and select “Create Mailbox”
3) Name the new mailbox “Trash”
4) In the same Folder Action dropdown, select “Rebuild folder list”
Next, Go to the Gear Icon in the top menu bar.
Select the link “Deleting and moving messages”
Check the following boxes:
Mark messages as seen when deleting? (Check)
Move deleted messages to your Trash mailbox instead of marking them as deleted in the current mailbox? (Check)
In Trash mailbox dropdown, select “Trash”
Purge Trash how often, select “Daily”
Purge messages in Trash mailbox older than this amount of days
Select your option here. (5)
Now all deleted email will be sent to your trash folder. You can have Horde Delete this automatically if you have a time frame set or you can manually delete them in the interface.
We have just installed a new layer of spam protection for our hosting customers. Welcome to MagicSpam.
MagicSpam is not a filter but integrates with the mail server and works on the edge or the SMTP layer to reject spam before it enters the server. It is also configured to help stop Trojans and bots with Mail Server Profiling.
Furthermore, it performs best practices and DNSBL (Email Black Hole) checks against all incoming mail.
While all spam cannot be stopped, this extra layer of protection will help eliminate much of the spam that currently makes it to your inbox.
A poll of customers reports dramatic drops in spam as soon as MagicSpam was installed.
Email is one of the most common business tools we use and is often taken for granted. However, if it goes down, you immediately realize how hard it is to function without it.
Luckily, most email issues are easy to fix and actually exist at the mail client on your local computer, not the server.
If you complete the procedures and your email is still not working correctly, it may be time to call support but the more information you can provide, the faster support can help you resolve the issue.
Absolute first things to check.
1) Are you connected to the internet?
2) Is your domain name resolving? (can you browse to you website)
If the above are true:
Open your Webmail client that is included with your hosting account. If you can login and check mail, it is a indication that the issue lies with your computer’s email program (mail client). This does two things:
1) Gets you immediate access to your mail
2) Helps trouble shoot the issue at hand
Next, know your email settings including:
All of these setting are in your mail client setup with exception of your password which will be hashed out.
If you cannot login to Webmail, the problem probably lies with your password.
Troubleshooting Checklist:
1) Are you connected to the internet? If not, reconnect and retest. If you are connected, shut down your mail client software and then SHUT DOWN your computer. Do not restart, Shut Down. Restart after a minute or so. Test Again.
Some Anti-Virus programs act as proxy server and can lock up. This also helps clear Outlook caching issues.
Still having issues?
2) Double check all your settings. A single wrong setting can cause email failure. Most support calls are simply wrong settings in the mail client software (your mail program. Outlook, Windows Live, etc).
3) The remainder are typically caused by Microsoft Outlook itself. Seldom do we receive calls from customers that use other mail clients.
Therefore, test your email in another mail client such as Windows Live Mail, Mail, Thunderbird (free from Firefox), Etc. DO NOT SKIP THIS STEP. It only takes a few minutes and is essential in the trouble shooting process.
If your email works in another mail client, the mail server is working and it is a local email client issue (Outlook) or a local computer issue. We cannot troubleshoot Outlook issues other than to tell you not to use it. There is some support on the Microsoft site http://support.microsoft.com
Still not working?
4) If you can login with webmail and check email, the server is working properly and there are four possibilities of why you cannot connect with your mail client.
a) Problem with your mail client software (Outlook)
b) If the problem is only with sending email (SMTP) you need to check the following settings:
c) Port 25 is being blocked by your ISP. ISP’s have started doing this as an attempt to prevent spam. Therefore, we have a workaround. Under Advanced Settings you will find the option to change your SMTP server port number. Try changing it to 587. If you are a SiteBuilder customer, login to your Admin/Email and get the alternate port numbers in the help section.
d) Your IP address is blacklisted in the DNSBL or DNS Blacklist. This could be caused from a variety of reasons. You will need to check your local IP address and determine if there is an issue. You can get your IP address by going to http://www.whatsmyip.org/
Next, go to http://www.dnsbl.info/ and run a scan on it. Also, check it at http://mxtoolbox.com/blacklists.aspx
If your IP is showing up on one of these lists, please contact us and we will try to help you troubleshoot this issue. Please note that this is not an issue with our server but other conditions that exist.
The possibilities are:
5) Additionally, you may need to check:
If you follow the steps above, you should be back online or at least have the information ready to relay to support personnel for faster resolution.
When you think of someone hacking your Computer, Website, email account or worse yet, bank account, what do you think of? Some geeky computer prodigy working out of his mother’s basement, meticulously hacking his way into any computer system? The hackers you see in movies and on TV are a far cry from reality.
Hackers, better know now as “Script Kiddies” now rely on “scripts” or automated programs that perform hacking tasks automatically. These scanning scripts are readily available to download. They run against thousands of IP addresses 24/7 unattended. Once a vulnerability is found anywhere, it is flagged and then exploited.
One of the simplest ways for a hacker to compromise your account is called a Dictionary Attack.
A Dictionary Attack is when a script uses a dictionary file that includes every word in the dictionary to try and access your account. It runs and runs tirelessly trying to login using each word. This is the easiest form or attack because users still do not use strong passwords. Many people are in the habit of using easy, everyday words or names that are easily cracked.
The Next form of attack is called the the Hybrid Dictionary Attack. This stems from the fact the people use numbers or characters after simple words and names. So john1, john2, hello@, etc. are easily cracked using this method.
Finally, there is the brute Force Attack which is comprehensive attack on your password and can take weeks.
The point of all this is that you must use strong passwords to protect yourself from these advanced hacking programs.
A strong password should have alpha, numeric, upper & lower case characters. A good example of a strong password is “Bl%6i@20Az” . It may be hard to remember but it is worth the effort. This simple method can protect you from potential disaster.
Password bit and length correlation is beyond the scope of this post. Follow this link to learn more on Password Entropy and Length Correlations.
We have implemented SPAM filtering technology on our CentOS servers. The “Mail Abuse Prevention System” or MAPS is a not for profit organization committed to defending the internet’s email system from spammers. We have implemented the MAPS Spamhaus “Zen” technology. ZEN is the combination of all Spamhaus DNSBLs into one single powerful and comprehensive blocklist to make querying faster and simpler. It contains the SBL, the XBL and the PBL blocklist.
A DNS-based Blackhole List, or DNSBL, is a means by which an Internet site may publish a list of IP addresses, in a format which can be easily queried by computer programs on the Internet. As the name suggests, the technology is built on top of the Internet DNS or Domain Name System. DNSBLs are chiefly used to publish lists of addresses linked to spamming.
For more info you may visit http://www.spamhaus.org/zen/
While this is a very good front line filter, it will not eliminate spam completely. We therefore also implimented Magic Spam Anti spam protection.
MagicSpam is a powerful Anti-Spam software that is installed directly on our mail server. MagicSpam is based on the same anti-spam technology used by Large ISP’s and Telco’s.
The technology works by stopping junk mail directly in the SMTP layer offering better Zero Day Protection against trojans, bots, and other malware keeping both you and your customers more secure. See more on the Magic Spam Filter.
The last line of defense against spam is your mail client. I.e. Outlook, Apple Mail, Etc. These programs have learning technology included so you can “train” them to detect and filter spam. There are also many other third-party spam filters that work very well with your local mail client software.
Support is available 24 Hours a day: [email protected]
Tel: 713-724-7483