Major email providers including Google, Yahoo and AOL are set to tighten rules on incoming email – making accounts more secure against SPAM and demanding more of bulk senders who want to see their emails delivered.
Google and Yahoo alone represent more than two billion email accounts, many of them belonging to individual consumers for personal use. Estimates suggest around 70% of these have no protection against domain spoofing.
Until recently, even many basic security protocols such as SPF (checking whether email header and ‘sent from’ address match) were not enforced on major email platforms such as gmail – allowing fraudulent emails to unsuspecting users. This made phishing emails easier to circulate, harder to detect, and has been recognised as one of the biggest enablers for cyber security attacks.
DKIM – a protocol that signs both the real domain and email with a cryptographic signature that email clients can cross-reference for authenticity – is also often absent, with email providers increasingly looking to demand better standards from email senders.
From February 2024, bulk email senders must adhere to the following requirements outlined by Google and Yahoo:
New Sender Rules
SPF & DKIM Enforced – Business and organisations that need their emails to be delivered safely will have to add SPF & DKIM settings to their domains and mail servers that verify whether emails purporting to be from them are genuine, and have not been tampered with. Without checks in place, Gmail and Yahoo may reject those emails altogether.
Easy Unsubscription – bulk emails must offer ‘one-click’ unsubscribe options for recipients, making it easy for email recipients to opt-out of repeated unwanted messages, and keep clutter under control.
DMARC, the most challenging of the requirements, will be enforced for bulk email senders sending more than 5,000 emails per day, aimed at preventing rapid phishing scams and other mass attempts at fraudulent communications.
For those communicating with the public, the changes are likely to prove crucial, and IT managers need to prepare carefully to ensure their emails continue to be trusted.
For Cyber Security assistance and expertise, please contact our team today.
Microsoft have announced Reply All email storm protection for Exchange Online – designed to prevent crushing organisational reply all email chains.
By default, the feature will detect ten reply all emails to over 5,000 recipients within 60 minutes, (what IT admins jokingly call a ‘reply-allpocalypse’) and will block further sending to prevent the problem escalating.
A particular problem in large organisations, email storms begin when large numbers of recipients click ‘reply-all’ either to respond or ask to be removed from the chain – massively multiplying the overall number of emails passing through Exchange servers.
If you find yourself stuck in a big reply all email storm, the guidance is simple: Do nothing. Do not reply to the email. Replying only makes the problem worse for everyone in the email chain, including you.
Reply all email storms have plagued large organisations. The NHS was infamously struck by a server-crushing 500 million emails in less than two hours on 14th November 2016, after an IT contractor accidentally sent a test email to everyone with an NHSmail email address – approximately 840,000 people.
Microsoft itself became one of the first test cases during the “Bedlam DL3” incident of 1997, when a user emailed 13,000 company addresses. Other users unaware of how many replies they were sending asked to be removed, and by the time the storm had subsided a terrifying 15 million emails had been sent – far beyond the capacity of late-90s email servers.
Reply-all email storm protection is currently being rolled-out to Microsoft Exchange Online and packaged services including Microsoft 365.
For IT Support and expertise, please contact Lineal today.
Email remains a, if not the, key threat vector for protecting organisations from cyber crime – with around 90% of cyber attacks beginning by compromising an unsuspecting user via email.
Today we take a closer look at some of the clever tricks of Barracuda’s email filtering & security service, and why the small investment to protect your inbox is worth it:
Attachment Scanning
In addition to profiling every email which passes through its live email filtering service in seconds, Barracuda scans each email attachment for signs that the contents might be malicious.
As cyber criminals begin to use more sophisticated means, it’s worth implementing this to prevent macro-enabled office documents, infected PDFs and similar file download tricks from catching out users who might be curious to open a dangerous attachment.
Outbound
Barracuda email filtering scans not just incoming, but outgoing emails from your hosted mail service or mail server, ensuring not only that your clients are protected from suspect emails, but that staff cannot circulate threats further within your organisation.
Anybody familiar with being caught in a reply-all ’email storm’ knows how quickly bad email can spread internally – be part of the solution yourself, not the problem.
Email Spooling
In the event that your email service falters, clients quickly begin receiving bounce-backs, which leave a poor impression of customer service.
This is avoidable – routing via Barracuda’s email servers, emails will temporarily ‘spool’ like planes stacking over an airport, ensuring onward delivery later when the service comes back online. This ensures any unfortunate interruption to communications is not immediately visible to your clients.
Long Term Recovery
Hosting your email in the cloud with Microsoft Office 365? Everything is backed up in the cloud, correct? Not quite – even Office 365 has a 30-day recovery period on deleted email, and emails can ultimately only be restored individually.
This retention period can be longer, or even unlimited, with Barracuda email backups, making sure that emails can be recovered long after staff have deleted them, accidentally or otherwise.
This extra silo of automated email backup protects not just against employee negligence or malpractice, but also common digital breaches such as compromised accounts.
For cyber-security and IT expertise – please contact our team today.
Online Security breach website HaveIBeenPwned.com has detected the largest online breach of email addresses to date – nearly 773 million unique emails.
The 87GB of breached personal data, publicised by Microsoft Regional Director and cybersecurity expert Troy Hunt, was spotted last week via online file-hosting website MEGA under the ominous name “Collection #1”, and has now been removed.
The data itself, believed to be a terrifying aggregation of a large number of previous smaller data breaches, also contained more than 21 million identifiable plain-text passwords.
More than 140 million of the email addresses identified have never been seen before by HaveIBeenPwned.com, suggesting some of the personal data may originate from as yet undiscovered breaches.
Those affected by the breach are advised to change their passwords immediately, to prevent criminals potentially exploiting the data to access other online services where the user has registered with identical login credentials.
You can check if your email(s) (and potentially passwords) have been breached among the 773 million by clicking here.
For IT support and cybersecurity expertise, contact Lineal about your requirements today.
Setting your email out of office is something most people do only occasionally, and therefore can be unfamiliar to many. However, an auto-reply helps present a professional face for your business or organisation while you’re away enjoying the holiday season, and provides reassurance to those trying to contact you.
Here are our handy guides for setting up your auto-reply:
1. Open Outlook from your Office 365 Apps, and click the ‘Settings’ cog icon in the top right of your browser. Click ‘Automatic Replies’.
(If using Microsoft’s Outlook.live.com free personal service, you may need to click ‘View All Outlook Settings’ in your Settings tab for Automatic replies to be visible.)
2. Outlook will open your Autoreply settings. To turn on your Automatic replies, tick the top box labelled ’Send Automatic Replies’, and enter the text for your auto reply in the text box.
Choose the date and time period you wish your Out Of Office to remain active for, and when ready, click ‘OK’
Outlook 2019 (for Mac)
1. Open Outlook from your Applications, click ’Tools’ from the Menu Bar and select ‘Out Of Office’.
2. Outlook will open your Autoreply settings. To turn on your Automatic replies, tick the top box labelled ’Send Automatic Replies’, and enter the text for your auto reply in the top box.
Choose the date and time period you wish your Out Of Office to remain active for, and when ready, click ‘OK’.
Outlook 2019 (for PC)
1. Open Outlook and click to the ‘File’ Menu from the top toolbar.
2. From the ‘Info’ Tab click the ‘Automatic Replies/Out Of Office’ Button to open the Automatic Replies Window.
3. Click ’Send Automatic Replies’ at the top – choose the date and time period you wish your Out Of Office to remain active for, enter the message you wish to use for your Autoreply in the ‘Outside My Organisation’ text field, and click ’OK’.
Mac Mail
1. Open Mac Mail
2. Right click on the left hand navigation panel and select get Account Info.
OR – If you right click on a file stored in your own mailbox you will have a direct link to your Out of Office
3. Click ’Send Out of Office Replies’ – choose the date and time period you wish your Out of Office to remain active for, enter the message you wish to use for your Autoreply in the ‘Internal Reply and External reply’ text fields, and click the red close icon in the top left.
Gmail
1. Open Gmail in your web browser, and click the cog icon in the top right.
2. Open ’Settings’, click ‘See All Settings’ and scroll down to the section named ‘Vacation Responder’.
3. Switch Vacation Responder to ‘On’. Choose the date and time period you wish your Out Of Office to remain active for, enter the message you wish to use for your Autoreply in the text field, and click ‘Save Changes’.
Kerio Webmail
1. Sign in to Kerio Webmail, and click your email name in the top right of the browser window. Choose ‘Out Of Office’ from the dropdown Menu.
2. Tick ’Send Out Of Office Message’, choose the date and time period you wish your Out Of Office to remain active for, enter the message you wish to use for your Autoreply in the text field, and click ’Save’.
Yahoo! Mail
1. Sign in to Yahoo! Mail and click the cog icon in the top right corner of your browser to access your settings. Click ‘More Settings’
2. Click ‘Out Of Office’ Response from the left hand menu. Toggle the ‘Turn On Out-Of-Office Response’ Switch to ON.
3. Enter the to and from dates you wish your out of office to remain on for, enter the auto-response in the text box, and click ‘Save’.
Windows 10 Mail App
Open Mail and click the settings cog in the bottom right of the menu.
2. Select ‘Automatic Replies’ from the settings menu
3. Select your email account, toggle Automatic replies to ‘ON’ and enter text for your automatic reply for internal and/or external contacts.
For IT support advice and guidance, contact Lineal today.
***Latest Update to the Hall of Shame – 8th February 2019***
At Lineal our IT team review a lot of dodgy emails. The criminal scam known as phishing (sending fraudulent emails to trick end users into divulging sensitive information or downloading dangerous files) is a widespread threat, and we’re constantly on the lookout for dangerous new scams appearing on the internet.
It’s estimated that around 90% of organisational security threats are caused by a mistaken click in an email, making it by far the most common way businesses are breached by ransomware, viruses or individuals with malicious intent.
However, some human intuition and alertness is always required. With this in mind, we take a look at some examples of the most devious phishing scams we’ve ever seen:
The ‘Delivery Note’
Phishing emails are from fake ‘banks’ or enterprising Nigerian oil ministers, right? Wrong. This fairly innocuous email is the digital form of one of those ‘sorry we missed you’ cards you might receive through the letterbox for undelivered packages.
If you didn’t notice the suspicious sending address, accurate branding could lead you to believe this was really from a major logistics company, and divulge various personal details before realising there isn’t really a package to collect.
The Card-Payment Conundrum
Oh dear! My recurring card-payment for my TV license has expired – time to key my new card details into a dodgy website.
The growth of recurring payment systems for everyday things (like TV licensing) has meant users are familiar with being prompted to update card details, but stay alert: just because the request is mundane doesn’t mean it’s innocent. This is a nasty phishing email which scammed viewers out of thousands of pounds – even hitting national headlines.
The ‘File Share’
A proliferation of easy file-sharing platforms mean that we’re all more familiar with receiving large files via sharing links.
Curiosity about what this file is, and why your contact is emailing it to you (via a pretend ‘Dropbox’ email) might cause you actually to hand over your email address details. This trick is very simple, and persuasive – only the vaguely mail-merged ‘Hi info’ should suggest this is not really something you want in your inbox.
The (Convincing) ‘Fake Bank’
Forget semi-literate Russian hackers and the like, the quality of this fake Natwest email is in a different class. Spelling corrections, clumsy phrasing or dodgy branding can often give away an email scam, but criminals are becoming increasingly sophisticated at imitation. Anyone who falls for this email would be handing over their online banking login details.
Imitation is the sincerest form of flattery, and for the unwary email user, likely to be the most expensive.
The Government Request
Uh Oh. An official demand from Companies House. Better respond quickly. Bad luck – you’ve been scammed.
Don’t let the impeccable branding or the dull subject matter catch you out: look at the email address and the link. .ink is not a normal public-sector domain, so that should ring alarm bells.
The Domain Scam
Much like the delivery note scam above, this clever phishing scam we recently witnessed is based on the user not realising there’s anything sensitive about their domain details.
Hovering your mouse over the buttons reveal URLs that are not from this organisation, and should not be trusted.
The ‘Email Recovery’
This crafty scam invites you to ‘Recover (email) Messages’ that your email service held back due to a sync error – which should be your first clue that this is suspicious. Genuine email filtering tools (such as the excellent Barracuda) are very transparent about exactly what has been quarantined, or (as with Microsoft Office 365) expects an admin user to review the email separately.
Suffice to say you should NOT click ‘Recover Messages’.
The Fake Order
A sales enquiry from a University for a high value item – how promising! Except no, ‘Daniel’ isn’t a Procurement Manager, and if dispatched on credit terms, you’ll never see this item again. Worst of all, when you invoice the real University of Nottingham, they’ll think you’re an email scammer trying their luck. How ironic.
As before, the email address should give this away: real universities use valid .ac.uk (academic) domains, not free gmail accounts with a ‘.ac’ dumped somewhere in the address by a criminal.
For IT Security expertise and support – contact Lineal today.
At Lineal we’ve found the most commented upon feature of Microsoft’s Office 365 email has been the reduction of spam – but why does running your email from the cloud make Outlook 2016 so much better at blocking these annoying spam emails?
On your old in-house email server, Outlook stops spam emails being delivered based on whatever policies and protection you’ve put there and maintained (or not…,) whilst Office 365 is managed all year round as a remote service, with up-to-the-hour security updates in Microsoft data centres. Moving your business email to the cloud ensures your inboxes are not just company compliant, but physically and virtually safer.
Firstly, Office 365 checks your email for known suspicious attachments or malicious links. If neither are found, your email is screened through three independent Anti-virus engines, before being delivered safely to your inbox.
But what if something suspicious is found? Malicious links are re-written where possible, and suspicious attachments are removed to a sandboxed (isolated in software) ‘detonation chamber’, where they are opened safely to check for harmful code. Any attachments still deemed to be dangerous are removed from the email before being processed further.
Due to sheer volume of email processed through Office 365, Microsoft are also able to use information about all threats seen worldwide, and protect your inbox from even brand new ‘zero-day’ dangers seen elsewhere online.
Office 365 business packages (which can be trialled for free via Lineal) have been made increasingly secure over the past year – with Microsoft opening new UK based data centres and introducing new admin centre for power users to manage system usage in large organisations more effectively. 97% of people can’t identify a phishing email, so it’s important to know that Office 365 will remain vigilant.
Lifecycle support for Microsoft’s Exchange Server 2007 email will end in April 2017, Microsoft has confirmed.
Existing email servers will continue to work past this date initially, but will receive no further patching without purchasing ‘custom support’ at an unknown extra cost. Each version of Exchange is predicted to last only around 10 years, with the 2016 edition lasting until 2025.
Exchange 2007 was included as part of Microsoft Small Business Server 2008 which went end of mainstream support last year. With the challenges of ensuring systems are secure, upgrading from SBS 2008 sooner rather than later will be the order of the day for many businesses.
Unfortunately, upgrading old copies of Exchange Server 2007 to Microsoft’s latest version of Exchange Server (2016) may be more challenging than many organisations will expect, as a direct migration is not available.
This forces users to stepping-stone via the 2010 or 2013 versions, a restriction that will be familiar to any business that has tried to upgrade a legacy Windows XP system to Windows 10, who must buy a redundant Windows 7 license just to make the transition.
Lineal can offer consultancy services for upgrade and migration planning in addition to being a certified Microsoft Partner. We specialise in Office 365 and hybrid deployments across the entire Microsoft product set.
Please get in touch to find out how easy and cost effective it can be to move your email to the cloud with Lineal.
Our website uses cookies to improve your browsing experience: you change your consent preferences here, however denying consent may adversely affect certain website functions. Privacy Policy.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
