Email Security and Stopping Hacks

Montague WebWorks urges all customers to practice safe emailing

The ability for you to use your own custom domain email to reach all your customers depends, in large part, on every customer's safe practices when using their email, and their computer.

To understand how the health of your email domain works, you have to take a step back and see the bigger picture.

You Are Not Alone...

If you are a customer of Montague WebWorks and you use our email services, you are one of many, many customers. Currently we host about a hundred email domains, each with one or more individual mailboxes. That means, when you send an email from Outlook / Eudora / Thunderbird / MacMail through us, you are one of many people sending and receiving emails through our mail servers.

Our Servers

In fact, Montague WebWorks has two email servers. One of them is for personal correspondence, via Outlook, etc. The other is used only for email created by our websites. This split in duties, called "transactional" and "bulk", is the recommended industry standard, and required by every major email provider out there (ie; Gmail, Yahoo, AOL, Hotmail, etc).

Our transactional or correspondence email server is the most vulnerable since it is the one that is directly connected to by our customers. When you set up your email program (Outlook, etc) you are connecting to this server, and all the email you send goes through it... including any spam that may be generated by rogue programs on your computer.

Hijacked Accounts

The worst thing that can happen to an email server is for a user on it, meaning one of our customers, to have a virus or spamware on their machine. The customer wouldn't even know it, but the impact is huge.

Suddenly, a program on your computer is spewing out hundreds and hundreds of spam emails through our email server. These programs have become quite clever in that they won't send out thousands per minute, but instead, dozens per minute... which will fly under the radar of our Anti-Spam and Anti-Hijack software, but which still can get us registered on various Black Lists. That's bad news for you, and every other customer we host.

Black Lists

These are public lists of servers out on the Internet that are known and proven spammer servers. Some of them are real, commercial-grade spamming companies, but most are smaller Internet companies, like Montague WebWorks, that may have one or two user accounts that have been hijacked and are sending just a couple hundred spam emails a day.

The Black Lists don't list domain names, they list server addresses. That means EVERYONE that uses the listed email server is suddenly going to be blocked by other email servers out on the Internet.

This is the core of how anti-spam software works. If an email comes from an email server that is on a Black List, it gets blocked. Period. This is how we operate, as does most other email providers out there.

So, if a Montague WebWorks customer has a spam virus on their machine, it really effects everyone that uses that server to send email.

The following two sections are borrowed from an article on the Mail's Best Friend website. Thanks Linda!

Removing Spamware from Your Computer

Montague WebWorks contracts with a company called Mail's Best Friend. They suggest our PC-based customers download, install and update the following free programs, then run live scans at least once per week to keep their computers clean…

  1. Spybot Search & Destroy - https://www.safer-networking.org/products/spybot-free-edition/

  2. Malwarebytes Anti-Malware - http://www.malwarebytes.org/mwb-download/

  3. AVG AntiVirus Free 2013 - http://download.cnet.com/AVG-AntiVirus-Free-2013/3000-2239_4-10320142.html?tag=mncol;1

These three programs will remove just about anything that can cause a computer to be compromised by a virus or malware. Yes, it will take a bit of effort to install, update and use these programs, but the time you spend will be well worth it because it will guarantee that your computer isn't infected, and in the end we all help insure the health of the email server we all depend on.

If you have a MAC computer please contact us for other options.

Keep Your Email Passwords Strong

Most often email accounts are compromised as users have weak passwords. Creating strong passwords for all your online accounts is not a thing that should be done, it is an imperative! In brief these are the important things to note.

  • Length. Make your passwords at least eight (8) characters long.

  • Complexity. Include a combination of at least three (3) upper and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.

  • Variation. Change your passwords often. Set an automatic reminder to update passwords on your email, banking, and credit card websites every three months.

  • Variety. Don't use the same password for everything. Cyber criminals can steal passwords from websites that have poor security, and then use those same passwords to target more secure environments, such as banking websites. DEFINITELY don't use the same password for your banking and email.

How Can You Tell If You've Been Hijacked?

The easiest way to tell if your email account has been hijacked is if you suddenly start receiving a lot of bounce messages that say an address does not exist, and the addresses are those that you do not recognize.

Could not deliver message to the following recipient(s):

Failed Recipient: blahblahblah@hotmail.com
Reason: Remote host said: 550 Requested action not taken: mailbox unavailable

-- The header and top 20 lines of the message follows --

From: * * * YOUR EMAIL ADDRESS * * *
To: * * * SOMEONE YOU DON'T KNOW * * *

If you see this happening, stop what you're doing. Log into the webmail interface for your email, and change the password for your account.

Yikes! I'm Infected! What Do I Do Next?

The webmail interface is typically http://webmail.YourDomainName.com

Use your full email address as the username, and then enter in your password. If you don't know it, call Mik at (413) 320-5336 and he'll just change it for you.

Next, install the three anti-virus, anti-malware, anti-spamware, etc, programs linked above. Do a full scan. It will take a little time, perhaps an hour or two. If the programs find something, you may even have to reboot your computer.

AFTER you have cleaned your computer of all virus and spamware, THEN go into your email program (Outlook, etc) and change the password to match the new one on the server.

We Are All In This Together.

Yes. We here in the Pioneer Valley are a community of small business owners, and our individual vigilence is helpful in ensuring that we all have a positive email experience.

Thanks, and let me know if you have any questions, especially if there are people you are trying to reach via email and they're not getting the emails.

Mik

Posted: to Mik's Blog, sort of... on Fri, Feb 28, 2014
Updated: Wed, Jan 20, 2021