Email Hosting Discussions

What is a spambot? Spambots are address harvesting robots that scrape the internet looking for email addresses to build mailing lists. Common places for spambots to collect email addresses include forums, guestbooks, blogs, contact forms and other web pages that contain or display email addresses.

There are several things you can do to protect your email address from harvesting robots. The best practice is to carefully guard your email address. If you are registering for a service, shopping online, or posting a message on a forum, consider using a secondary or even a disposable email address.

Another vulnerability is web site contact forms and HTML links that utilize the HTML mailto function. While the mailto function provides a fast and easy means of enabling email communication from your web site, it also exposes your email address in the page's HTML leaving the address wide open for harvesting spambots.

Web developers have come up with several methods to improve the security of the mailto function. For example, one method called address munging breaks an address into character strings that can be decoded by the browser using client side javascript. However, more advanced spambots can actually decode email addresses that have been munged.

Ultimately, the best defense for web site contact forms is to use a PHP or ASP script that processes message handling on the server side. For more information on server side scripts that enable secure contact form processing, please visit the link below.

http://www.google.com/search?hl=en&q=secure+contact+forms

Labels: contact_forms, email_security, spambots

Ever received a spam message supposedly from yourself or another existing or non-existing account at your domain? If so, you've experienced email spoofing where messages are forged or made to appear as though they originate from your server. If you're the email administrator for your domain, you certainly know the frustration trying to explain to your clients that these messages do not actually originate from your server.

Another unwanted consequence of email spoofing occurs when spammers forge your email address as the sending or reply-to address in their spam messages. When these messages cannot be delivered to invalid mailboxes, your address receives hundreds or thousands of bounce messages.

How do you prevent email spoofing? Unfortunately, standard SMTP alone does not prevent this type of spam. In short, anyone can specify any email address in the return path header. However, implementing a Sender Policy Framework (SPF) can prevent SMTP forgeries and mitigate the undesireable effects of email spoofing.

What is SPF? Sender Policy Framework allows domain owners to specify valid sending servers in the DNS zone records for a domain. How does SPF work? Like a reverse lookup for email, SPF lets receiving servers verify that sending servers are in fact authorized to send mail for specific domains. In practice, when a message is received from someone@somedomain.com, the receiving server looks up the SPF entry in the DNS for somedomain.com. If the sending server matches the server specified in the SPF entry, then the message is accepted by the receiving server.

For more information on generating an SPF entry for your domain, check out:
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Labels: email_spoofing, sender_policy_framework, spf

In 2006, Google became the first of the big 3 search engines/mail providers to offer free email hosting. Some analysts saw this entrance as the first nail in the coffin for email hosting providers that had built businesses around paid email services.

On the contrary, free email hosting actually helped strengthen the email hosting sector. As a result of Microsoft, Google and Yahoo entering the playing field, the established players moved swiftly to expand their offerings, align with strategic partners and ultimately strengthen their existing client relationships.

What was once a predominantly Linux based email service has evolved to include support for additional platforms. Some providers are now bundling Exchange and Zimbra with their basic email hosting services. Even basic webmail applications have benefited from innovative solutions to synchronize with client applications like Outlook and wireless devices.

These developments have been mutually advantageous to both customers and providers. Bundling means one stop shopping for customers who now have the ability to mix and match solutions. For providers, new and expanded services have helped build brand recognition, improve customer loyalty and retain clients for the long term.

Just how free is free email hosting? There are two financial motivations behind free email hosting. The first is advertising. The more subscribers a provider has, the more ads it can serve in webmail applications. The second driver is SAAS or software as a service. As Google and Microsoft roll up their sleeves to win over desktop users and push out their web based office applications, email is an obvious and direct path to end users.

Most businesses looking at free email hosting quickly learn about these tradeoffs. For some, webmail with advertising is simply not acceptable. For others, the SAAS upsell highlights the fact that these companies are not specialists in business email hosting. In sum, the so-called free email hosting has brought renewed value to the level of customer service and expertise offered by the paid service providers.

Labels: free_email_hosting

In his 2002 article entitled Death by Spam, Kevin Werbach predicted that as a result of spam, email would gradually move from being an open to a closed system. Six years later, where are we now and how far have we moved in that direction?

Sadly and not surprisingly, email is still greatly hampered by spam. And now, despite advances in server side filtering, we're even more concerned with our spam than ever before. As a result of false positive reporting and fear of losing important messages, we still often find ourselves sifting through spam proving that Kevin Werbach was right on the money when he said humans will always be better at identifying spam than automated systems.

So, clearly we cannot rely on server side filtering alone to combat spam. Even Cloudmark, which provides leading ISPs with real time, collective antispam intelligence and reports "98% accuracy and near zero false positives" is not perfect. It should be duly noted that when we added Cloudmark with SpamAssassin to our email environment, the effect was staggering -- virtually no false positives and minimal spam leakage. Indeed, Coudmark's numbers are remarkable and its performance is exceptional. However, the fact remains that in any automated filtering system, a percentage of messages are still going to get misdirected and humans must sort them out.

The idea to move to a closed system evolved naturally from the problems arising from open system email. In a typical open system, email accounts will accept incoming mail from any sending address. A closed system, on the other hand, blocks all messages and accepts only those originating from approved senders, a practice known as exclusive whitelisting. Closed system, exclusive whitelisting implementations range from simple ones that validate senders from a user's address book to more advanced ones that require senders prove their existence and validity through a challenge and response interaction.

Unless you're working with a fixed number of people, a closed system with exclusive whitelisting presents problems with legitimate senders not included in your whitelist. Even with the challenge-response interaction, a sender's own spam filtering system may block sender validation emails preventing a sender from knowing their message was undelivered and that an action was required on their part to complete the delivery.

A better solution is to utilize a combination of non-exclusive whitelisting and auto purging server side filtering. Non-exclusive whitelisting accepts messages from specific or domain level addresses but does not automatically delete the rest. Messages from unlisted addresses are subject to server side spam filtering and will be delivered if they are not identified as spam. As long as spam messages are temporarily stored on the server, any false positives are recoverable. SpamAssassin actually includes an auto whitelisting feature that keeps track of sender addresses for each user.

Not only is a completely closed system impractical, it's detrimental to modern communication. The need to receive email from new clients is fundamental to operating and growing a business. In today's environment, we recommend using a combination of non-exclusive whitelisting and server side spam filtering. If you're in the process of selecting an email hosting provider, look for one that uses real time detection like Cloudmark or Commtouch. Additionally, most hosting services now support auto and manual whitelisting tools. Finally, select a provider that temporarily saves spam in a webmail folder that automatically purges after a specified amount of time. A hosting configuration with these technologies can have a dramatic impact on the amount of spam you have to deal with and at the same time let you continue to communicate effectively with new users.

What is email hosting? Do I need email hosting? Can't I get email through my web host? If you're considering outsourcing your email to an email hosting specialist, these are just a few of many questions you're probably asking yourself right now.

Email hosting, in the literal sense, is hosting for email. Generally, email hosting or hosted email is a managed service meaning many or all aspects of the email including security, antivirus protection, spam filtering, archiving, backups and maintenance are handled by the email hosting company.

Why do you need an email hosting company? Outsourcing your email to an email hosting specialist results in an improved level of service and reliability. In most cases, businesses make the decision to outsource their email after either running an in house server or using a web hosting provider's email service. In both scenarios, compromised service and lack of dependability are compelling reasons to look for an email host. If managing an in house email server were easy or if the web hosts could offer truly dependable email, you probably wouldn't be looking for email hosting in the first place.

What do you look for in an email hosting provider? If you're already looking for email hosting, then chances are good that reliability and dependability are at the very top of your list of requirements. You're also probably in need of improved spam control. You also may have experienced the inability to consistently send mail as a result of poorly guarded IPs and subsequent blacklisting. Similarly, you may be missing incoming mail, which often results from inferior or overly aggressive spam filtering. While there are many additional features to consider, clients continually cite service reliability, security and performance as the most critical items.

So how do you search through the myriad of email hosting providers and find an email hosting company that offers truly dependable and high availability email? First and foremost, look for companies who have partnered with solid technology providers. There are key players in network redundancy, server infrastructure, email security and spam control. Each component is crucial to deliver high availability email. Find a company who has developed lasting relationships with their providers. Ultimately, those partnerships are what stand behind your email.

Be leery of any provider offering unlimited email accounts and/or storage, especially at extremely discounted prices. Fully redundant networking and clustered servers are essential components in enterprise class email, and these technologies don't come cheap! Anyone offering unlimited mailboxes for $10 a month is not offering high availability email.

Next, take the 100% uptime guarantee for what it is -- a marketing tactic. Read the terms and conditions closely, and you'll see that the 100% uptime guarantee is really just an elaborate refund or service credit policy. Look instead for 100% human responsiveness. Uptime guarantees are meaningless when you can't reach your account manager. Customer service is the name of the game in email hosting. Find a provider who will give you a real account manager with real phone numbers.

Finally, try to get feedback on the company's email service from active clients. A reputable email hosting company will not hesitate to provide references. Ask for some references in your field or area of business. Find out firsthand from existing clients how the service holds up and if the support is reliable.

If you're replacing an in house server, outsourced email hosting savings can be substantial. On the other hand, if you've had free email through a web host and are now looking for improved email, you might be experiencing sticker shock. Can your business justify spending a few dollars per user each month? As email increases in popularity, its role as a communication tool in your business should validate the cost. In the end, it may be a small price to pay in exchange for dependable email service.

Labels: email_hosting, host_email, hosted_email

The so called POP3 workaround is a method using POP3 to effectively manage messages for a single mailbox using multiple computers or devices. Unlike IMAP, which actually synchronizes with messages on the server, the POP3 workaround temporarily leaves messages on the server ensuring that email is available to be downloaded by the same user on additional devices.

This practice is suitable for the user who needs to check email from home after hours or on weekends. By configuring Outlook on both the work and home computers to save copies of email on the server for a period of time and to delete messages from the server when messages are selected to be deleted in the client, users will see the same messages on both machines. In addition, the deletion preference prevents unwanted messages from being downloaded multiple times.

In contrast to IMAP, the POP3 workaround does not provide a true single inbox on multiple devices. In short, POP3 users will see separate inboxes on each device, each with copies of the same messages. In addition, while the POP3 workaround suffices for a limited number of similarly configured devices, adding a new device throws a wrench in the gears. Since the new device will only be able to download recent messages from the server, old messages must be imported from one of the other devices. Using IMAP, on the other hand, new devices synchronize with the server meaning message imports are not required.

More info on POP3 and IMAP can be found in our IMAP vs POP3 discussion.

This summer, we began testing our new Exchange hosting service with a small group of clients. The Exchange hosting platform includes support for Blackberry Enterprise Server (BES) and the iPhone via ActiveSync.

After three months of testing, our client reviews have been extremely favorable, and we are now offering Exchange hosting to all of our customers. More information about this service will be posted this fall on the web site. In the meantime, for information and pricing, please contact us.

Labels: activesync, bes, exchange, exchange_hosting, iphone