NinerNet Communications™
Blog

Corporate Blog

Adventures in blocking spam

7 May 2024 06:42:30 +0000

As we’ve said outright and intimated over the years, the battle against spam is never-ending.

One thing we have noticed in the last year or so is that a huge amount of spam comes from certain TLDs (top-level domains), but blocking entire TLDs is a bit radical. We have generally avoided doing so, but the time has come to block the following two alternative TLDs:

  • sa.com, and
  • za.com

These are simply two regular domains, but they are owned by CentralNIC (now “Team Internet” because they can’t make up their minds about how they want to be known) who market them as TLDs — just as NinerNet markets the zam.co domain as an alternative TLD (actually, SLD, second-level domain) for Zambia. Therefore, you can buy the sub-domain your-name.sa.com and your-name.za.com. CentralNIC doesn’t seem to make even a cursory attempt to stop spammers from using their domains to spam, so we now block all messages sent from all addresses on those two “pseudo” TLDs — e.g., spammer1@spammer1.sa.com and spammer2@spammer2.za.com. We’re considering blocking the .top TLD as well, for the same reason, but we haven’t yet. You can certainly block entire TLDs from reaching your email addresses as well, if you feel this rather extreme move will benefit your domain.

If you happen to correspond with a legitimate correspondent on one of those alternative TLDs, please contact NinerNet support and we will work with you to address the problem you will now have communicating with them.

Thanks for your attention to this matter.

Quarterly kwacha rate review, Q2 2024

3 April 2024 23:06:32 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are increasing our retail kwacha prices effective today and until the next quarterly review by about 4%. The base USD rates remain the same, as do our kwacha rates for the Zambian TLDs, dot-zm and dot-zam.co.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 410.00
  • mailONE hosting plan (monthly): ZMW 275.00
  • gTLD domain (annually): ZMW 525.00

Our new kwacha rates will be online within 24 hours.


Update, 2024-04-09: Corrected the webONE example rate.

Email DNS settings

28 February 2024 06:27:08 +0000

A little earlier this month several of our clients with websites contacted us as a result of being sent an email message by their website designer/manager with the subject, “Updating sending DNS for newsletters”. This is as a result of the fact that Yahoo and Gmail recently decided to start enforcing email rules that the rest of us have been following for many years, but since those two providers have a huge share of the market, when they sneeze the rest of us catch a cold.

The fact is that all domains we host are already configured to follow all the rules to ensure that your messages are securely received by destination mail servers, so you and we are already in compliance with the rules that Gmail and Yahoo have just finally woken up to.

The only difference of which some of our clients need to be aware comes up when they’re using a mass-email provider to send out mass emails. As we have long advised, even though that particular post is from only last year, we strongly suggest that mass emails be sent using a service provider that specialises in that service; NinerNet does not. Yes, we have an option in our mail server’s control panel to create mailing lists, but doing so is inadvisable unless you’re just creating a very small list of your own employees, or maybe a few of your customers … with “few” in this case being defined as only a few dozen, definitely fewer than 100. If you have more than one hundred, which we certainly hope you do, then please use a company like Mailchimp. (They’re just one example; we don’t have any sort of deal with them.) Getting many emails out to many recipients successfully is not for the faint of heart; it’s a time-consuming process involving staying on top of all of the rules to avoid spam filters that enforce those rules and deem messages as spam if they are not following all the rules. And it’s especially time-consuming to prevent spam from being sent out using those services!

To follow the instructions that your mass-email provider provides you will need to log into and check the DNS settings for your domain in the nameserver control panel, and either add the records they suggest or modify the ones that already exist. For example, your domain already has an SPF record, so you will need to modify the existing record while keeping the information that the existing record already contains. If the instructions you’re following don’t make it clear how to do that, please contact NinerNet support and we will assist you.

Thanks.

Help! My email account is running out of space!

19 February 2024 05:39:00 +0000

Occasionally, and even more often lately, we’re asked — usually indirectly, because the “question” is more the statement that is the title of this blog post — about disk-space management when it comes to the limited email quotas that exist in every email account in the world, despite claims of “unlimited” this and “unlimited” that made by shyster hosting companies the world over.

Contrary to popular belief, you are not obligated to delete messages; you only have to move them off of the server. You can very easily do this in any full-featured email program by creating folders that are on your hard drive, as opposed to the server. Then you can archive messages by dragging them to your “local” folders, which moves the messages off of the server onto your local hard drive.

We really should create some detailed instructions on our website for this, as we’re finding this come up more often. For now though we’ll point you to this link:

Here it shows you how to create local folders, which it also calls “personal” folders for some reason, perhaps because of Microsoft’s terminology. This will mean that you will continue to have these messages (they’re not deleted), but they just won’t be available in the webmail or whenever you’re accessing your email that is stored on the server itself, such as possibly on your phone.

It refers to this page on the Microsoft website:

The video there seems to be a good summary of what you need to do. There’s a warning at the top of the page that states, “Support for Office 2013 has ended”, but the same principle applies even if the actual technique of creating local/personal folders has changed more recently in Outlook, or if you’re (very smartly) using a different email program. It has been years since I did this in Outlook myself for a client, but it works very well.

I do the same about monthly on my own computer. Once a month I archive all emails from two months previously into “local” folders on my own hard drive, thereby freeing up space on the server. The local folders are organised by year and month, so they look like this:

  • 2023
    • January
    • February
    • March
    • etc.
  • 2024
    • January (to be created in March)
    • February (to be created in April)
    • March (to be created in May)
    • etc.

Then, next month (March, since this is being posted in February), I will just drag all of the emails I received in January into the local “January” sub-folder under the 2024 folder. I also create a folder hierarchy for my sent messages, organised in the same way by year and month. This way I always have this month’s and last month’s emails on the server (and available on my phone or in the webmail), and anything before that on my own hard drive. However, you can archive messages by any scheme you desire, not just by date. And, of course, if there are special messages that you want available on the server at any time, just move or copy them into folders you create on the server.

We’re all used to being aware of the fact that our hard drives are finite, even though they grow exponentially every time we buy a new machine, so we don’t save every awesome cat video we see and install software as if there’s a race to install all the software we can before we die. It’s the same with our email accounts, although on a much smaller scale.

Yes, it’s great that we can use IMAP on multiple machines or devices to have access to all past messages wherever we are at any given moment. But do we really need access to that message from 18 October 1987? Sure, there may be the occasional need to have access to a really old message — especially in industries where that is regulated by law — but not necessarily at our fingertips 24/7.

We hope that helps you understand how email works. And this applies to all email accounts with all providers, even Gmail. Daily (including at this very moment as I write this) we see outgoing messages queued on our mail server for Gmail accounts that are full. Usually they bounce after a few days unless the Gmail account owner clears up some space, usually using the technique above.

If you have any questions at all about this, and you are a NinerNet client (or want to be), please feel free to contact NinerNet support. Thank-you.

Why do I get so much spam?

14 February 2024 12:55:34 +0000

NinerNet hosts email. The one thing that this guarantees us is to receive complaints about spam. Unfortunately, we’re not a monolith like Google, so we need to reply to these. Try sending an email to support@gmail.com and see what you get. Silence.

So the point of this post is to try and help people understand why they get spam at all. This has nothing to do with your email hosting provider. Well, I can certainly guarantee that NinerNet is not selling your email address(es) to the spammers, otherwise we’d be rich! But we don’t need to sell your email address. If you create the email address your-common-first-name@your-domain-that-is-publicly-known.tld, bingo, the spammers have your email address. What about that support address above? That’s what’s called an RFC 2142 address. RFC 2142 (“Mailbox Names for Common Services, Roles and Functions”) outlines a list of email addresses that are supposed to exist on every domain, and one of them is support@. They are:

  • abuse@
  • ftp@
  • hostmaster@
  • info@
  • list@
  • list-request@
  • marketing@
  • news@
  • noc@
  • postmaster@
  • sales@
  • security@
  • support@
  • usenet@
  • uucp@
  • webmaster@
  • www@

You probably have one or more of those addresses on your domain. Congratulations! You’ve just painted a target on your back, or maybe seventeen of them to be precise.

Other ways spammers get your email address:

  • Websites: Don’t post your email address on the Web! Even on your own website. There are crawlers/spiders automatically collecting those addresses every minute of every day. If you post your email address on your own website, it will receive spam within days, maybe even hours!
  • Unscrupulous suppliers: This has always been a bugbear. Of course, if your supplier happens to have millions of customers, it would be tempting for them to sell your email addresses. Some disguise this as “sharing your information with trusted partner organisations”. Of course, their definition of “sharing” has a dollar figure attached to it, dollars they will never “share” with you.
  • Crackers: Ever had a virus on your computer? Your email address and the email addresses of all of your correspondents are probably not the only thing you’ve handed over.
  • Friends: You know that idiot friend or relative of yours that sends out joke emails with hundreds of email address in the “to” and “cc” fields? Yup, thanks Aunty Betty / Uncle Bobby.
  • Forwarding: This is one the things that has driven me crazy since the 20th century! It’s bad enough that your friend/relative has sent you the world’s funniest email joke in the history of humanity, but they copied it to a thousand of their closest friends and relatives by putting their email addresses — including yours! — in the “to” and/or “cc” fields so that everyone can see them! And then, to show how ignorant some of their friends and relatives are, some of them forwarded the same email with all of those addresses still exposed in the body of the message. Those email addresses are all then exposed to whatever malware comes along on any of the hundred or thousands of computers on which those emails are stored. But it’s not just ignorant friends and relatives that do this; I’ve seen supposedly professional IT people do this in professional, business emails!
  • Hacked databases: Related to the “unscrupulous suppliers” point above is the fact that the databases of said suppliers are hacked all the time.
  • WHOIS: If you’ve registered a domain, the domain registry likely has your email address in a publicly-accessible database called the WHOIS (“‘Who is’ the owner of this domain?”). Thankfully, when the GDPR was implemented in the European Union in 2018, the biggest registries in the world — the ones that run the gTLDs (generic top-level domains) — were forced to take their heads out of their nether regions and stop publishing that information. But sadly, some ccTLD registries still have their heads planted firmly where they’ve always been (can anyone say dot-zm?) and they still make this information freely available to spammers scraping the WHOIS, despite their feeble disclaimers.
  • Viruses and other malware: If one of your contacts’ machines or devices are compromised by a virus, one of the purposes of that virus is probably to spam you, or send copies of the virus to you.
  • Subscriptions: If someone is trying to get your email address for their newsletter, maybe they also want it to sell it.
  • E-cards: Awww, it’s so lovely to send your valentine (or wannabe valentine) a valentine “e-card” … or Christmas card, or birthday card, or …. You probably didn’t ask for their consent first though, so you’ve essentially just screwed (and not in the way you or your valentine want to on Valentine’s Day!) your valentine’s email address for the rest of his/her life, or the life of that email address.
  • Signing up for stuff: Whether it’s a free report or white paper or signing up for a class at a local community centre, you lose control of your email address the moment you give it out to anyone. Some websites exist simply for the purpose of collecting email addresses in this way, a cute, shiny bauble for your email address. Are you really going to read their hundreds of pages of terms and conditions to realise how your email address (and you) are going to be abused? Didn’t think so.
  • Phishing: Phishing emails essentially just try to trick you into doing something you normally wouldn’t do. Of course, they already have your email address from any of the methods listed here, but they want more than just your email address, and perhaps what they want are the email addresses of all of your contacts. Often they can get these if somehow you give them to them (LinkedIn) or they can get if you give them the password to your email account where you might have them saved.
  • Plug-ins and apps: Be very careful of plug-ins and apps that may be copying all of your contacts and sending them to whoever is controlling the app or plug-in. Be especially careful of apps and various social media websites (such as LinkedIn) that helpfully offer to send invitations to your contacts! We mention LinkedIn in this regard especially, for these three reasons:
  • Brute force: Besides the technique mentioned where spammers send to a list of common names on all domains, they can simply send to a@example.com, b@example.com and so on, and then start again at aa@example.com, ab@example.com and so on. The terms “brute force” and “dictionary attack” apply here.
  • Buying it: The other side of any of the above transactions happens when anyone who has obtained your address by one of the methods above sells it to willing buyers. You yourself have probably been spammed by people offering to sell you lists of email addresses, all of which would have been acquired by one or more of the techniques above.

If even one of the above applies to you, you have signed the warrant to have your email address spammed, but chances are that you have committed several of the above, compounding the problem. Again, it’s not your email provider’s fault that you get so much spam.

How can I receive less spam?

Two VERY effective ways to avoid spam are to use “supplier addresses” and rotating temporary email addresses. Let me explain both:

  • Supplier addresses: For many years I’ve operated a system of what I call “supplier addresses”. If I’m dealing with Twitter, for example — not that I use their name because they were mentioned in recent news about a data leak — I create the email address “twitter@mydomain.com”, and I only give that address to Twitter, nobody else. (Actually, don’t create a new email address, just create a free alias for the email address that will receive email from that supplier.) Yes, I have the email address my-common-first-name@mydomain.com, but the only people who get that email address are my family, friends and existing clients. Nobody else on the planet gets that address, and I certainly don’t enter it into a form field on a web page and I don’t post it on the Web! So if Twitter (in this example) sells my email address or is hacked, I know exactly who let my email address into the wild. To be frank, that hasn’t happened to me many times, but I quickly realised that it does happen, so the email aliases I create now all include a number (e.g., twitter123@mydomain.com). If the email address is compromised I just change the number and inform Twitter by changing it in my account with them and kill the old alias. My numbering follows a system, but you can make your own rules.
  • Rotating temporary email addresses: I link above to the service that NinerNet provides, but at this point it’s a very limited, non-automated service with very few customers. However, it’s not rocket science and you can do it yourself on your own domain. For example, if your primary address is bob@yourdomain.com, create a free alias for this month called “bob2402@yourdomain.com” on that address. I also create one for last month and one for next month, to ensure continuity when the month changes over. (The numbers in this example are obviously two digits for each of the year and the month.) Now you can give out the temporary alias to whoever you want with no concern at all about being spammed. Want to download that “free” white paper? Give them your temporary alias secure in the knowledge that when (not if) they start spamming you it will probably be after that email ceases to exist. Then at the beginning of next month, just delete one alias and create the next. In February I will have an alias for last month (2401), this month (2402), and next month (2403). On 1 March I will delete the January alias and create the April (2404) alias. If you have a contact form on your website for new customers to contact you, reply from this month’s temporary alias until they become a new client. At that point you obviously have to throw caution to the wind and start using your “real” email address, but you’ve already done a lot to hugely reduce the amount of spam you will receive from not following any precautions at all.

With a little imagination — but feel free to contact NinerNet if you need help — you can apply the above principles to all of the email addresses in your company, whether it’s just you or you have a thousand employees. They will drastically reduce the amount of spam you and your employees receive, before your email service provider’s anti-spam system even kicks in.

They key point here is that you need to practise “email hygiene”. How is your email hygiene?

Quarterly kwacha rate review, Q1 2024

1 January 2024 00:00:30 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are increasing our retail kwacha prices effective today and until the next quarterly review by about 23%! (Yikes!) The base USD rates remain the same, as do our kwacha rates for the Zambian TLDs, dot-zm and dot-zam.co.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 398.00
  • mailONE hosting plan (monthly): ZMW 265.00
  • gTLD domain (annually): ZMW 495.00

Our new kwacha rates will be online within 24 hours.


Update, 2024-01-10: Reduced gTLD rate to under K500.

December and January hours

5 December 2023 08:43:29 +0000

In advance of the end of the year our office will be closed from 9 to 17 December, inclusive, and will reopen on Monday 18 December. Emergency support will continue to be available 24/7, but routine emails and enquiries will be dealt with on the 18th.

Over the Christmas and New Year period we will be closed from 23 December to 3 January, also inclusive. As always though, emergency support will continue to be available 24/7, and our servers will continue to be maintained and monitored 24/7. Those functions never sleep … or party. 🙂

Thank-you for your patronage in 2023. Although we don’t email all of you dozens of times a week we appreciate every one of you and your business and support. Thank-you again.

We wish you, your families, your employees and colleagues all the best over this season, however you choose to use or celebrate this quiet time.

Quarterly kwacha rate review, Q4 2023

2 October 2023 09:55:53 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are increasing our retail kwacha prices effective today and until the next quarterly review by about 19%. The base USD rates remain the same, as do our kwacha rates for the Zambian TLDs, dot-zm and dot-zam.co.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 325.00
  • mailONE hosting plan (monthly): ZMW 215.00
  • gTLD domain (annually): ZMW 410.00

Our new kwacha rates will be online within 24 hours.


Update, 2023-10-05: Corrected mailONE rate, as it was miscalculated.

Office hours

15 September 2023 00:49:19 +0000

NinerNet‘s offices will be closed for regular business from 15 September to 21 September inclusive. Emergency support will continue to be available 24/7, but routine emails and enquiries will be dealt with on Friday 22 September. Thank-you.

Quarterly kwacha rate review, Q3 2023

1 July 2023 00:00:44 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are decreasing our retail kwacha prices effective today and until the next quarterly review by about 18%. The base USD rates remain the same, as do our kwacha rates for the Zambian TLDs, dot-zm and dot-zam.co.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 270.00
  • mailONE hosting plan (monthly): ZMW 180.00
  • gTLD domain (annually): ZMW 350.00

Our new kwacha rates will be online within 24 hours.

NinerNet home page

Subscriptions:

RSS icon. RSS

General Information:

This is the corporate blog of NinerNet Communications. It's where we post announcements, inform and educate our clients, and discuss issues related to the Internet (web and email) hosting business and all it entails. This includes concomitant industries and activities such as domain registration, SSL/TLS certificates, online back-up, virtual private servers (VPS), cloud hosting, etc. Please visit our main website for more information about us.

Search:

 

Recent Posts:

Archives:

Categories:

Tags:

accounts receivable apple billing branding cira contact information domain registration domain registry of canada domain renewals domains domain sales dot-ca domains dot-zm domains down time droc email encryption facebook google happy hosting customers hosting transfer icann invoices iphone kwacha maintenance paying your bill paying your invoice quarterly kwacha rate review rates registrar transfers reputation scams search engine optimisation search engine optimization security seo service hours spam ssl ssl/tls support transparency wordpress zamnet

Resources:

On NinerNet: