NinerNet Communications™
Blog

Corporate Blog

December and January hours

5 December 2023 08:43:29 +0000

In advance of the end of the year our office will be closed from 9 to 17 December, inclusive, and will reopen on Monday 18 December. Emergency support will continue to be available 24/7, but routine emails and enquiries will be dealt with on the 18th.

Over the Christmas and New Year period we will be closed from 23 December to 3 January, also inclusive. As always though, emergency support will continue to be available 24/7, and our servers will continue to be maintained and monitored 24/7. Those functions never sleep … or party. 🙂

Thank-you for your patronage in 2023. Although we don’t email all of you dozens of times a week we appreciate every one of you and your business and support. Thank-you again.

We wish you, your families, your employees and colleagues all the best over this season, however you choose to use or celebrate this quiet time.

Tags: ,
Categories: Notices
Comments Off on December and January hours

Welcome to Night Sight Zambia clients

17 October 2023 11:05:46 +0000

We welcome those clients who are existing clients of Night Sight Zambia.

As stated in the email from Francois Marx at Night Sight Zambia on 2 October 2023, all future invoices for your hosting services and domain registration renewals will come from the same company that provides them, NinerNet Communications. Our rates for our services are available on our website. We invoice for hosting services quarterly (on the 15th of the month), and we invite you to familiarise yourself with our billing policies and procedures. Please remember that all email from NinerNet comes from addresses on the niner.net domain; do not act on any emails that purport to come from NinerNet (or people claiming to be your “hosting provider”, “email provider”, etc.) that do not come from email addresses on the niner.net domain. If your email program or service does not show the actual email addresses of the senders of email messages you receive, please configure it to do so. This is vitally important to protect yourself from phishing emails.

Night Sight will continue to provide support services in line with their current agreements with you. Please contact them if and when you need support, including for NinerNet-provided services. Emails from Night Sight come from email addresses on the nsz.co.zm domain.

Here are some additional sources of information:

  • Our blog, where you can find general company information and security information and warnings. At the beginning of every quarter we review our kwacha rates and revise them up or down (yes, we really do occasionally lower our rates!) depending on the exchange rate between the kwacha and the US dollar. We also confirm any mass emails we send to our clients on our blog so that you can distinguish real and legitimate notices from spam and phishing.
  • Our status page, that reports in advance on planned maintenance and provides information about any unplanned outages.
  • Our live status page, that reports in real time the health of our servers and past uptime.

We look forward to continuing our relationships with you, some of you after many years! If you have any questions about your billing, please reply to any billing-related email from NinerNet, or contact us through our contact page.

Thank-you.

Tags: , , , , ,
Categories: Announcements
Comments Off on Welcome to Night Sight Zambia clients

Quarterly kwacha rate review, Q4 2023

2 October 2023 09:55:53 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are increasing our retail kwacha prices effective today and until the next quarterly review by about 19%. The base USD rates remain the same, as do our kwacha rates for the Zambian TLDs, dot-zm and dot-zam.co.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 325.00
  • mailONE hosting plan (monthly): ZMW 215.00
  • gTLD domain (annually): ZMW 410.00

Our new kwacha rates will be online within 24 hours.

Update, 2023-10-05: Corrected mailONE rate, as it was miscalculated.

Tags: , , , , ,
Categories: Notices, Updated posts
Comments Off on Quarterly kwacha rate review, Q4 2023

Office hours

15 September 2023 00:49:19 +0000

NinerNet‘s offices will be closed for regular business from 15 September to 21 September inclusive. Emergency support will continue to be available 24/7, but routine emails and enquiries will be dealt with on Friday 22 September. Thank-you.

Tags: ,
Categories: Notices
Comments Off on Office hours

Quarterly kwacha rate review, Q3 2023

1 July 2023 00:00:44 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are decreasing our retail kwacha prices effective today and until the next quarterly review by about 18%. The base USD rates remain the same, as do our kwacha rates for the Zambian TLDs, dot-zm and dot-zam.co.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 270.00
  • mailONE hosting plan (monthly): ZMW 180.00
  • gTLD domain (annually): ZMW 350.00

Our new kwacha rates will be online within 24 hours.

Tags: , , , , ,
Categories: Notices
Comments Off on Quarterly kwacha rate review, Q3 2023

Quarterly kwacha rate review, Q2 2023

1 April 2023 00:00:44 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are increasing our retail kwacha prices effective today and until the next quarterly review by about 16%. The base USD rates remain the same, as do our kwacha rates for the Zambian TLDs, dot-zm and dot-zam.co.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 330.00
  • mailONE hosting plan (monthly): ZMW 220.00
  • gTLD domain (annually): ZMW 420.00

Our new kwacha rates will be online within 24 hours.

Tags: , , , , ,
Categories: Notices
Comments Off on Quarterly kwacha rate review, Q2 2023

Quarterly kwacha rate review, Q1 2023

1 January 2023 09:17:10 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are increasing our retail kwacha prices effective today and until the next quarterly review by about 15%.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 285.00
  • mailONE hosting plan (monthly): ZMW 190.00
  • gTLD domain (annually): ZMW 360.00

Our new kwacha rates will be online within 24 hours.

Tags: , , , , ,
Categories: Notices
Comments Off on Quarterly kwacha rate review, Q1 2023

Email restrictions reminder, Phishing

13 December 2022 05:00:02 +0000

As Christmas rapidly approaches, we’d like to remind you of two limitations to keep in mind with respect to sending email, and to implore you once again to take phishing scams seriously.

Sending limits

Within the last year or two we have had to implement a limit of sending to 300 email recipients per day per email account. This is a limit that hardly anyone runs up against, but it does happen. The reason for this is quite simple: email accounts are hacked when a computer or phone is compromised, and the person or organisation who has compromised the account then uses the account to send spam or phishing messages. If there was no limit on how many messages can be sent in a day they’d send millions! If this happens, our IP addresses are blacklisted and then none of our clients can send any emails outside of our network.

With this limit in place messages to only 300 recipients can be sent, and by the time the 24 hours are up a compromise will have been noticed, and the password for the email account can be reset. (We often notice these spam runs when they are in progress, and they are shut down before more than a few dozen are sent.) Experience has shown that if 300 such messages are sent, that seems to be just below the point at which damage to our IP addresses’ reputation is done. We experimented with a limit of 400, but damage was still done.

If you’re going to send messages to a few hundred or thousand of your customers we suggest the following:

  • If you regularly want to send that many emails we strongly recommend that you use a company such as Mailchimp.
  • If you have a one-time need to send a lot of emails, break your list up into groups of 300 (or just under 300) and send that many a day.

Please note that however you chose to send mass emails you must have documented proof that you’ve received permission from the recipients to send them non-personal emails like this. If you don’t have that permission, then don’t send them those emails. It’s quite simple. If you don’t have permission you cannot defend yourself against accusations of spamming, and you risk your account being suspended and removed.

Also note that the limit is the number of recipients. If you send an email to Bob, copy it to Jane and blind copy it to Jim, that’s 3 of your 300 recipients (not “1 message”). If you send another email to the same people, that’s now 6. If you send one email blind-copied to 300 recipients, you’re done for the day and you can go home. 🙂

Sending restrictions

We often see clients trying to send emails with restricted attachments. Our mail server stops emails with executable attachments (.exe files, for example, but there are more and it’s not the file name extension that determines if a file is executable) and documents that contain macros, or scripts that can be executed when the document is opened. These cannot be sent by email because they could contain malicious code. If you want to send these files to someone else we suggest that you either use what’s called the “sneakernet” — put the file on a flash drive and walk it over (perhaps wearing “sneakers”) to the person you want to give the file to — put the flash drive in the postal mail, or upload the file to a website or file upload service from where someone can download it.

Many office-type documents — spreadsheets, word processing documents, slide shows, etc. — contain macros (scripts), which you may or may not be aware of, and if you’re trying to send them they will not reach the intended recipient. Sometimes when you create a PDF file from an office document the scripts are embedded in the PDF, and those will be blocked for the same reason.

All email services — even the biggest ones — have these restrictions so that the email service as a whole can still be useful to the people that use it. If we don’t stop these kinds of emails from going out, the recipients’ mail servers will stop them from coming in.

Phishing

We desperately want to remind you yet again — we know, it sounds like a recording — about email scams, and in particular “phishing” scams. These scams happen. They happen to you. They happen to our clients. 2022 was a record year for our clients, and not a record to be proud of. Just among the clients we know of, over US$100 000 was lost as a result of phishing scams. This is shocking; this is heartbreaking. It doesn’t need to happen.

Treat every email you receive — even this one! — with suspicion. Rather than looking for signs that an email might be a scam, just assume it is! Then look for the signs that it isn’t a scam. Instead of memorising an interminable list of things to look for that show an email is a scam, instead simply ask the message to prove to you that it really is from the person who claims to have sent it, and that the request it contains is legitimate. Did NinerNet really just send you the email you received that is asking you to verify your email password, or upgrade to some service that we don’t even offer? No, we didn’t send that email. We just don’t send emails like that, and neither does any other mail provider … or bank, or life insurance company, or …. Almost nobody sends a legitimate email claiming that you have to pay an invoice in a different way to how you’ve been paying that company for years! Yes, your suppliers do change banks occasionally, but if they do they will give you plenty of notice, not send you a frightening message out of the blue demanding that you send them money to a different destination or have your service cancelled. It just doesn’t happen like that in the real business world. THINK! BE SUSPICIOUS!

You should learn more about email scams and phishing. Read these links:

If you have any questions about any of the above, please do let us know. Thank-you.

We will have one more email for you before the end of the year, with information we’re excited about because we hope it will improve our email infrastructure in 2023. We hope you’ll like it too.

Tags: , , , , ,
Categories: Notices
Comments Off on Email restrictions reminder, Phishing

Quarterly kwacha rate review, Q4 2022

2 October 2022 06:27:31 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are decreasing our retail kwacha prices effective today and until the next quarterly review by about 8%.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 250.00
  • mailONE hosting plan (monthly): ZMW 165.00
  • gTLD domain (annually): ZMW 315.00

Our new kwacha rates will be online within 24 hours.

Tags: , , , , ,
Categories: Notices
Comments Off on Quarterly kwacha rate review, Q4 2022

Compromised email accounts are being accessed via webmail

29 August 2022 11:01:18 +0000

It is becoming more and more common, once an email account has been compromised by a computer virus or other malware, for the email account in question to be accessed through the webmail. When this happens, one or all of three things (and sometimes more) happen:

  • The criminal behind the virus/malware uses your webmail account to send spam or more viruses (the viruses will be stopped by our server though, but sometimes some spam will still get through),
  • The criminal poses as you (or one of your employees) and dupes your customers into sending payments to their bank account(s), and/or
  • The criminal creates filters in your email account to siphon off email to external email accounts they or their associates control.

While all are very negative and need to be stopped quickly — and this is why a compromised email account’s password must be changed, and the old password never used again — the last is particularly insidious as you might not use the filters, or you may not even know that they exist! Filters are a legitimate tool for people to use to handle some email in an automated fashion, and they have been around as long as email has been around.

The bottom line is that a compromised email account is a very serous matter. Your machines and devices need to be protected, by security software (anti-virus software, firewalls, encryption, anti-malware software, etc.), physically (access control, passwords, physical locks, etc.), and with education, knowledge and vigilance. If an email account is compromised the reason should be determined and the cause fixed or addressed in some other way. You then also need to examine the (now formerly) compromised account; one of the first things you should check is the integrity of the account’s filters. If unauthorised filters remain in place, the account is still compromised.

It is vital that you not gloss over an email account compromise as a “cost of doing business” and just carry on as usual after the inconvenience in your day. If you do not take all of the above steps your lack of action will come back to bite you in the buttocks, as Forrest Gump said. And this bite could cost your business in money, goodwill and business.

Another thing to consider is that the mail server’s control panel allows its users to designate any email account as a “domain admin”. We have always discouraged this, instead creating dedicated accounts for domain admins, but it’s a popular and widely used feature. However, consider this: If you designate bob@example.com as a “domain admin”, and Bob’s account is compromised, then the criminal behind the compromise will have access to all of the email accounts on the example.com domain. The results could be significantly more than just the inconvenience of having one email account compromised.

Something else for you to consider is how you can protect your employees from phishing emails. (Please see our “scams” section for many examples of scam emails, many of which are phishing emails.) Phishing emails try to get their recipients to click a link where they are asked to enter their email address and email password. Of course, none of us would be fooled by this, but many people a day are. How the page where people are asked to enter their log-in information looks depends on the nature of the email. If it was allegedly from a bank, the log-in page will be an exact copy of the log-in page for the bank they’re trying to present themselves as. If they’re trying to get your email password, everything will look like a webmail log-in page. It’s convincing. When you enter your log-in information, either nothing will happen, or your browser will be redirected to a legitimate webmail log-in page, but you won’t (of course) be logged in. In the meantime, your log-in information will be saved, and available for the scammer to use.

If this happens to you, you must immediately change the password on your account.

But back to the original question: How can you protect your company from your employees potentially falling for this phishing scam? One way is to not give your employees their email passwords. If they don’t have it, they can’t enter it in a phishing form. Of course, you need to weigh the advantages and disadvantages of this. A disadvantage is that you or your IT person will have to enter it for them when setting up their email account on their machine and/or phone, but the advantage is that they won’t be able to make the mistake of inadvertently providing their password.

If you haven’t recently, it’s probably a good idea to check the filters in your webmail account right now to confirm that you put them all there and that you still need them. And while you’re at it, change your email password too! Make sure it’s at least 12 characters long, includes upper- and lower-case letters, numbers and special characters. And use a password manager too. We use and strongly recommend KeePass.

Tags: , , , , , , , , , , ,
Categories: Updated posts, Warnings
Comments Off on Compromised email accounts are being accessed via webmail
« Older Entries
Newer Entries »

NinerNet home page

Subscriptions:

RSS icon. RSS

General Information:

This is the corporate blog of NinerNet Communications. It's where we post announcements, inform and educate our clients, and discuss issues related to the Internet (web and email) hosting business and all it entails. This includes concomitant industries and activities such as domain registration, SSL/TLS certificates, online back-up, virtual private servers (VPS), cloud hosting, etc. Please visit our main website for more information about us.

Search:

 

Recent Posts:

Archives:

Categories:

Tags:

accounts receivable apple billing branding cira contact information domain registration domain registry of canada domain renewals domains domain sales dot-ca domains dot-zm domains down time droc email encryption facebook google happy hosting customers hosting transfer icann invoices iphone kwacha maintenance paying your bill paying your invoice quarterly kwacha rate review rates registrar transfers reputation scams search engine optimisation search engine optimization security seo service hours spam ssl ssl/tls support transparency wordpress zamnet

Resources:

On NinerNet: