NinerNet Communications™
Blog

Corporate Blog

Email restrictions reminder, Phishing

13 December 2022 05:00:02 +0000

As Christmas rapidly approaches, we’d like to remind you of two limitations to keep in mind with respect to sending email, and to implore you once again to take phishing scams seriously.

Sending limits

Within the last year or two we have had to implement a limit of sending to 300 email recipients per day per email account. This is a limit that hardly anyone runs up against, but it does happen. The reason for this is quite simple: email accounts are hacked when a computer or phone is compromised, and the person or organisation who has compromised the account then uses the account to send spam or phishing messages. If there was no limit on how many messages can be sent in a day they’d send millions! If this happens, our IP addresses are blacklisted and then none of our clients can send any emails outside of our network.

With this limit in place messages to only 300 recipients can be sent, and by the time the 24 hours are up a compromise will have been noticed, and the password for the email account can be reset. (We often notice these spam runs when they are in progress, and they are shut down before more than a few dozen are sent.) Experience has shown that if 300 such messages are sent, that seems to be just below the point at which damage to our IP addresses’ reputation is done. We experimented with a limit of 400, but damage was still done.

If you’re going to send messages to a few hundred or thousand of your customers we suggest the following:

  • If you regularly want to send that many emails we strongly recommend that you use a company such as Mailchimp.
  • If you have a one-time need to send a lot of emails, break your list up into groups of 300 (or just under 300) and send that many a day.

Please note that however you chose to send mass emails you must have documented proof that you’ve received permission from the recipients to send them non-personal emails like this. If you don’t have that permission, then don’t send them those emails. It’s quite simple. If you don’t have permission you cannot defend yourself against accusations of spamming, and you risk your account being suspended and removed.

Also note that the limit is the number of recipients. If you send an email to Bob, copy it to Jane and blind copy it to Jim, that’s 3 of your 300 recipients (not “1 message”). If you send another email to the same people, that’s now 6. If you send one email blind-copied to 300 recipients, you’re done for the day and you can go home. 🙂

Sending restrictions

We often see clients trying to send emails with restricted attachments. Our mail server stops emails with executable attachments (.exe files, for example, but there are more and it’s not the file name extension that determines if a file is executable) and documents that contain macros, or scripts that can be executed when the document is opened. These cannot be sent by email because they could contain malicious code. If you want to send these files to someone else we suggest that you either use what’s called the “sneakernet” — put the file on a flash drive and walk it over (perhaps wearing “sneakers”) to the person you want to give the file to — put the flash drive in the postal mail, or upload the file to a website or file upload service from where someone can download it.

Many office-type documents — spreadsheets, word processing documents, slide shows, etc. — contain macros (scripts), which you may or may not be aware of, and if you’re trying to send them they will not reach the intended recipient. Sometimes when you create a PDF file from an office document the scripts are embedded in the PDF, and those will be blocked for the same reason.

All email services — even the biggest ones — have these restrictions so that the email service as a whole can still be useful to the people that use it. If we don’t stop these kinds of emails from going out, the recipients’ mail servers will stop them from coming in.

Phishing

We desperately want to remind you yet again — we know, it sounds like a recording — about email scams, and in particular “phishing” scams. These scams happen. They happen to you. They happen to our clients. 2022 was a record year for our clients, and not a record to be proud of. Just among the clients we know of, over US$100 000 was lost as a result of phishing scams. This is shocking; this is heartbreaking. It doesn’t need to happen.

Treat every email you receive — even this one! — with suspicion. Rather than looking for signs that an email might be a scam, just assume it is! Then look for the signs that it isn’t a scam. Instead of memorising an interminable list of things to look for that show an email is a scam, instead simply ask the message to prove to you that it really is from the person who claims to have sent it, and that the request it contains is legitimate. Did NinerNet really just send you the email you received that is asking you to verify your email password, or upgrade to some service that we don’t even offer? No, we didn’t send that email. We just don’t send emails like that, and neither does any other mail provider … or bank, or life insurance company, or …. Almost nobody sends a legitimate email claiming that you have to pay an invoice in a different way to how you’ve been paying that company for years! Yes, your suppliers do change banks occasionally, but if they do they will give you plenty of notice, not send you a frightening message out of the blue demanding that you send them money to a different destination or have your service cancelled. It just doesn’t happen like that in the real business world. THINK! BE SUSPICIOUS!

You should learn more about email scams and phishing. Read these links:

If you have any questions about any of the above, please do let us know. Thank-you.

We will have one more email for you before the end of the year, with information we’re excited about because we hope it will improve our email infrastructure in 2023. We hope you’ll like it too.

Shaw continues to have problems receiving email

17 August 2022 11:36:57 +0000

We’ve posted countless times now about this, and really, this is likely to be the last time. Shaw’s email filtering sub-contractor continues to block legitimate email from NinerNet servers. This legitimate email includes messages from banks, universities and the like. We’re not talking about spam here, but legitimate financial and business email.

As we’ve said before, we strongly advise that you do not use automatic forwarding of all messages. There are actually very few, limited circumstances under which this is necessary. If you’re not clear on why, please contact us to ask and we’ll be happy to discuss this with you. There may be something related to email you’re not fully understanding.

In other Shaw-related news, NinerNet was not affected by the Rogers outage last month. This is Shaw-related because Rogers will very likely be taking over Shaw, which means that future Rogers outages will be spread, like a virus, to the Shaw system too. Thankfully, none of NinerNet’s systems rely on Shaw or Rogers at all. This is a design choice that we made long ago.

Significant recent spam activity

16 March 2022 02:30:11 +0000

In the last 48 hours we have seen a significant increase in the number of email accounts that have been compromised due to the virus infection of a large number of our clients’ machines and/or devices. In one case that we know of, one of our resellers stated that they “have a company wide nightmare [of] machines spamming each other and everyone they have ever talked to via email.” This is not good. They have been working with their client to get a handle on this, and as of Tuesday their time this issue seems to be under control for them.

However, since then we have had multiple other email accounts compromised on multiple domains. Please note that email accounts are “compromised” when the machine or device on which the account is configured is infected with a virus. This is not under the control of NinerNet, but you and your employees and colleagues. Please ensure that you have updated anti-virus programs or apps installed, and please do not open attachments from unknown senders. Even attachments from known senders must be treated with extreme care, because viruses tend to come from other infected machines, and they could be the machines or devices of people you know.

Some reminders for all clients:

  • Please ensure you have anti-virus software (or an app) installed on all machines (computers) and devices (phones/tablets),
  • Please only open attachments after they have been scanned for viruses,
  • Please be extra careful of attachments sent from unknown senders, and
  • NinerNet’s mail server scans incoming and outgoing messages for viruses, but if the vendor of the software isn’t aware of the existence of the virus it may get through. If you also have anti-virus software installed, then that additional scan could make the difference between a normal day and an expensive day you’d rather forget.

At this point it looks like we nipped these outbreaks in the bud, so our mail servers are not in any additional blacklists. However, please do contact NinerNet support if you have any issues with outgoing email, or if you have any questions.

Thank-you.

A couple of issues today

27 January 2021 10:28:08 +0000

We, as well as some clients today, have received phishing emails advising the recipients to follow a link to deal with emails that have been quarantined or “suspended” on the mail server. These emails are scams, and do not come from addresses on the niner.net domain. Do not click on the links, and delete the emails.

Secondly, we are aware that the primary mail server’s IP address is in at least one new blacklist as a result of our data centre being blacklisted. If email you send is bounced for this reason, please advise us and we will re-route email to that domain via one of our relay servers.

Please contact NinerNet support if you have any questions or need to report something. Thank-you.

Upcoming changes to mail servers

20 December 2020 12:52:47 +0000

The email world is constantly evolving. More to the point, spam is a never-ending arms race. We have made some changes to our email system, and in the New Year we will be making more.

So far all we have done is add a second alternative route for outbound emails. This gives us (and our clients) a third possible point from which emails can be delivered to your recipients. This action is the result of our data centres’ IP addresses finding themselves in more blacklists as a result of poor management, and the bad behaviour of their other customers.

Our use of this service will result in some very minor changes to the headers of some of these emails when viewed by the recipients. Almost nobody pays any attention to the headers of emails until there is a problem, but we are telling our clients this in advance so that you are aware of it.

There is nothing you need to change in your email programs or apps. The only thing you need to do is forward errors to us if a bounce message for an email you have sent refers to being blocked, as opposed to the destination address not existing or being full. If your email was blocked we can divert future emails to that domain via an alternative route. This option has always been available, but for the reason stated above we’re getting more reports now than in the past.

That addresses an immediate issue. Plans were already in progress for a scheduled upgrade to our primary mail server, but now they have an additional focus: We will be setting up a new mail server in another data centre where the reputations of their IP addresses are an explicit priority.

This plan will probably protect NinerNet for a couple more years. However, with the way the email world is moving, there are some predictions that all IP addresses will eventually be blocked from sending email except for a select few. I don’t believe I need to explain how this will concentrate power over email in the hands of a few, and how detrimental this will be, so we expect that reputable data centres will oppose this. Those are the kinds of data centres we want to work with, but we will maintain accounts with third-party relay providers just in case.

We will be posting more on the subject of email, specifically details of our migration, and information you need to know to ensure that your email will not be considered spam, either by us, our spam filters or your customers.

Please contact NinerNet support If you have any questions or concerns. Thank-you.

Mail server in and out of capricious blacklist

10 March 2020 02:33:48 +0000

As you’re aware, we work hard to ensure that our mail servers do not get into blacklists. On the rare occasion that one of our IP addresses is blacklisted, we investigate the cause of the problem, fix the problem (often a client with a compromised machine) and (if possible) try to have our IP address removed from the blacklist. Often though, manual removal from the blacklist is unnecessary, as modern, well-maintained blacklists are automated, and offending IP addresses are removed very soon after they no longer show any signs of sending spam.

It’s not often any more that we run into old-style blacklists — blacklists that are poorly maintained, that blacklist huge swathes of the Internet, or that offer no discernible removal process — but there are still some of them out there. Not many are used by mail servers that accept email on behalf of any sizeable number of users, but we have run into one that happens to fit that exact trifecta: urbl.hostedemail.com.

This blacklist is used by Hostedemail(.com), a subsidiary of OpenSRS/Tucows. Good luck getting to their website though, as one doesn’t exist. Their email hosting service is a white-label service sold by their resellers, and they don’t even have a way for other mail server administrators to contact them, to search their blacklist or ask to be taken out of it.

Thankfully though, we are still hanging onto our own long-established reseller account with OpenSRS, and we contacted them about this block of our (non-resold) primary mail server (NC036). We first did this in February when we noticed that email from some clients was being blocked with this error message:

host mx.DOMAIN.com.cust.a.hostedemail.com[216.40.42.4] refused to talk to me: 554 5.7.1 Service unavailable; Client host [178.62.195.26] blocked using urbl.hostedemail.com; Your IP has been manually blacklisted

(It was the reference to being “manually blacklisted” that really got our attention, as this is a hallmark of the aforementioned poorly maintained blacklists.)

OpenSRS responded quickly, and we were removed from the blacklist within about eight hours. But we were surprised to see, a couple of weeks later in March, that we were blacklisted again, so we contacted OpenSRS yet again. The response this time was much slower, but we have again been removed. This time, however, we pressed for an explanation for the block, as we are not listed in about 300 other blacklists that are more widely used. This is part of their response:

I am just replying back on the RBL listing you inquired about and I can confirm the IP was once again de-listed but I did get some additional information for you as requested. I needed to do a bit of checking but the IP 178.62.195.26 is provided by RIPE Network Coordination Centre, the IP assigned to the user by the hosting provider carries the reputation of the rest of the CIDR. The nature of VPS/Shared IPs is to be disposable …. But of course for the time being we have de-listed the IP but assuming nothing changes its [sic] likely it will be listed again in the future.

This kind of outdated thinking is another of the hallmarks of old-style blacklists: blacklisting half of the Internet based on some outmoded way of thinking that died off around the end of the twentieth century. Essentially, Hostedemail.com is blacklisting all IP addresses in major data centres around the world, which is very counterproductive for their own customers.

We’ll be contacting individual clients whose emails were blocked by this blacklist to point them to this post, and we recommend that if your email is blocked with the above message you contact your correspondent by some other means to advise them to move to a more enlightened mail service provider.


Update, 2019-03-19: Our primary mail server is again blacklisted by this one mail provider in the world out of about 300 major blacklists we have checked. OpenSRS/Tucows/Hostedemail warned us this would happen, so we’re not surprised. We can take no further logical action against an illogical practice. We’re sorry to those clients who are affected, but we again suggest that you tell your correspondents to move to an email service provider that doesn’t run their mail servers based on practices from the last century.

Domain block removed

11 June 2012 10:53:57 +0000

The following four domains that were blocked a couple of weeks ago have been unblocked after liaising with the company involved:

  • cfcsprl.com
  • congofret.com
  • impala-wl.com
  • trafigura.com

Thanks for your patience while we worked to resolve this issue.

Domains blocked

21 May 2012 14:55:21 +0000

We have taken the unusual step of blocking mail to and from certain domains on our primary mail server that are not (to our knowledge) sources of spam. These domains are:

  • cfcsprl.com
  • congofret.com
  • impala-wl.com
  • trafigura.com

We have blocked email to these domains because their mail servers — all hosted by the same company — while appearing to be up, do not accept any email. Instead of immediately rejecting email with either permanent (5xx) or temporary (4xx) errors, they hold open the connection from our mail server until it times out. This has a significant negative impact on other email sent by our clients.

Adding to the issue is that the domains associated with the mail servers and nameservers of their hosting provider — smtpdaemon.net and dnsdaemon.net — do not resolve to websites, and the identity of the owner of these domains is hidden behind a WHOIS privacy service. This means that this hosting company does not want to reveal who they are or how to contact them.

We regret the necessity to make this decision, and will revisit it in the future should circumstances change or if new or changed information is brought to light.

As always, please contact NinerNet support should you have any questions or concerns.

NinerNet home page

Subscriptions:

RSS icon. RSS

General Information:

This is the corporate blog of NinerNet Communications. It's where we post announcements, inform and educate our clients, and discuss issues related to the Internet (web and email) hosting business and all it entails. This includes concomitant industries and activities such as domain registration, SSL/TLS certificates, online back-up, virtual private servers (VPS), cloud hosting, etc. Please visit our main website for more information about us.

Search:

 

Recent Posts:

Archives:

Categories:

Tags:

accounts receivable apple billing branding cira contact information domain registration domain registry of canada domain renewals domains domain sales dot-ca domains dot-zm domains down time droc email encryption facebook google happy hosting customers hosting transfer icann invoices iphone kwacha maintenance paying your bill paying your invoice quarterly kwacha rate review rates registrar transfers reputation scams search engine optimisation search engine optimization security seo service hours spam ssl ssl/tls support transparency wordpress zamnet

Resources:

On NinerNet: