NinerNet Communications™
Blog

Corporate Blog

Help! My email account is running out of space!

19 February 2024 05:39:00 +0000

Occasionally, and even more often lately, we’re asked — usually indirectly, because the “question” is more the statement that is the title of this blog post — about disk-space management when it comes to the limited email quotas that exist in every email account in the world, despite claims of “unlimited” this and “unlimited” that made by shyster hosting companies the world over.

Contrary to popular belief, you are not obligated to delete messages; you only have to move them off of the server. You can very easily do this in any full-featured email program by creating folders that are on your hard drive, as opposed to the server. Then you can archive messages by dragging them to your “local” folders, which moves the messages off of the server onto your local hard drive.

We really should create some detailed instructions on our website for this, as we’re finding this come up more often. For now though we’ll point you to this link:

Here it shows you how to create local folders, which it also calls “personal” folders for some reason, perhaps because of Microsoft’s terminology. This will mean that you will continue to have these messages (they’re not deleted), but they just won’t be available in the webmail or whenever you’re accessing your email that is stored on the server itself, such as possibly on your phone.

It refers to this page on the Microsoft website:

The video there seems to be a good summary of what you need to do. There’s a warning at the top of the page that states, “Support for Office 2013 has ended”, but the same principle applies even if the actual technique of creating local/personal folders has changed more recently in Outlook, or if you’re (very smartly) using a different email program. It has been years since I did this in Outlook myself for a client, but it works very well.

I do the same about monthly on my own computer. Once a month I archive all emails from two months previously into “local” folders on my own hard drive, thereby freeing up space on the server. The local folders are organised by year and month, so they look like this:

  • 2023
    • January
    • February
    • March
    • etc.
  • 2024
    • January (to be created in March)
    • February (to be created in April)
    • March (to be created in May)
    • etc.

Then, next month (March, since this is being posted in February), I will just drag all of the emails I received in January into the local “January” sub-folder under the 2024 folder. I also create a folder hierarchy for my sent messages, organised in the same way by year and month. This way I always have this month’s and last month’s emails on the server (and available on my phone or in the webmail), and anything before that on my own hard drive. However, you can archive messages by any scheme you desire, not just by date. And, of course, if there are special messages that you want available on the server at any time, just move or copy them into folders you create on the server.

We’re all used to being aware of the fact that our hard drives are finite, even though they grow exponentially every time we buy a new machine, so we don’t save every awesome cat video we see and install software as if there’s a race to install all the software we can before we die. It’s the same with our email accounts, although on a much smaller scale.

Yes, it’s great that we can use IMAP on multiple machines or devices to have access to all past messages wherever we are at any given moment. But do we really need access to that message from 18 October 1987? Sure, there may be the occasional need to have access to a really old message — especially in industries where that is regulated by law — but not necessarily at our fingertips 24/7.

We hope that helps you understand how email works. And this applies to all email accounts with all providers, even Gmail. Daily (including at this very moment as I write this) we see outgoing messages queued on our mail server for Gmail accounts that are full. Usually they bounce after a few days unless the Gmail account owner clears up some space, usually using the technique above.

If you have any questions at all about this, and you are a NinerNet client (or want to be), please feel free to contact NinerNet support. Thank-you.

Compromised email accounts are being accessed via webmail

29 August 2022 11:01:18 +0000

It is becoming more and more common, once an email account has been compromised by a computer virus or other malware, for the email account in question to be accessed through the webmail. When this happens, one or all of three things (and sometimes more) happen:

  • The criminal behind the virus/malware uses your webmail account to send spam or more viruses (the viruses will be stopped by our server though, but sometimes some spam will still get through),
  • The criminal poses as you (or one of your employees) and dupes your customers into sending payments to their bank account(s), and/or
  • The criminal creates filters in your email account to siphon off email to external email accounts they or their associates control.

While all are very negative and need to be stopped quickly — and this is why a compromised email account’s password must be changed, and the old password never used again — the last is particularly insidious as you might not use the filters, or you may not even know that they exist! Filters are a legitimate tool for people to use to handle some email in an automated fashion, and they have been around as long as email has been around.

The bottom line is that a compromised email account is a very serous matter. Your machines and devices need to be protected, by security software (anti-virus software, firewalls, encryption, anti-malware software, etc.), physically (access control, passwords, physical locks, etc.), and with education, knowledge and vigilance. If an email account is compromised the reason should be determined and the cause fixed or addressed in some other way. You then also need to examine the (now formerly) compromised account; one of the first things you should check is the integrity of the account’s filters. If unauthorised filters remain in place, the account is still compromised.

It is vital that you not gloss over an email account compromise as a “cost of doing business” and just carry on as usual after the inconvenience in your day. If you do not take all of the above steps your lack of action will come back to bite you in the buttocks, as Forrest Gump said. And this bite could cost your business in money, goodwill and business.

Another thing to consider is that the mail server’s control panel allows its users to designate any email account as a “domain admin”. We have always discouraged this, instead creating dedicated accounts for domain admins, but it’s a popular and widely used feature. However, consider this: If you designate bob@example.com as a “domain admin”, and Bob’s account is compromised, then the criminal behind the compromise will have access to all of the email accounts on the example.com domain. The results could be significantly more than just the inconvenience of having one email account compromised.

Something else for you to consider is how you can protect your employees from phishing emails. (Please see our “scams” section for many examples of scam emails, many of which are phishing emails.) Phishing emails try to get their recipients to click a link where they are asked to enter their email address and email password. Of course, none of us would be fooled by this, but many people a day are. How the page where people are asked to enter their log-in information looks depends on the nature of the email. If it was allegedly from a bank, the log-in page will be an exact copy of the log-in page for the bank they’re trying to present themselves as. If they’re trying to get your email password, everything will look like a webmail log-in page. It’s convincing. When you enter your log-in information, either nothing will happen, or your browser will be redirected to a legitimate webmail log-in page, but you won’t (of course) be logged in. In the meantime, your log-in information will be saved, and available for the scammer to use.

If this happens to you, you must immediately change the password on your account.

But back to the original question: How can you protect your company from your employees potentially falling for this phishing scam? One way is to not give your employees their email passwords. If they don’t have it, they can’t enter it in a phishing form. Of course, you need to weigh the advantages and disadvantages of this. A disadvantage is that you or your IT person will have to enter it for them when setting up their email account on their machine and/or phone, but the advantage is that they won’t be able to make the mistake of inadvertently providing their password.

If you haven’t recently, it’s probably a good idea to check the filters in your webmail account right now to confirm that you put them all there and that you still need them. And while you’re at it, change your email password too! Make sure it’s at least 12 characters long, includes upper- and lower-case letters, numbers and special characters. And use a password manager too. We use and strongly recommend KeePass.

Diet and weight loss spam

24 July 2017 07:06:34 +0000

This is a long post, but certain sections of it might be useful to you.

We have been hearing from some clients over the last few months that they are being inundated with spam advertising weight loss drugs, diet pills, etc. ad nauseam. NinerNet does have anti-spam measures on our mail servers — and they stop thousands of messages a day that you never see — but they generally rely on methods of filtering that do not involve what is called “content scanning” — i.e., having a machine essentially read all of your email to see if it mentions topics you don’t want to hear about. They also don’t generally involve blocking email addresses, as spammers almost always send from a different email address every time, so blocking one email address after the fact is pointless.

Additionally, what is a clear indicator of spam for one client can be part of a perfectly legitimate email for another client: for example, a medical client might send and receive completely legitimate emails that include the word “diet” or the phrase “weight loss”, and so we can’t filter for those words across the entire server. Even everyday communications can contain these words when one person enquires after another person’s health, even in a business email: “How’s the diet going?”; “Bob has experienced significant weight loss since he got sick last month”; and so on. In other words, if we deleted all messages containing the word “diet”, for example, we’d delete a lot of legitimate email and upset a lot of clients.

Then there are spelling mistakes: If we delete email containing the phrase “diet supplement”, we’ll miss the misspelling “diet suplemment”.

So what can you do? Potential solutions fall into two categories — prevention and cure — and we all know that an ounce of prevention is worth a pound of cure. We’ll deal with prevention first, but if it’s already too late for you, skip right to the (potential) cures at the end.

Prevention

  • Don’t put your email address(es) on websites: Spammers use the same techniques as the search engines to index (“scrape”) websites for email addresses. If you put an email address on a website — yours, or a forum that you’re involved in — it is going to be spammed. Instead use a contact form. These are not foolproof either, but they’re better than nothing and you can tweak them over time in response to their misuse.
  • Avoid using certain email addresses: Certain email addresses get more spam than others. These are called RFC 2142 addresses, and they include info@example.com, sales@, etc. These are common addresses that spammers will send email to in the hope that they go to a real person. Instead of info@, consider an alternative like contact@.
  • Avoid common first names: Yes, your name might be Jim and you want to use jim@example.com, but avoid it. If your surname is Smith, try jims@example.com, jsmith@example.com or even jimsmith@example.com instead. Consider adding punctuation — e.g., j.smith@example.com.
  • Domain registrations: Use a dedicated email address for your domain registrations. Over the years most domain registries have been part of the spam problem by publishing email addresses in their “WHOIS” databases, which are scraped the same way websites are. Instead of using your primary address as the public contact for your domain registration, use a secondary one. However, it must work and you should check it regularly — e.g., once a month or so. The registry that NinerNet uses does not publish the billing contact’s email address, making the email address for this contact less likely to receive spam. And while we do provide WHOIS privacy where all of the contact information for your domain registration is hidden, we don’t recommend this for businesses as looking up the WHOIS information for a domain is a legitimate method for your customers to verifying the legitimacy of your business.
  • Use throwaway addresses: If you need to give an email address out in situations where you’re concerned it might be abused by the person or organisation you’re giving it to, create a throwaway address for one-time use.
  • Don’t be part of the problem!: See “How and Why to Blind Copy Multiple-Recipient Emails“. Also, don’t send mass emails yourself to people you assume will be happy to receive them — e.g., customers who once did business with you six years ago!
  • Use an anti-virus scanner: Prevent your computer being taken over by criminals who want to mine it for data, not the least of which are the email addresses of your friends, family and business contacts.

Cure

In truth, there is no cure. If your email address is on a spammer’s list, it’s going to be sold and traded on. But no matter how well you do on the prevention side, someone else who has your email address on their computer is going to allow a virus in, and your email address will end up on a list.

However, on the particular topic of this blog post — weight loss spam — if no legitimate email coming into your account is going to refer to “diet pills” or “weight loss”, then you can set up a filter in your webmail account. Follow these instructions (illustrated at right):

  1. Log into your email account at mail.niner.net.

    Spam filtering

    Spam filtering.

  2. Click “Settings” in the top, right-hand corner.
  3. Click “Filters” in the left-hand column under the “Settings” heading.
  4. Click the plus sign at the bottom of the third column from the left under the “Filters” heading.
  5. In the “Filter name” box, give the filter a name like “Diet spam”.
  6. In the “For incoming mail” section you probably want to leave the default “matching any of the following rules” setting in place.
  7. In the first drop-down list, select “Body”.
  8. In the second drop-down list leave “contains” selected.
  9. In the blank field to the right, enter a word (single words are risky) or phrase that you think indicates spam. (Some suggestions culled from sample emails sent to us by clients are below.)
  10. To add more spammy words or phrases, click the plus sign to the right to add another “rule”.
  11. In the “…execute the following actions” section, we recommend you select “Move message to” in the first drop-down list, and “Junk” in the second drop-down list.
  12. At the bottom of the page click the “Save” button.

Now emails matching the filter you have created will automatically be filtered to your “junk” folder. We suggest that you check your junk folder regularly for a while after you create a rule to make sure it doesn’t catch any legitimate email.

Some spammy words and phrases from sample emails sent to us by clients:

  • diet aid
  • weight loss
  • fat
  • body
  • skinny
  • weight goals
  • diet supplement
  • weight reduction
  • excessive weight
  • boost your metabolism
  • beach body
  • live a better life
  • living a better life
  • dietary product
  • fight weight
  • big discount

Please note that you use these phrases and instructions for filtering your email at your own risk!

We hope this helps you fight some of the spam you’re receiving. If you have any questions, please contact support.

NinerNet home page

Subscriptions:

RSS icon. RSS

General Information:

This is the corporate blog of NinerNet Communications. It's where we post announcements, inform and educate our clients, and discuss issues related to the Internet (web and email) hosting business and all it entails. This includes concomitant industries and activities such as domain registration, SSL/TLS certificates, online back-up, virtual private servers (VPS), cloud hosting, etc. Please visit our main website for more information about us.

Search:

 

Recent Posts:

Archives:

Categories:

Tags:

accounts receivable apple billing branding cira contact information domain registration domain registry of canada domain renewals domains domain sales dot-ca domains dot-zm domains down time droc email encryption facebook google happy hosting customers hosting transfer icann invoices iphone kwacha maintenance paying your bill paying your invoice quarterly kwacha rate review rates registrar transfers reputation scams search engine optimisation search engine optimization security seo service hours spam ssl ssl/tls support transparency wordpress zamnet

Resources:

On NinerNet: