To edit the settings for sending emails

[gtranslate]

Due to the need to increase the security of e-mail services against abuse by sending spam, the policy of sending messages on the e-mail server we1.wedos.net will be tightened.

From the very beginning of our existence, we have placed emphasis on the security of our services in order to minimize the risk of any misuse as much as possible. But this is a never-ending struggle.

One of the common forms of abuse of our infrastructure is spamming. We have various procedures and policies in place, including necessary server treatments, to reduce the risk of our services being used for spamming, while mitigating the impact of such abuse and making it easier to track down and correct the problem. We continuously improve these procedures to ensure the smooth and trouble-free operation of our services. Most of these changes are not directly felt by our customers, but sometimes more fundamental changes are necessary. This article is about just such a change.

This is a security enhancement that will be deployed on the we1.wedos.net mail server as of March 1, 2014 . After this change it will no longer be possible to send, after logging into the mailbox, emails from addresses that are not assigned to this mailbox (i.e. are not its aliases).

As an example I will give the mailbox “honza@novak.com”, the mailbox has the alias “jan” set and the webhost to which this mailbox belongs has the alias “novak.cz” set. According to the new settings, after logging into this mailbox, you will only be able to send from these addresses and no others:

  • honza@novak.com
  • jan@novak.com
  • honza@novak.cz
  • jan@novak.cz

If you need to send from, say, “hloupy.honza@novak.com”, you need to add the name “hloupy.honza” as an alias for this mailbox in the mailbox settings in our administration.

We already use this setting on the we2.wedos.net email server without any problems and it does not cause any complications, however some customers may use this feature. For this very reason, we have delayed the introduction of this restriction until now, but now we have been forced to take this step.

As some of you will have noticed, we made the change to the above settings on Monday, 10.2. afternoon, but due to the negative feedback from our customers, we have reverted the settings back to their original state and decided to give advance notice of the upcoming change first. We apologize again for the hasty step we took, which temporarily made it difficult for some customers to send mail.

If you have any questions or comments about this change, please feel free to contact us using the contact form: https://client.wedos.com/contact/cform.html.

At the same time, we would like to urge our customers to take extra care with their access data (whether to email or elsewhere). Misuse of the mailbox to send spam does not usually occur by exploiting a security hole in the mail server (we have not yet observed such a form of abuse within our e-mail servers). Abuse generally occurs in two ways:

The first way is to infect the computer (or other device) through which the user normally logs into the mailbox, the attacker then either steals the access data to the mailbox with the help of a virus or sends spam from this location directly. So keep your computers, phones and other devices regularly updated and secured with quality antivirus software, run regular virus scans and be careful online. Also, never store passwords on your computer in unencrypted form.

The second way to misuse the mailbox is to steal access data by phishing(https://cs.wikipedia.org/wiki/Phishing). The phishing victim is usually lured to a page where they are asked to enter their login credentials, usually under the guise of making some necessary adjustments to their settings. However, instead of this, the entered name and password are recorded and the attacker can happily log into the unsuspecting user’s mailbox. Do not respond to emails in which an unknown person asks you to click on a link and log in to the email in broken Czech. On the contrary, please forward such a message to us as soon as possible.

Last but not least, it is also necessary to ensure that the password is strong enough. Your password should never include information such as your date of birth or part of your birth number, the name of your dog, girlfriend, child, or the name of the city where you live or work. For an attacker, it is often not at all complicated to find out such information about you, try to enter it in various combinations as a password to the mailbox, in many cases with very quick success. You should also have unique passwords for different purposes, otherwise you just need to get one and the attacker has access everywhere.