Category Archives: Uncategorized

The Ransomware Threat to Small Business

Today’s Wall Street Journal article, ‘Ransomware’ a Growing Threat to Small Businesses, is a great synopsis of the threat organized and skilled cyber criminals pose to small businesses every day.  Many small businesses run without any sort of spam, virus or malware protection so they make easy and attractive targets for criminals looking to make an easy buck (or bitcoin).

At MxToolbox, we see this issue arise daily.  Small businesses contact us because they are on a blacklist only to discover that it was a malware infection caused by malware from spam or an infection caused by following a spammy link.  Ransomware attacks start in exactly the same way, a spam email with a legitimate looking website or an attachment.  All it takes is an errant click or opening the wrong attachment and you’re infected and your business grinds to a halt.  Recovery can take you hundreds of dollars or dozens of hours, whether you pay or recover from a backup.

Do you have an offsite backup?

Most small businesses don’t.  Our first recommendation for your small business to survive a ransomware threat, a fire, a tornado or any business continuity issue is to immediately invest in a cloud-based or other type of offsite backup, and backup your entire business.  This will protect against these large issues but also against simple accidents that could harm your business.  Have you ever deleted a file and immediately wished you hadn’t cleaned your Recycle Bin?

Protect your email

If you are running your own email system, you need to protect it.  We highly recommend some sort of comprehensive spam, virus and malware protection on your servers.  Basic spam filtering isn’t enough and will not capture the zero-day outbreak type malware or attachments that are used by ransomware attacks.  You need to filter for malware and viruses as well.

Protect your team from malicious links

This one is a little harder.  Spam email, especially with zero-day outbreak attacks, can include links to sites that are neutral at the time the email is sent, but activated shortly after to become malicious.  This type of attack is very difficult to protect against and often uses phishing style emails that look completely legitimate.  Exploits like ransomware get you to click on these links and download software to infect your systems.  New technologies can protect you from these types of seemingly normal, but malicious links.

MxToolbox Solution

At MxToolbox, we offer comprehensive email security solutions

  • Email Protection + Continuity provides inbound and outbound mail filtering to ward off spam, malware and other email-based attacks.  Outbound filtering means that even should your servers be compromised, spam will not be passed on to your customers.  With Continuity, should your email go down, your users will still have access to send and receive email while you work the issue.

  • Total Security includes everything from Email Protection + Continuity but adds in DNS and URL filtering of websites, both of on-premise and mobile devices.  With Total Security, your users are protected even if they click on links that download ransomware, botnets or malware and also protected from botnets reaching out to host servers to start the encryption process.

Note:  As of Monday, April 20th, PBS has another article on Ransomware.

New Zimbra mail coming soon

For the past year, our Zimbra customers have probably been wondering if they would ever get anything new from us.  Now, we actually have something for them.  MxToolbox is upgrading Zimbra to the latest release on April 18th!

What does this mean?

This is a free upgrade that all current Zimbra users will receive with absolutely no work required of the user or customer.  MxToolbox will cut everything over to the new version on April 18th during a short maintenance window.

 

New Features

(Borrowed shamelessly from Zimbra’s Site)

Zimbra Web Client

Streamlined User Interface

The Zimbra Web Client has been completely redesigned with a focus on simplicity and accessibility.  The Zimbra 8 interface is more streamlined so that common actions are easily discoverable and highly intuitive to use.

Conversation View

In Zimbra 8 email is presented to users in a “natural” conversation view that makes reading and replying to messages convenient and intuitive. Quoted text is hidden and messages are laid out in a way that is easy for users to understand the “in-reply-to” relationship between different messages in the same email thread. Discreet links to Reply, Forward and More Actions (presented just below the email) let users respond to messages quickly and efficiently.

Rich Composition

Improved composition editor allows users to craft rich text emails, with features such as paste-style support from desktop applications and the ability to include inline images bring the power of desktop word processors to email.

Shared Tagging

In Zimbra 8 tagging functionality has been improved so that when items are shared users cannot only use tags to organize their data but also share these tags across applications as well as mailboxes.

Activity Streams

Activity Streams allows users extensive control over the messages that go to their Inbox. Users can easily set up activity stream filters that direct incoming messages to various folders (or are deleted from) based on different criteria that they can specify. For example, emails to distribution lists, feed and notifications that are not directly addressed to the user can be archived in folders that can be read when convenient.

“Graymail” filtering prevents user’s Inbox from being cluttered by legitimate but unwanted emails.

Dedicated Search Tab

A dedicated search tab is created whenever a user enters a new query in the header search box. This allows users to perform a search, navigate away from the search tab to perform another action such as compose an email, or schedule an event and then come back to the search tab to continue with the query.

Zimbra 8 provides users with a simple yet powerful search interface allowing users to perform simple actions such as quickly filter on common attributes or perform complex search queries making use of complex logical operators.

Enterprise Calendaring

Zimbra 8 provides an intuitive and sophisticated enterprise calendaring system that enables users to manage multiple calendars and provides support for advanced scheduling activities.

Zimbra 8 has significantly improved the user’s experience when working with the appointment scheduling feature. Once users select attendees, Zimbra 8 can compare calendar availability and provide users with a list of suggested meeting times. Similarly, based on meeting requirements such as the size of the room and location, Zimbra’s scheduler can provide users with a list of conference facilities that fit meeting requirements.

Merged and Split Day View options give users the flexibility to view their different calendars (e.g. personal and work-related) either individually or overlaid on top of each other. (In other words, see a “merged” view of appointments from several different calendars in one calendar.)

Landscape and date range printing provides users greater control over how calendars are printed.

Wizard to add external calendars when users right-click to create new calendars. Zimbra 8 supports importing several popular calendar formats including Google and Yahoo! Calendars.

Zimbra Mobile

Zimbra offers server side implementation of Microsoft’s ActiveSync 12.1 protocol providing end users access to their Zimbra mail on any mobile device that supports ActiveSync 12.1.

Auto Discovery

Auto-discover support enables seamless linkage between the user’s account on the Zimbra server and the email client on the mobile device when valid credentials (email and password) are supplied from the device.

Remote Device Wipe

In the event that the security of the mobile device is compromised administrators can perform a remote device wipe from the admin console, thus safeguarding against any loss of sensitive corporate data.

Bandwidth Reduction

Since most mobile devices are often on high latency, low bandwidth (reduced connectivity) networks, Zimbra’s ActiveSync implementation has been designed to operate at a reduced bandwidth.

Battery Optimization

ActiveSync protocol implementation has been optimized to conserve battery life for push enabled devices.

Persona/Alias Support

ActiveSync implementation provides push synchronization of email, contacts, calendars, tasks as well as the Persona/ Alias profile configurations associated with the user’s email address.

Advanced Administration Policies

The introduction of 30 new configuration policies provides administrators more fine-grained control over user accounts and approved applications – allowing them to enable/disable device software and hardware capabilities as necessary.

Unified Communications

Zimbra UC seamlessly integrates with leading voice systems to deliver all of your business communications in one place.  Zimbra 8 is designed so that real-time communication services such as voice, telephony and presence inter-operate with non-real-time services such as email and voice mail – allowing users to benefit from faster response times and companies to benefit from higher group productivity.

Click-to-Call

Click-to-Call offers immediate voice connectivity with call-routing to device or soft-phone. This lets users take office calls at their office numbers on their mobile devices. Zimbra 8 supports the configuration of multiple numbers.

Presence

Presence provides real-time notification of user’s current availability and ability to communicate.

Visual Voice Mail

Visual voice mail lets users view caller and voicemail information and supports inline playback and management features. It also supports MWI (Message Waiting Indicator) status updates, allowing users to customize the way they want to be notified about new voicemail messages. These voice messages can be saved in either .wav or .mp3 format.

Call History

Call history includes information about voice mails received, placed calls, received calls, missed calls as well as details about date, time, and call duration.

IT & Administration

Outlook 2013

The Zimbra Connector for Outlook now works with Outlook 2013.

Retention Policies

Custom retention and disposal policies can be set on a folder-by-folder basis by end users, or enforced globally by IT.

Zimbra Admin Console

The Zimbra Admin Console has been completely redesigned to make administration easier.

If you have questions or issues as a result of this upgrade, or would like to add Zimbra services, please contact MxToolbox Toll Free at (866) 698-6652, or sales@mxtoolbox.com

 

New Port Checks on the Port Scan Tool

If you haven’t noticed already we’ve beefed the diagnostic capabilities of our Port Scanning Tool by adding 8 additional ports. We love making our lookup tools even more powerful and providing you with the information you need – fast.  Our updated port scan tool now checks a total of 25 ports to let you know what services are running on your server and open to the world. Here is a list of the new ports the tool now checks for open ports.

  • 111/tcp – Remote Procedure Call (RPC)
  • 135/tcp – Microsoft RPC for DHCP, DNS, and WINS
  • 445/tcp – Microsoft Active Directory and SMB file sharing
  • 1025/tcp – NFS, IIS or Teradata
  • 1723/tcp – Microsoft Point-to-Point Tunneling Protocol
  • 5060/tcp – Session Initiation Protocol
  • 5900/tcp – Remote Frame Buffer, VNC remote desktop protocols
  • 6001/tcp – X11 client-server network

So, why did we pick these ports?

At MxToolbox, we want to help you protect your organization.  We selected these ports because they rank high in statistical usage, provide high value services, and can be dangerous.  These ports, if exposed to the outside world, can be used to exploit your systems.  If you need them open, defend them.  If you don’t need them exposed, close them as soon as you can.  In short, if we can see them, then these services are exposed to the world and are at risk for hacks, DDOS attacks or data ransoms.  Remember to regularly patch systems supporting these services.  Keeping a close eye on these ports helps to protect your organization.

About the Port Scan Tool

This test will tell you what standard services are running on your server and open to the world.  You can type in an IP address or hostname.  We attempt a full TCP connection and graceful disconnect on each of about 25 common TCP ports we test, with a timeout of 3 seconds.   Possible results for each port are Success,Timeout or Refused.

I run a small business, how do I protect my online presence?

This is another installment in our on-going series to help small businesses on the Internet.

Large organizations have hundreds or thousands of IT experts to protect their businesses from spam, viruses, malware, hackers and other things that go bump in the night.  This team often includes specialists in system configuration, software development and IT security.  As a small businesses you cannot afford to hire an army of specialists, but you still need their expertise to protect your online presence.

Let’s start with online risks for a small business

As an online business, I’m assuming you have a domain name, something like ‘mydomain.com’.  You’re probably running a website and sending email using your domain.  However it’s configured and hosted, your domain is your biggest online asset; it is your business card, your showroom, your marketing and your livelihood.  Anything that affects your domain, tarnishes your image and affects your business.  Unfortunately, there are quite a few things that can go wrong.

DNS Risks

Your website sits on a server in a facility along with your email server and many like them.  If you are in a shared host environment, your website could be one of many domains hosted on the same servers.  Similarly, you could be hosting email in a group setting as well.  Customers can find you because the Internet uses a sort of roadmap called DNS that tells your customers’ computers where in the world your servers are and routes traffic through the proper networks to the right servers.

DNS is a robust system but susceptible to misconfiguration and, occasionally, attack.  As DNS points customers to your website or your email server, you need to be aware of changes that could affect this roadmap.  Typically, your Internet hosting provider has DNS configuration tools to help you with your configuration and maintenance.  MxToolbox provides free DNS lookup tools so you can verify how your DNS configuration appears to your customers and others outside your service providers network and ensure they can find you on the internet.

In addition to configuration issues, DNS is also susceptible to occasional attack.  Scammers can try to hijack your DNS and repoint it to their servers to steal your customers’ information.  That’s why MxToolbox recommends regular monitoring of DNS configurations to prevent outages, especially A, MX and PTR record analysis and monitoring.

Learn More about DNS Monitoring

Risks to Email

The biggest risk for a small business is email deliverability.  Issues like blacklisting, server performance, spam, malware, viruses and email system availability can all affect email deliverability and impact your business and online reputation.  At minimum, any business should monitor their domain name and email server IP address for blacklisting.  Blacklisting could be a sign of something more sinister, like malware or viruses.

Learn More about Email Deliverability

Risks to the Website

Operating your own website has its own difficulties.  Content creation and management, ecommerce and lead generation are typically top of mind for small businesses.  Unfortunately, businesses also need to be concerned about the technological risks, which are similar to email.  Viruses and malware can affect your servers, and cause your domain to be listed on blacklists.  Further, system configurations can leave doors open for hackers or make transactions less secure.  Finally, even services for your website could go down or slow down due to load, configurations or installed software, effectively shutting down your business.  This can be compounded by using a shared host environment where multiple domains are hosted on the same server. In this situation, your reputation can be affected by your neighbors, over which you have no control!

MxToolbox recommends monitoring your domain for blacklisting and your website for uptime and configuration issues, at minimum.  This should give you early warning of issues that might become outages.

MxToolbox’s Solution

At MxToolbox, we understand the technical challenges small and medium businesses face on the Internet.  That’s why we created a turn-key monitoring solution that automatically sets up all the monitoring a small business typically needs.  MxToolbox’s Domain Health uses a unique algorithm to determine the best monitors for your configuration so that you don’t need a technical background to protect your online business.  A Domain Health Monitor is bundled with each of our Standard and Pro monitoring packages.

Learn more about Domain Health

New Servers to Whitelist

MxToolbox uses a set of servers as part of our monitoring products.  These perform the heavy lifting like making SMTP calls to your servers or checking your DNS records.  If you are using MxToolbox monitoring for any system behind a firewall, you will probably need to whitelist our servers to get accurate monitoring service.

The current list of keeper IP addresses to whitelist is:

  • 64.20.227.128/28
  • 54.84.234.24
  • 54.164.124.219
  • 54.88.4.135

Please contact Support@MxToolbox.com if you have any issues.

My small business is on a Blacklist. What did I do wrong?

If you have been referred to us by your Internet Service Provider (ISP) because of a blacklist, then this article will most likely help you with your problem.

If you are running a small business, it is unfortunately a fairly common occurrence that your mail could be blocked by a blacklist even if you do not send bulk email, spam, malware or run your own email servers.  The problem is one that can be easily corrected.

But, this may seem complicated…

When you send email, the computer you send the email from is listed as the point of origin and the IP address is recorded in the email header, which is routing instructions and history passed around with your content.  Many people still use Outlook or another email client local to their computer.  When you use a local email client, your computer’s IP address and the IP address of your router are recorded in these email headers (to learn more about email headers check out our Analyze Headers tool).  These are the IP addresses of the email’s origin.

Unless you pay extra for a dedicated IP address, the IP address of your router is dynamically assigned to you from a pool of IP addresses owned by your ISP.   Typically, these dynamically assigned IP addresses (also known as DHCP IPs) are automatically blacklisted because they can be assigned to anyone at anytime for anything.  To summarize, you have been assigned a dynamic IP address which is likely blacklisted.  This is point of origin of all your email making your email likely to be refused by servers using blacklists to filter email.

What’s the solution?

There are several solutions to this problem each with different trade-offs or costs.

Use your ISP’s webmail – Most Internet Service Providers have a webmail client you can use as part of your subscription.  These webmail clients send the email from the IP address of the ISP’s mail servers, not your IP.  Sending from their servers gives you their blacklist reputation so you should not be blocked by blacklists.  Many of these will work with your existing domain, if you have your own domain name.   However, usability and functionality may not meet your needs.  It is a good idea to look into this option as it’s free and part of your internet access.

Acquire a static IP address from your ISP – This is a good option for small businesses that want to host their own servers for websites, email or other tasks.  A static IP address is from a different pool than dynamic IPs so it is less likely to be on a blacklist.  This option will allow you to continue to use your local email client (Outlook or another), but adds the monthly expense of the static IP.

Use 3rd party webmail – There are many 3rd party web-based email tools you can use, most with a small monthly cost.  Microsoft Office 365 and Google Apps offer complete collaboration suites, with email, spreadsheets, word processing and presentation applications.  Most of these will allow you to use your local email clients and all of them should allow you to use your domain name for correspondence.  The larger app providers have their own email security options that protect your reputation.  The only downside is cost.

At MxToolbox, we understand the causes of blacklisting and can help you by:

  • Alerting you when your IP or domain is on a blacklist
  • Protecting your email from the common causes of blacklisting
  • Protecting you from malicious websites and botnet attacks
  • Providing collaboration services like Google Apps services to businesses like yours

Contact us to learn more.

What’s going on with Barracuda blacklist results?

You may be seeing something odd with listings on Barracuda right now.  MxToolbox is reporting your IP address as listed on Barracuda’s Blacklist but when you go to Barracuda’s website, you’re not listed.  You’re probably thinking “These guys at MxToolbox have lost it”, but that’s not quite the case.  

MxToolbox subscribes in various ways to the DNSRBLs at different providers like Barracuda.  Barracuda being a large organization with a large subscriber base has multiple DNS servers providing blacklist information.  One of these servers seems to be out of sync with the others and the website database.  The questionable IP addresses appear to be coming from this one server.

Why does MxToolbox report it as blacklisted?

The MxToolbox philosophy on blacklisting is to provide blacklist results that most closely resemble real-world blacklist usage.  To do that, MxToolbox caches positive blacklist results until the TTL (time-to-live) of the record expires.  When we get a positive response, we list it regardless of how many of the DNS servers list it at the blacklisting organization, because this is how spam filters work. A spam filter will get a positive result and lock out any email from that IP address.

Am I really blacklisted even if I’m not on Barracuda’s website?

If you are listed on the out-of-sync DNS server, you are technically blacklisted.  Spam filters that subscribe to Barracuda may connect to this DNS server,  receive your IP address on the blacklist and then begin to refuse your email.

What can I do?

To get off the blacklist, you must contact Barracuda and let them know that you are listed on one of their servers.  When we investigated, we found the results were coming from a server in their geons01.barracudacentral.org DNS server pool (see the image below).  We have opened our own case with Barracuda.

Three direct lookups of a particular IP address on Barracuda's DNS servers.  Note that the same server pool provides different results.

Three direct lookups of a particular IP address on Barracuda’s DNS servers. Note that the same server pool, geons01, provides different results. 

 

Is Go Daddy DNS Up or Down?

The short and confusing answer is both.  Let me try to explain.

The Down

As of this morning, the authoritative DNS nameservers at Go Daddy were unavailable.  These servers provide the IP addresses of local DNS servers containing domains hosted on Go Daddy.  So, if you’re hosted on Go Daddy, you’re DNS is in one of these local DNS servers.  External queries would not be able to find your IP address because the authoritative servers at Go Daddy could not resolve the local DNS server containing your information.  You are essentially down to authoritative DNS lookups and anyone without a cache containing the local DNS server with your IP address.

The Up

For most people, this is not an issue. Go Daddy is large enough with enough regular traffic to generate a large cache of DNS entries.  If you are hosted on Go Daddy, returning customers will have cached DNS information and be able to navigate to your site without the need to hit the authoritative DNS servers.  Even many new customers can navigate to your site based on cached resolutions to the DNS servers with your domain information.  However, new customers will be unable to resolve if they or their ISP has not cached DNS for your site.

The Upshot

MxToolbox DNS lookups show Go Daddy DNS and DNS for domains hosted on Go Daddy as down.  We do this because the authoritative DNS servers cannot resolve the local DNS servers, so the lookup chain is broken.   Our lookups and monitors always start from the root and do not use cached information, so you get a complete look at the DNS configuration.

Further, this issue may eventually cause a situation where your site becomes completely inaccessible.  DNS entries have a limited TTL (Time to Live).  When TTL expires, the entry is erased from the cache.  Should Go Daddy’s outage last longer than your domain’s TTL, customers will be unable to resolve your IP address and unable to connect to your site.   MxToolbox recommends DNS Monitoring or Domain Health Monitoring for your mission critical domains so you are warned of these issues before it becomes an outage.

 

Announcing MxToolbox Professional

Our team is happy to announce the release of MxToolbox Professional, our new power user interface.  A lot of hard work and a lot of feedback from our great users went into the creation of this new integrated interface.  We know you made the product even better!

MxToolbox Professional UI

What is MxToolbox Professional?  It is a new user interface integrating all the tools you rely upon with monitoring services.  This new UI will enable you to seamlessly transition between lookup tools and monitors without changing pages.  Power users get a highly customizable user interface featuring:

  • Favorites
  • Type Ahead
  • Lookup History
  • User-defined Tags
  • Custom Filters

You can get more information about MxToolbox Professional here.

How do you get MxToolbox Professional?  If you are an existing paid customer, you have access already.  You can switch between Professional and Classic interfaces in the Dashboard.  If you are not a paid customer, now may be the best time to look at upgrading.

Visit the MxWatch Matrix for more information.

Improved SPF Tool RFC changes

Over the past few weeks we’ve been working hard to improve our SPF Record Testing Tool to help people check and monitor SPF records. We’ve added some improved diagnostic testing capabilities to give you more specified details if we discover an issue with your SPF Record.

One of the big SPF events that occurred this year and caused these updates was a significant change in SPF best practices, namely RFC 7208.  This new document advises the administrators to discontinue using the alternative SPF RR type that was formerly supported during the experimental phase of SPF. SPF records must only be published as a DNS TXT Resource Record. Due to this change we have updated our SPF Lookup tool and now report the status of the following problems you might encounter with SPF:
SPF problems

SPF Record Deprecated - If you still have an SPF type record, we will warn you. Simply remove these records to clear the warning.

SPF No Records – If you have no Sender Policy Framework records, we issue this warning. SPF participation is voluntary, but if you want to remove this warning you will need to create an SPF record and publish it as a TXT type record. There are several good tools for creating SPF records such as http://www.spfwizard.net/.

SPF Invalid Syntax – This is the only problem that will cause a domain to show as error. We have detected some type of syntax problem in your SPF record. This could cause real problems when recipients attempt to decode it.

SPF Multiple Records – The RFC only allows a single SPF record per domain. If you have more than one, we will display a warning. Ideally, you should ensure that only a DNS TXT Resource Record is published and all others SPF records are removed to clear this warning.