Mail Server News
10/12/2018 – Email Password Policy Update
To improve the security of our mail server, we have updated our email password minimum requirements and will be informing users who need to update their passwords. We are not initially applying the new policy to existing passwords. Instead we’re asking that users please login to their webmail when they have time, and change their passwords to meet or exceed the new minimum requirements below.
Minimum Password Requirements:
- Must NOT include any spaces.
- Must NOT include your email name. For instance the password for firstname.lastname@example.org could not include “john”.
- Must be at least 8 characters long
- Must contain at least 1 lowercase letter
- Must contain at least 1 number
Suggestions for a stronger password:
- Include 1 or more uppercase letters.
- Include 1 or more symbols such as !#$%()&* (no @ signs please).
- Longer passwords are harder to crack both for humans and for programs.
- You could choose a combination of familiar things such as zip + street or city + part-of-your-phone-number.
- For the highest security, consider using a random combination of letters, numbers, and symbols instead of actual words.
IMPORTANT NOTE: Once you change your password in webmail, you must then update the password in your email program and on your mobile devices. You should do this immediately after changing your password in webmail. If the server receives too many login attempts with the old password, it will block you for a short time. Desktop email programs like MS Outlook, Windows Live Mail, or Thunderbird, should prompt you for login information the next time they try to send/receive mail. Just enter the new password making sure the Save/Remember checkbox is checked, and that should be it. For mobile devices, you’ll need to go into both the incoming and outgoing settings either for the email app or for the account on the phone, depending on your phone model and how it’s configured. While we may be able to help with some mobile devices and are certainly willing to try, because there are so many and all with different menus and terminology, it may be faster and easier for you to either do a google search for “change email password” + your-phone-model or to call your cell provider’s tech support.
To login to your webmail…
- If you have idComm.com email, go to https://mailhost.idcomm.com/ and login with your full email and password.
- If you have your own domain, go to https://securemail.sos4net.com/ and login with your full email and password.
- Once you’re logged in, click the Settings icon at the far left (the gear icon, second from the bottom).
- The default page should be Account Settings, where on the right you can type in the new password, type it again to confirm, then click Save up at the top.
- After saving your new password, please update the password in your desktop and mobile email apps.
Scott & Susie
10/12/2018 – Email Login Attempts Allowed
To improve the security of our mail server, this afternoon we lowered the threshold for the number of login failures before the server blocks an IP address. Until today we allowed up to 5 failed logins before blocking an IP address, but today we lowered that number to 3. If there are more than 3 failed logins within a one minute period or 10 failed logins in a 5 minute period, the server will not accept further attempts from the offending IP address for 2 hours.
05/11/2018 – Email from GMail Users
There have been a couple of issues receiving mail from gmail users recently where the gmail user said their email bounced sending to one of our users. The reason for this is that, while gmail does a fair job of blocking spam TO their system, when it comes to spam FROM their system, not so much. All free email services get abused by spammers and scammers at one time or another, gmail probably more than others. Spammers sign up for free accounts blasting out tons of spam without regard for how it affects other gmail users, and not caring if their accounts get cancelled as they only need to use them once. This usually results in the gmail servers involved being put on one or more blacklists for a time, which in turn causes problems for gmail users if the system tries to use those particular servers to send their mail.
Google actually is aware of this problem, yet still appears to do little to prevent it. In fact here is what they say about it in one of their knowledgebase articles. Bear in mind this article is written TO gmail users.
“Gmail sends mail from a number of different IP addresses that shift regularly. If one of your messages goes out from an IP address that was blacklisted after someone else used it to send spam, your mail can start getting bounced. Mail bounces only to recipients who’s mail servers use the RBL(s) that blacklisted the IP address, and only while the address remains blacklisted. Eventually, the RBL delists our server’s IP address, or Gmail assigns you another outgoing server, and your mail no longer bounces.”
Because so much junk does originate from gmail.com, whitelisting the domain is simply out of the question. We cannot in good conscience expose all our email users to that much abuse. So we handle problems on a case by case basis. Please keep this in mind if you suddenly can’t receive mail from a gmail user with whom you’ve corresponded for years. Remember also that the condition should be temporary, just until the gmail system sends their message from a server that is not blacklisted, or until the gmail server IP address is dropped from the blacklists.