Enabling Email Spoof prevention on Connect Xf: Impact and Client configurations

There are several good resources on our website and blog that describe what email spoofing is , how impacts your business  and what you can do to prevent it on Connect Xf

It is strongly recommended that you enable the spoof check feature on your server to prevent internal spam attacks which eventually lead to a lot of junk mail escaping your servers into the Internet. Once this impacts your IP reputation, the outbound IP addresses of your server are likely to get blacklisted in RBL sites worldwide, causing a major impact on all your users

This article is about describing the full impact and plan to enable the spoof check feature on your Connect Xf server.

Step 1: What is the Expected and Correct client configuration if Spoof check is enabled?

Essentially when a user sends a mail using a mobile client like android, IOS, etc or desktop client like Outlook, Thunderbird etc. it is important that the following two configurations carry the same value:

  • The email id configured for the account.
  • The authentication email id configured for the account.

Only if these two email id values are the same, will the mail from this user be allowed to pass through the server.

The Reply to address can be same as the email or different if the recipient’s reply must land somewhere else

Why do users set these two email ids differently, while configuring their email account?

Typically most email servers will relay any type of mail once the user has authenticated himself. This means that once I have connected to a server, authenticated myself, the server now will become my servant and relay any mail for me (from anyone to anyone)

Lets see some typical reasons why users specify different email ids for authentication and for their account.

Scenario 1:

I am James and I work in the support department of Acme corp.
I configure my MS Outlook to authenticate with my email id: james@acmecorp.com
However I want replies to my email to come to support@acmecorp.com
So I will configure the account email id as support@acmecorp.com

Scenario 2:

I am Mary and I work in the marketing department of Acme corp.
I want to shoot a mail campaign to about 1000 users but any replies to the campaign mail should come to marketing@acmecorp.com
So I configure my Thunderbird to authenticate with my email id: mary@acmecorp.com
And I will configure the account email id as marketing@acmecorp.com

Essentially this configuration, where the authentication email id is different from the account email is is always done so that the replies come to a different email id.

Alright, I will make the changes you suggested, but I still want to achieve the objectives in the above scenarios.

You can still achieve the objective of having replies come to a different email id by configuring the “Reply To” email id in your account. This will ensure that when the recipient replies, the reply will be sent to the email id specified in the “Reply to” box. An image for this is shown below.

Check screen shots below of the WRONG configuration and the CORRECT configuration to be done on clients.

Android


iPhone


Thunderbird


MS Outlook

Outlook_New

Step 2: Enabling spoof check on the server

Only after all the clients are configured as above, should you get into this step where you enable Spoof check for the “Default” SMTP address such that any connection from the end users will get checked for spoof check

Command to enable spoof check for the default SMTP control :

/mithi/mcs/bin/setsmtpcontrols.sh default -spoofcheck 2

Click here to learn more about SMTP controls

Mithi’s Hall of Fame 2014

Rewarding and Recognizing Mithi’s In-House Stars of 2014

Any organization that operates with a view to grow bigger with time needs a healthy, engaged and enthusiastic team.

Related: The Mithi way to build great teams

Rewards, Recognition and Appreciation

Mithi believes that the core way to engage people in a team and bring out their best is to give them challenging assignments, allow them the freedom to do their best on those assignments and also encourage and support initiatives that have a lasting impact on the business.

Recognition, in simple terms, means acknowledging someone’s hard work for:

  • Specific accomplishments that they have achieved
  • Actions or initiatives taken
  • Attitude or behaviour demonstrated at the workplace

Doing it the Mithi way

The Mithi culture, over the years, has been rewarding and recognizing those individuals (and teams) who work towards achieving the company’s goals with its core values in mind by exceeding expectations. Mithi combines appreciation with recognition in the form of expressing gratitude and realizing the value provided by its employees in front of all their peers, by citing specific instances or examples of the things the awardees have done (which have, in turn, had a positive impact on the business of the company).

At the core of Mithi’s values is undying respect for the associates; and we take pride in our constant endeavours to maintain a professional workplace – a hub of opportunities where our associates can thrive. We wish to be recognized among the leaders in nurturing and promoting a diverse-yet-inclusive workforce, which works in a collaborative environment with a strong familial culture.

We value people. The company goes above and beyond trivial monetary perks to build employee loyalty and indirectly fuel Mithi’s growth, in line with its vision and mission.

As another eventful year floats away and a new year beckons, here’s a pat on the back of our stellar performers who added value to Mithi’s growing business repertoire in 2014:

The Mithi Way to build Great Teams

The-Mithi-Way-to-build-Great-Teams

Mithi’s Monthly meet – A Core HR initiative

In the modern business world which is witnessing the rapid growth of emerging markets, small and mid-sized enterprises are constantly on their toes to be somewhere close to the benchmark set by the industry leaders. And while infrastructure, strategy, and operations are at the forefront of a business plan, ‘execution’ is what makes it click. Think execution, think people.

No matter what the business, (more often than not) it is the human resources that make it or break it. How to manage a diverse group of individuals is the biggest question that entrepreneurs face while running a business.

Engaging employees through high-involvement work practices is a way of life every business, large or small, would like to develop.

Interpersonal and group communication holds an invaluable place in business dynamics. Despite the daily bombardment of phone calls and emails, the age-old concept of ‘meetings’ is what proves to be among the most effective ways of sharing information, discussing, deliberating, giving/receiving feedback, and collaborating to make unified business decisions and plans for the future.

At Mithi, we have consciously developed a culture and a system of conducting in-house meetings on a monthly basis, apart from our daily work-related meets, to address the aforementioned points.

We understand that a healthy team adds value to the organizational alignment and directly or indirectly results in quality improvements (and therefore, customer satisfaction). For this very reason, we strive to keep all our associates ‘in the know’ – whether it is the status of a project, or research, or customer feedback (positive and negative), or the financial angle, or the promotion plans of Mithi.

The focal aim, of Mithi’s Monthly meet, is to create a transparent, competitive and constantly motivated environment at the workplace.

Here’s a sneak peek at our meticulously planned event:

Event Management and Leadership

Every month, this baton is passed on from team to team. Whether it is the backend support guy sitting at his desk all day long, or the product developer who racks his brains to come up with the next ‘Whoa!’ idea, everyone is involved in the planning and execution of Mithi’s Monthly Meet. To make the job easier for all, we pass on the month wise responsibility of managing the meet from team to team. The event not only gives our associates a chance to prove their mettle in their scope of work, but also improves their leadership and managerial skills in terms of handling the meet effectively and efficiently.

Teamwork, Planning, Collaboration and Decision making

Planning, organizing and executing a technical project may be easy for our employees, since they are experts in those domains. But when it comes to doing the same for an event like this, it requires much more than technical knowhow. We encourage individuals to come together and work in teams to surpass the standards set by the teams executing the meet in the preceding month(s). To organize this meet, the teams need to decide a leader from among themselves for the event, meet frequently to decide on a theme and content of the meeting, assign roles to the different members to execute on the plan and monitor the execution of the plan to the finest detail. Every monthly meet is an opportunity to reset the benchmark of the quality and content of the meet.

Interaction, Communication and Presentation

Such an event poses an opportunity for the teams to stand in front of a crowd, compeer the entire event, coordinate the flow of the event and communicate the theme message and content. Teams work on presentation, short movie clips, and other creatives to ensure that their presentation to the audience is of a high level. This event gives an opportunity to the non-presenting teams to understand the work being done by the organizing team, their role in the business and also sensitizes them to that team’s work flows, dependencies on other teams, their efforts, successes and failures.

And the award goes to…

Recognizing the Top Initiatives in the last month and rewarding the stellar performers (Top Job)is on the top of the list of priorities in this event. It is initiatives like these that help Mithi to inspire and push its employees to put their best foot forward each time and collectively improve the operational efficiency. Every member of Mithi is encouraged to nominate their choice for the Top Job and Best Initiative award. A cross team panel sorts out the nominations and decides the award based on the long term impact these people have had on the business with their exemplary work and initiatives.

Related: Mithi’s Hall of Fame: 2014

Unity in Diversity

Bringing teams and individuals together, the monthly event provides everyone at Mithi an opportunity to bond with each other, thus enabling better relationships and fostering unity amongst the diverse group of talented individuals that represent the organization. Team members share their success stories on an organizational level, and this enables healthy competition on the intra-organizational level.

What was, what is, and what will be…

Mithi’s Monthly Meet brings closure to several ongoing projects. The event comprises of presentations, debates, and project reports, thus concluding the projects that have been successfully implemented/completed, and bringing into the picture the ongoing assignments.

We also make it a point to include several team-building and fun activities in these sessions by watching inspirational movies together, playing games, quizzes, and celebrating each other’s success.

Mithi fosters a culture of teamwork and the monthly meet has proved to be a successful exercise that has resulted in increased collaboration, creativity and alignment amongst the various teams and also within the teams.

From BYOD to CYOD: Almost impossible to ignore mobile devices in the workplace

BYOD - Bring Your Own Device

More than a decade ago, owning a mobile phone with a coloured screen was a sure sign that ‘you had arrived’. The next high was the advent of 2G technology, which allowed us to send multimedia messages. Further advances in technology brought us RIM’s Blackberry, which took this to the next level. Executives had now reached the zenith of connectivity by accessing their corporate emails via their Blackberry – a revolution in its own.

Circa 1994, starting with IBM’s ‘Simon’, technically the world’s first Smartphone, the journey has shown a tremendous advance in mobile technology. We have been through the Palm, the Nokia 9000, Kyocera, NTT Docomo and finally the iPhone and other Android Smartphones. You now have the ‘tablet’, which is cheaper than some mobile phones.

Today every ‘Smart Device’, under which I would include the likes of Smartphones, Tablets, Notebooks, and Phablets (and whatever else is in the making), are assured of having business applications like address book, calendar, appointment scheduler, calculator, world time clock and notepad, along with email clients. As these devices become more sophisticated, their use as the final destination for ‘all things mobile’ has become ubiquitous. An interesting aspect is that enterprise mobility is being pushed from the consumer (in this case, the employee) to the enterprise, rather than the other way around.

The concept of ‘Bring Your Own Device’ (BYOD) is here to stay. To BYOD or not to BYOD is not the question anymore. In fact, it has become BYOD versus CYOD (Choose Your Own Device).

What started as a fun, exploratory and downright risky act of using your personal device for your office work, has now become regular, streamlined and structured. Enterprises are beginning to realize that they cannot avoid corporate data from getting into personal devices, and rather than forcing employees into stealth-mode BYOD, it is more pragmatic to encourage it at an official level.

CYOD provides a balance wherein it lets the employee choose a particular device from a range of IT-approved devices. It helps the organization to enforce at least a particular IT-approved level of security along with the advantage of having users assume some costs of buying the device. On the other hand, it gives the user technology familiarity, has a positive effect on employee morale, and gives a boost in productivity.

The advantages of allowing personal devices can be broadly listed as the following:

  1. Personal Productivity and Accessibility: Employees having 24×7 access to email and other Office business applications can help increase an organization’s global reach. It streamlines and speeds up business services like HR self-help or approvals.

    Related: You may be scanning your email more than 30 times a day

  1. Business Content and Collaboration: The ever-increasing volume of communications can now be more proactively managed. It allows the sales force to use their mobile devices in the field to engage prospects and customers instantaneously, thus driving higher sales and an enhanced level of customer engagement. Complete enterprise standard email collaboration allows employees to be virtual.

    Related: Want to improve Sales Productivity and Profitability? Give them a Mobile with Email Access

Some of the primary concerns with reference to using hosted email and other business applications over personal devices include:

  1. Security: Data leaving the premises unaccounted, lost or stolen devices increasing corporate data risk. A study conducted by Osterman Research reveals some shocking facts (shocking for organizations). Fifteen percent of the employees surveyed admitted that they believed that they have ‘none to minimal’ responsibility when it comes to safeguarding the corporate data that is stored on their personal devices. Ten percent went a step further to say that they didn’t even have a basic password or a PIN enabled on their device. Now if this isn’t a potential risk for organizations encouraging the use of personal devices for official work, what is?

    Related: Will 2016 be the Year of the Unemployed CIO?

  1. Personal Use: Organizations worry that allowing personal devices at the workplace could result in employees wasting precious work time to indulge in personal activities like chatting, using social media or exploring other forms of tech entertainment.
  1. Working with Organization’s Technology: Some personal devices may not meet the requirements for being fully compatible with the organization’s policies.

    Related: 7 WANTS of an IT Manager of a Small to Medium sized business

According to a new mobile phone forecast from the International Data Corporation (IDC) Worldwide Quarterly Mobile Phone Tracker, more than 1.25 billion Smartphones will be shipped worldwide in 2014. That number signifies a 23.8% increase from the 1.01 billion units that were shipped in 2013. This is not including the global sales forecast of ~$240 million Tablets for 2014.

Enterprises have to accept and gear up for this change. The IT departments need to start formalizing policies covering acceptable BYOD usage, keeping in mind that it is still a relatively unexplored territory and the near future could bring many surprises.

The average office workers now expect the same consumerism that they have become accustomed to with their personal device, from their office device. Engaging the employee will be equally important as engaging the customer.

We can actually look at Hollywood to get a glimpse of how our not-too-distant future seems to be shaping up. With wearable devices just beginning to peek through the clutter, enterprise mobility is going to hit a whole new dimension. Advances in holographic technology, augmented reality (Google Glass), smartwatches, etc. will lead to the ultimate goal for an organization to allow any employee to be productive everywhere with their preferred tool.

Integrating a third party SMTP anti-virus scanner with Mithi Connect Xf

Mithi Connect Xf can very comfortably work with a port level SMTP anti virus scanner configured on the same or another server. Fundamentally, the anti virus scanner software is configured to intercept incoming and outgoing messages, scan and clean these messages and route them to the Connect Server MTA. Please note that the mail filtering system described above will be a second level filter in this case (double check),which can be disabled if required. This document describes both the scenarios and also lists the popular anti-virus scanners.

A virus scanner on the same Linux server

nstall a Linux based SMTP anti virus scanner on the same server where Mithi Connect Xf is installed. Configure it on port 25 (SMTP) and let it relay the scanned and cleaned messages to another port say 1025. Configure the Connect Server SMTP service to operate on port 1025.

Virus Scanner on the same linux server

Virus Scanner on the same linux server

 

A virus scanner on another server in the network

This scenario is similar to the above. The server on which the anti virus software is installed, receives mail on port 25 and relays to Connect Server on another server on port 1025. Configure the Connect Server SMTP service to operate on port 1025. In this setup, the anti virus scanning software can be installed on any platform (Windows, Linux, Solaris)

virus_scanner_on_another_server

Virus scanner on another server

Compatibility: Popular Anti virus scanners,which can work with Connect Server

Mithi Connect Xf connects to an anti virus scanner over the standard SMTP protocol. Thus, any anti virus scanner, which operates on the SMTP port, and can relay messages to another SMTP port, will naturally work with Connect Server. Some of the popular choices are Trend Micro-Interscan,Symantec, open source anti virus scanners, CX Protect, etc.

Licensing

The open source components or third party components used in the solution are used as per their respective licensing policies. Some of these components are charged. The customer may have to bear this licensing cost depending on the choice of components.