Microsoft’s latest change to their spam checking software has resulted in a new email rejection notice being sent. Many legitimate users who are sending important emails to Hotmail and Outlook.com email users are not getting through.

The new notice reads:

DB8EUR05FT024.mail.protection.outlook.com rejected your message to the following e-mail addresses:
xxxxx@hotmail.co.uk (xxxxx@hotmail.co.uk)
DB8EUR05FT024.mail.protection.outlook.com gave this error:
Unfortunately, messages from [xxx.xxx.xxx.xxx] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [DB8EUR05FT024.eop-eur05.prod.protection.outlook.com]
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.

What does it show us

The notice shows that they are using some of the doggy block lists that have been around for many years. Generally these block as much legitimate email as they do spam. They are not at all the best way to reduce spam in an email system. At the time of writing the above address for removal from the list is not working. We are therefore unable to get our IP addresses removed from their list.

How should they stop spam

No-one can deny that spam is a bad thing, particularly the phishing emails that allow hackers to hack your email account. These emails should be stopped but this is not the way to do that. This is a very lazy way to block spam. Considering the amount of money that these large companies make from the so-called FREE services, they should invest some of it back in to the service. Make the spam filtering better, don’t block everything.

It is still unclear as to whether or not you will have to pay to be removed. The normal block lists of this kind offer a “service” to be removed from their block lists when your IP address falls in to one of their ranges. Bearing in mind that ISPs may have tens or even hundreds of thousands of IPs and in some cases millions of IP addresses in their range which they then sell to or use for clients. If one of these IP addresses is suspected of sending spam then the entire range can be blocked causing major problems for businesses. Their intent is to get businesses to petition the ISP to stop the spam from going from their network.

What should you do

If you want to get decent spam filtering without losing important emails, then we recommend that you use this service for your spam and virus checking. If you use Hotmail or Outlook.com then we recommend that you change your email provider to SecuredMail.App.  You can optionally have an email sent to you with all the emails that are considered to be spam. That way you will never miss an important email. No bulk IP address blocking, however you can set geographical policies. Very powerful, easy to use and accurate.

Stay safe

CritchCorp Support

This is a question we are often asked:

Why should I pay for email when I can get Google Mail for Free?

There are many reasons for this; we usually don’t need to mention more than a couple before people understand the importance of paid versus free email.

Firstly, I believe that if you use email for business then it is not a good sign for your business if you use insecure free email to keep customer data. The fact that you can’t or won’t attempt to look professional and keep the basics, email, secure as possible, is a big indicator of other parts of your business where you may not have adequate standards and for many that mean potential clients will be put off. I personally will not use anyone who uses a free email address for any type of business. Using your own domain and email is not necessarily expensive and is no guarantee of anything, but it is the first hurdle and if you fail here it doesn’t matter that you have any awards for this and that and customer comments and reviews because I will not entertain the idea. This is shared by many people that I know. Remember that fraudsters generally don’t bother to use their own domain name as they need to keep costs down and be able to change at the drop of a hat, so they use free email. Most people who sign up to us with free email accounts were just fraudsters trying their luck with us, that is why we no longer accept free email account signups.

Even if you don’t use it for work or business then it’s better to have your own domain and email that you can control. Anyone can get a free email from Google and most fraudsters use Gmail or some other free email account to con people all the time, so you really will put some people off from even looking at you if your email address is a free account. I know that I will not entertain any business that uses them and one of the main reasons is below.

It is important to say that if you don’t care about your email and who is reading it then you may be able to use free email account such as Gmail. I have a Gmail account myself. I use it mostly for testing purposes, sending and receiving test emails from/to servers that I am testing so I can be sure that email is getting in to and out of our network correctly. The only thing that any one will find is test emails, so I am not concerned with who else reads it.

Why would you be concerned with who else reads your email?

Well, it surprises me just how many people don’t bother to read all of Googles various, complicated and hard to follow and sometimes hard to find terms of service and all the addendums that you agree to in order to use their services. Google does own some 50+ companies and is listed, at time of writing, as the third biggest company in the world by turnover, or at least its parent company Alphabet is. Do you think they are that big because of the free services? Well actually yes, they are in part. If you have the time to read all of their T’s and C’s then you will note the following:

(Concise version) – By using their services you give Google and anyone else they want, UNLIMITED LICENSE TO USE, MODIFY, RESELL, AND ANYTHING ELSE THEY WANT WITH ALL YOUR DATA. Yes every email you send or receive, they can use, including the attachments to do whatever they want with. If you send your latest play or movie script using or receive it in your Gmail account, you allow them to use it as they want. They can take your idea, change it and make the movie themselves. They don’t even need to change it as you gave them unrestricted license to do as they please.

You can read the full details here: https://policies.google.com/terms?gl=UK&hl=en but below is the extract verbatim that I refer to, I have underlined the interesting bit, they do their best to make it sound soft and cuddly but read it carefully:

When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure you have the necessary rights to grant us this license for any content that you submit to our Services.

The last line is particularly important as you must have the rights to the content you are sending/receiving in order to be able to grant this license to others or you are in breach of the copyright of copyright holder who can sue you for breach of copyright because you sent it using Gmail.

This happened recently on another free service, Flickr, where a model had some pictures taken by a professional photographer, uploaded them to her account, but she didn’t realise that she did not hold the copyright to the pictures of herself but the photographer. As there is a similar granting of license to them as with Google as with all the other free services that I have looked at, she was promptly sued by the photographer.

This sort of thing is not new, Microsoft’s Hotmail used to have in it’s terms and conditions that anything you uploaded, sent or received actually belonged to them and not you at all. This was challenged and they backed down after some media attention and replaced it with you granting them an unlimited perpetual license to do as they please with it which is now used by everyone. Free just means you don’t pay up front, but they make their money out you. It’s better to retain control over how companies make money from your custom rather than letting them run freely to do whatever they like behind your back.

Also the new GDPR (or Data Protection Act 2018 in the UK) can cause a business using any free service a hassle. That is because you are required to keep personal data secure and you can’t do that if you send any personal data through a free email account as you grant the right to Google and anyone else they see fit to do with it they please, leaving you, not them responsible and quite likely in breach as you have effectively lost control of the data.

There are many other reasons to add to this discussion as well but I think there is enough to think about here.

CritchCorp Computers Ltd offers email accounts from as low as £1.50+vat per month. With cloud accounts you have many more features to help you secure your email, using encryption etc. Keep your business or home email safe by making sure you have control over your email.

Keep Safe

CritchCorp Computers Ltd

Don’t forget to check out these other Products too

You can also read more about us and the products and services we offer.

If you regularly keep up-to-date with security news then you will have heard all about this story. This is intended for those who do not keep up with the news or find it too complicated or technical to follow, or just don’t have time to keep up to date with this stuff. As this is an important story, I have written this brief article about here.

Firstly, who is Mat Honan? He is reporter for Wired magazine and former senior reporter for Gizmodo. He knows a thing or two about technology.

This is a brief sumary about what happened to him a couple of weeks ago. Just so you can be aware and not make the same mistakes as he did. He thought he was safe because he used secure long gibberish passwords, but that did not help him in this case.

In the space of one hour Mat’s entire digital life was destroyed. Here is the order of things that were done:

1. Google account taken over, then deleted
2. Twitter account taken over
3. Apple ID taken over and remotely erased his iPhone, iPad and MacBook

Here is how they did it and what you need to watch out for.

The hackers were only after his Twitter account as he has a nice handle (@mat). To get to this they destroyed his digital life. Firstly, they noticed that his Twitter account was connected to his personal website. On his personal website they found his GMail.com address. Using Google Mails account recovery they discovered that he had a @me.com address, which he used as the backup to receive password resets to.They also had his name and address, which they obtained form his website but could be obtained in a number of ways. Lets face it every time you order pizza you give your name and address, you probably chuck out lots of junk mail with your name and address on it. There are also numerous ways on line to get that information. So, with this information they phoned, yes phoned Amazon. Claiming to be Mat they said that they wanted to add a credit card to their account. With the Name and billing address they were able to do this and using a credit card number made up by a website devoted to generating numbers that conform to the algorithms used they added a card to his account. They then hung up and phoned back and said that they could not get in to their account (Mat’s account). They were then asked for their name, billing address and a credit card on file. Using the credit card they had just added they were then able to add a new email address to the account. They then went to the Amazon website and preformed a password reset to the new email address that they had just added.

They can now see all the credit cards that had been previously added to the account, including the real card that Mat uses. Granted it is only the last four digits of the card as that is what Amazon considers safe to show you (as do a lot of other companies). They now called Apple Care and said that they had lost access to their (Mat’s) @me.com account. Apple kindly helped this fake Mat to recover his password using a temporary password which they issue over the phone which you can then use to access the account and to change the password to the account. This was issued despite the fact that the hackers could not answer any of the security questions on file!! In the end all they needed was his name address and yes, you guessed it the last four digits of a credit card on file.

Once they had hacked in to his @me.com account they could send a password reset from his Twitter account which went to his @me.com address and they quickly reset his twitter account password. This was there intended goal as they could now tweet in his name and upset his followers, just for the fun of it!

Here is the horrible bit: In order to stop Mat from regaining control over his account, they did the following. Deleted his GMail account. Preformed a wipe on his iPhone, iPad and MacBook, thus deleting his entire and only copies of his daughters first year and a half pictures and pictures of relative who are no longer in this word. It was not the intention of the hackers to delete these things but just collateral damage to the main goal, his Twitter account.

You need to be aware of where your accounts lead to and what information you leak out on them. Information these days is very easy to get to because people do not protect it well enough.

Amazon has since confirmed that it will no longer accept information over the phone in this way. Apple has not confirmed yet that it has closed these obvious loop holes, however it did make immediate temporary message and stopped issuing temporary password over the phone, we are still waiting to see what their permanent fix will be.

It is important to note that the companies followed their procedures and the procedures let the customer down. We make it easy from a customer service point of view and that lets the bad guys get in too. It is a shame that we need to have any security at all, it would be nice if we could just have username and no need for a password, but we need passwords and we need to make sure that they are secure and the problem that most companies face is keeping the customer happy, wand secure and that is a tall order as most of the time convenience is the enemy of security. The easiest way to thin of it is a sliding scale with security on one side and convenience on the other. The more convenient we make it the less secure we make it.

Keep your personal data private and do not exposes it unnecessarily. As I have always said, best to have your own domain name and email address and not to use a free generic one for any of your key services, one that you can maintain complete control of and cannot be taken over in anyway by use of social engineering attacks, such as this one. Don’t get me wrong, there are uses for the free accounts but not as your main email address and not as password recovery addresses as these free accounts are constantly hacked in to by this and other methods. They are far too liable to this kind of attack.

CritchCorp.