Having trouble sending to Gmail? (resolved)

If you’ve had trouble sending to Gmail addresses today or yesterday (December 14 or 15), where an address that you know is valid bounces back with “The email account that you tried to reach does not exist”, the problem isn’t you, or us. Gmail had a problem that caused this for all senders, seen on their status pages yesterday and today, with the latter confirming “Affected users received a bounce notification with the error “The email account that you tried to reach does not exist” after sending an email to addresses ending in @gmail.com”.

They also confirmed it on Twitter:

They say the problem is resolved now, so if it happened to you, it should work if you try sending again.

Thunderbird version 78 and ESET Internet Security

If you use the Mozilla Thunderbird email program, and it won’t retrieve mail after updating to the latest Thunderbird version 78, this can be caused by a bug in the “ESET Internet Security” (or “Smart Security”) firewall/antivirus program.

In particular, if you use ESET and Thunderbird just hangs with a message saying “checking mail server capabilities”, ESET is almost certainly the cause. There are several threads on their forums about it ([1], [2]), and it’s not related to our servers — Thunderbird 78 works fine with our servers in general.

If this problem is happening to you, ESET has a page explaining how to workaround the bug and get Thunderbird working again.

Microsoft Outlook crashing?

Is your copy of Microsoft Outlook crashing when you start it today? If so, it’s not just you, and it’s not a problem on our end. It’s a bug in the latest Outlook update that Microsoft is aware of:

This page at Bleeping Computer describes how you can switch back to an older version, and you can also use our Webmail pages to read your email if you need to.

Extortion scams that claim to have hacked your account

We’ve seen a few reports recently of customers receiving messages that begin something like this:

I’m going to cut to the chase. I am aware [redacted] is your pass word. More to the point, I know your secret and I’ve evidence of your secret. You don’t know me personally and no one paid me to examine you.

Or like this:

You may not know me and you are probably wondering why you are getting this e mail, right? I’m a hacker who cracked your email and devices a few months ago. Do not try to contact me or find me, it is impossible, since I sent you an email from YOUR hacked account.

The message then goes on to demand money (usually in the form of a Bitcoin ransom) in order to not reveal your “secret”.

These are a scam; you should ignore them. The mail is sent in bulk by spammers to millions of people, just like any other spam, and they know nothing about you beyond your email address and possibly a password they stole from another site. Our filters block most of these (we’re blocking more than a dozen per day per account, on average), but unfortunately no filter can block all spam messages, and the spammers are constantly changing them to get around the blocking.

You can find more information on sites like Sophos and Krebs on Security.

Read the rest of this entry »

Having trouble with Outlook 2011 for Mac and SSL?

A couple of customers have recently contacted us about problems with Outlook 2011 for Mac when it’s configured to make SSL connections.

Outlook 2011 for Mac has a bug: It tries to use the long-obsolete “SSLv2” protocol that is no longer supported on modern mail servers, including ours. If your network also uses a very common kind of firewall that prevents “client-initiated SSL/TLS session renegotiation”, SSL connections will simply fail.

The best solution to this is to upgrade to a modern version of Outlook. Outlook 2016 for Mac, for example, doesn’t have this problem.

Read the rest of this entry »

Outlook 2016 bug for POP accounts

Recently, we’ve had quite a few customers write in to complain that their copy of Outlook 2016 is behaving incorrectly: it is either deleting messages from the server when it is not supposed to do so, or it is downloading duplicate copies of mail from the server. This happens for POP accounts, not for IMAP accounts (which is what we normally recommend customers to use).

These problems happen because of a bug in Outlook 2016. Microsoft has a Web page that explains the problem as well as the solution (upgrade Outlook).

Outlook error 0x800CCC13 and Windows 10

We’ve had reports of an error message like this in Outlook when using Windows 10:

error (0x800CCC13): Cannot connect to the network. Verify your network connection or modem.

If this happens to you, it’s because of a problem with Windows 10, not with Outlook or our servers. According to the Microsoft page about it, updating Windows 10 should fix it. If it doesn’t, they suggest using a “workaround” to repair corrupted files on your computer.

Cleaning compromised sites while moving them to Tiger Technologies

One issue we (unfortunately) have lots of experience with is fixing a WordPress site after we discover it’s been “hacked”. But while it’s one thing to try to clean a Web site after it got infected on our servers, it’s essentially impossible to try to clean a Web site that was infected on another server and is being transferred to our servers.

We have a page with more information, including:

  • why this is a problem, and the related risks of not fixing it
  • why the normal way of fixing a site isn’t sufficient
  • how to fix the problem

Out-of-date WordPress sites will get hacked

I’m going to use annoyingly big type, on an annoying yellow background, because it’s important:

If you use WordPress, you MUST update your plugins and themes whenever you see that an update is available. If you don’t, your site will eventually be “hacked” because of a security bug in old software. The contents of your site will be replaced with something malicious, and your e-mail will be used to send offensive spam.

We have a page with more information, including:

  • why this is a problem
  • why it would happen to your site in particular
  • the two most common ways sites get hacked
  • the risks of not fixing it
  • the risks of inactive plugins and themes
  • the steps to update WordPress properly

Blocking very weak WordPress login passwords

Recently, we’ve been seeing more and more WordPress sites maliciously “hacked” because our customer chose a weak password like “admin”, “password”, “temp”, “test”, or “wordpress”.

If you use a password like this, “hackers” maybe able to guess it and login before rate-limiting stops them from guessing stronger passwords.

Hackers are using automated software to try to login to millions of WordPress sites every day with these passwords. Because so many sites are being compromised this way, we’ve taken the fairly radical step of blocking all WordPress logins that use them.

Read the rest of this entry »