Additional filename attachments, including “.exe”, now blocked in e-mail

For a long time, our mail system has blocked obviously malicious filenames like “443645787823424455.scr”, “Invoice.pdf.exe”, and so on, even if they aren’t actually flagged by the antivirus software we use (which can happen if they’re new viruses that don’t yet have matching patterns).

Recently, we’ve seen a dramatic increase in simpler names where the virus author doesn’t even try to hide the fact that it’s a program: things as simple as “Invoice.exe” in a zip file. We’ve received a couple of reports that people unzipped these, ran them, and clicked past the Windows warning saying that programs from the Internet can harm your computer — perhaps assuming that if it wasn’t flagged by either our virus scanner or the virus scanner on their own computer, it must be okay.

We want to make sure our customers never fall victim to anything like this, so we’ve expanded our blocked filename patterns to include simple “.exe” files (and other additions). This may very occasionally reject legitimate messages with an error asking the sender to rename the file and resend it, but it will solve far more problems than it causes.

We’re using the same list of filename extensions that Gmail uses — if we block it, Gmail would block it, too. You can find more information on our support page about virus scanning.

Read the rest of this entry »

Compression of stored e-mail

We’ve recently upgraded the Dovecot mail server software we use, and a new feature allows us to do something we’ve wanted to do for a long time: compress stored mail on our servers. We’ll be starting to do that over the next few weeks.

Compressing mail happens invisibly on our end. It makes no difference to what you see in your mail program, and you don’t need to do anything or worry about it.

The benefit to our customers is that it saves 20-30% of the disk space the messages use. While most of our customers don’t store very large amounts of mail on our servers, those who do will see their disk space usage drop by 20-30%.

Read the rest of this entry »

Problems with mail forwarding from “@cs.com” addresses

A customer recently reported problems when forwarding mail sent from a “@cs.com” CompuServe address to a Yahoo or Gmail address. Yahoo completely rejects the forwarded message and Gmail puts it in a “spam” folder.

This is caused by a misconfiguration at cs.com, and happens whenever anyone, anywhere, forwards @cs.com mail. It’s not related to our service in particular. However, we’ve reported this to cs.com in the hope that they’ll fix it.

Until they do so, there’s no way to avoid this problem except by having the sender send mail directly to the final destination address, or converting the forwarding address to a mailbox. (This problem is another example of the general rule that “a mailbox is usually more reliable than a forwarding address, because forwarding involves two places where things can go wrong instead of just one”.)

Read the rest of this entry »

Avoiding DMARC mail bounces with Contact Form 7

We recently explained how to avoid DMARC mail delivery problems with the “Gravity Forms” WordPress plugin.

We’ve added a support article explaining how to avoid DMARC mail delivery problems with the similar “Contact Form 7” plugin, too.

If you use either of these plugins and you’re seeing mail rejected with errors about “DMARC”, the links above will help you fix it.

Ensuring sent mail doesn’t bounce with the Gravity Forms plugin

If you use the Gravity Forms WordPress plugin, be sure you don’t set it to send mail “from” the e-mail address of the person filling out the form. If you do, you’ll have trouble due to recent “DMARC” anti-forgery changes some companies (including AOL and Yahoo) have made.

To avoid problems, make sure that Gravity Forms (and other such forms) send mail “from” the Web site domain name the form uses. For instance, if your Web site is at www.example.com, you could send mail from “notifications@example.com”. Here’s a helpful page that explains how to properly set up the Gravity Forms address with DMARC in mind.

By the way, this is just a specific case of the general rule of “don’t send mail from addresses you don’t own”. The simple way to think of it is that you’re not (say) AOL or Yahoo, so your Web site shouldn’t send mail claiming it’s from aol.com or yahoo.com addresses. AOL and Yahoo don’t want other people doing that. Always send mail only from your own domain name.

Mailman updated to avoid DMARC problem

In recent days, Yahoo and AOL made technical changes that prevented their own users from sending messages to most mailing lists. (That’s a simplified summary; your favorite search engine will show the gory details if you search for “Yahoo DMARC mailing lists”.)

If you use the Mailman software to run discussion lists, like many of our customers, this is a problem. To fix it, the authors of the Mailman software are making a new version to work around the Yahoo and AOL change.

That new version hasn’t been officially released yet, but we think this is so important that we’ve upgraded our installed copy of Mailman to a “pre-release” version of the fixed software.

Yahoo and AOL users should now be able to send to our customers’ Mailman lists without trouble.

Read the rest of this entry »

Seeing more bounces for yahoo.com addresses? It’s not just you.

Over the last couple of days, mail from yahoo.com addresses has been “bouncing” a lot more than usual, often with error messages about “policy” or “DMARC” problems. This is especially true for messages involving mailing lists or forwarding from other addresses.

If you see this happening, it isn’t because of anything wrong on your end, or our end. It’s happening all over the Internet.

Read the rest of this entry »

Old e-mail programs with expired SSL certificates

Some customers using very old e-mail programs (such as Microsoft Entourage and Netscape Mail) have complained that their programs have started showing a warning that the “Certificate Authority Is Expired” or “Unable to establish a secure connection”. These old e-mail programs have certificates for common “root certificate authorities” built into them, with expiration dates that have now passed. There is no way to update the root certificates which are built into these old programs, unfortunately, so these e-mail programs will always complain that the root certificates are expired and thus no longer valid. This is not a problem with our e-mail servers, but instead is a problem with the old e-mail programs — they were never expected to be used this long.

If this is happening to you, there are three possible actions.

Read the rest of this entry »

AOL mail delivery delays (resolved)

Update 5:00 PM December 27: AOL has resolved the problem described below. All delayed mail has been delivered, and all services are operating normally.

Read the rest of this entry »

AOL mail delivery delayed (resolved)

Update 6:20 PM October 11: AOL has resolved the problem described below. All delayed mail has been delivered, and all services are operating normally.

Read the rest of this entry »