The other day I found myself locked out of a mission critical system, and unable to get the password reset emails that this system allegedly kept sending. Being the admin of the receiving system, I had full access to all logs and filtering, and was absolutely positive that the reset messages were not getting to my front door, let alone being filtered out by some anti-spam filtering in place. If this sounds familiar, or even interesting, read on to learn more about this interesting situation. Continue reading Troubleshooting MX Weights

One of the most frustrating jobs you can have in information technology is that of customer support. When it comes to users there are all types that folks in support have to deal with. There are those who know nothing; they are the ones who the codes ID10T and PEBCAK were created for. Then there are those who know enough to be dangerous. They call after they have done their “troubleshooting.” Yes, they have turned it off and turned it back on, but they probably have also tried to renew the IP address and done a TRACERT when they can’t find Outlook’s personal folder. Of course, they have let you know the litany of things they have done also.

As an email admin, addressing the problems users have can be quite frustrating; but worse are the calls when our users want us to actually do something basic for them. When we get these calls or tickets we often think of a million things we could be doing with our time.

To help wean you users off of support for the most basic Outlook tasks it would behoove you to build a user training program. Setting up a simple wiki that lets you post steps, videos and answer questions is relatively simple and can save you a great deal of time in the long run. The technical part is easy. Setting up an internal web server and installing wiki software , or even a learning management application, can be done with someone that has even minimal technical skills. Coming up with the curriculum; that can be the hard part. Continue reading Training Users in Outlook

Last Summer I wrote an article called “Firewalls Between Exchange Servers? Not On My Network!” where I addressed some of the supportability issues that come up when the network and/or security team wants to put a firewall between various components of an Exchange infrastructure. In that post, I discussed why this was unsupported, that it was a bad idea to do it anyway, and what one could expect if one went ahead and did it anyway. In short, bad things. Continue reading Got Firewalls? Read This Now.

As dissatisfaction with email continues to mount, and the Zero Inbox movement gains momentum, more and more organizations will be looking at email management solutions to solve their email woes.

Are those hopes misplaced?

Certainly there have been management solutions that have been grabbing a lot of attention lately. For example, SaneBox. Continue reading Email challenge may defy management

It’s been a long time coming, but Microsoft has finally released the long-awaited update for their PST Capture Tool. We first talked about this tool back in February of last year, and while the original release of the tool was very effective at helping small businesses to import all their PSTs into “real” mailboxes, it had a significant limitation-it only worked with organisations having less than one thousand mailboxes. This limit was acknowledged and Microsoft promised an update. Well, it’s finally here. The PST Capture Tool 2.0 has finally been released. In addition to removing the one thousand mailbox limit, there’s more new goodness in 2.0. Here’s what you want to know. Continue reading PST Capture Tool 2.0 Released

Just recently, Twitter announced that if you receive an email from them you need not worry about the email being a phishing attack using a spoofed address. The email is authentic because of their use of DMARC email authentication.

DMARC, or Domain based Message Authentication Reporting and Comformance, is a standard that governs email authentication mechanisms like Sender Policy Framework and DomainKeys Identified Mail (SPF and DKIM respectively). Working with email clients like Gmail, AOL, Yahoo Mail and Microsoft’s Hotmail and Outlook, DMARC promises to authenticate outbound mail so that when it arrives in a sender’s inbox they can be assured it is not a fake.

However this looks again like a silver bullet hope that will solve the spam/phishing/malicious email plague that threatens so many people.

Businesses leaders often see these as signs that spam is no longer a problem. Much like the news reports that claim, “Spam is Dead” or even those that show spam levels are down do some serious damage to email security. The damage comes as a result of decision makers not seeing malicious email as a real threat. After all, if spam is dead and DMARC can prove that emails are real then the question of why do we need to spend money on additional security becomes a big question. Continue reading The Layers of Email Security

A serious problem with the implementation of Exchange ActiveSync in the latest version of Apple’s iOS mobile operating system was addressed this week in an OS update.

Meanwhile, administrators were alerted by Blackberry that a flaw was discovered in its server software that could be exploited to run code on it remotely.

Apple’s update, version 6.1.2 of iOS, fixes a problem that occurs when a device accepts an exception to a recurring calendar event. Continue reading Apple fixes ActiveSync bug, Blackberry stumbles

A technology that’s been actively deployed for just over a year has been rapidly adopted across the globe by organizations wanting to ward off phishing attacks.

DMARC — Domain-based Message Authentication, Reporting & Conformance — is an email specification designed to work with two popular email authentication methods, SPF and DKIM.

The Sender Policy Framework (SPF) authenticates where an email originates by comparing its IP address to a list of valid IP addresses submitted by the domain owner to the Domain Name System. If a message arrives at a mail exchange saying it’s from a certain domain, but the IP address where it came from doesn’t correspond to the addresses in the SPF record for that domain, the message is bounced.

DomainKeys Identified Mail (DKIM) insures a message’s origin by attaching a cryptographic digital signature to it that associates a message to a domain. That signature can be reviewed at any point in the message’s path to its destination. Continue reading Anti-phshing technology DMARC touts achievements

There are some people who receive hundreds of email messages every day. Even those who are not on that end of the spectrum often complain that they spend too much time each day opening, reading, deleting and responding to emails; causing them a great deal of stress.

As an email administrator this can be problematic because when people find a technology to be burdensome they might avoid using it, or even worse, lose respect for the policies and governing practices associated with that technology.

In plain English, if your users are stressed, when they use their email they might make mistakes or act carelessly. Careless users leave the door open for spear phishing attacks and other email threats; and that can be problematic for any organization.

To help keep your users a bit more relaxed when it comes to their email, they need to be taught how to better manage it. It doesn’t matter if they are overwhelmed by only a few emails a day; if they are shown ways to keep their inbox under control your job will be much easier. Continue reading Help Your Users Manage Their Inbox

With Exchange 2013 now available, the training industry has started rolling out products to get administrators up to speed on the new software.

TrainSignal, for example, has just released a set of training videos, Exchange Server 2013 Administration Training, by well-known Exchange expert, J. Peter Bruzzese.

“With Exchange 2013 Administration I’ll take you from deployment through Unified Messaging and High Availability,” Bruzzese said in a statement. “By the end of this course you’ll be able to fully administer an Exchange 2013 organization.”

In the videos, Bruzzese runs down best practices for getting the most out of the new Exchange. Topics covered in the training include:

• Deployment decisions and prerequisites.
• Mailbox configuration.
• Mobile device management.
• Unified messaging integration.
• Disaster recovery and high availability. Continue reading Exchange 2013 training gets into gear