Credit card numbers of Argos customers were exposed in emails sent to them.

An email snafu by an online catalogue company is a good example of why both inbound and outbound electronic correspondence should be filtered not only to ensure that nasty payloads aren’t delivered to an organization but also to prevent sensitive information from being exposed to unsavory elements.

The email blunder involved a company called Argos. It is a multi-channel retailer, based in the United Kingdom, of merchandise for the home. During its last financial year, it had more than $6.4 billion in sales, 26 percent of it from the Internet.

After a probe by PC Pro magazine, it was discovered that the High Street retailer was sending out the credit card numbers of their online customers in plaintext emails confirming purchases. Should the emails be intercepted in transit or otherwise hijacked, the credit card information could be used for fraudulent charges.

What’s worse, the emails also contain an Internet link, or URL, that contains the recipient’s name, address and credit card details. If the customer clicks on the link, the URL containing the personal information would become part of the customer’s browser history, where it could be vulnerable to cyber snoopers. Moreover, the URL would be stored in the service logs of whomever is providing the customer with Internet service–his or her employer or ISP–as well as in Argos’s web analytics software which captures URLs used to access its Web site.

Two victims of the security lapse by Argos were cited by PC pro. Paul Lomax, chief technology officer at Dennis Publishing, and Tony Graham, reader of the publication. Both reported their credit card details stolen after receiving the vulnerable emails from the retailer.

Graham discovered the gaff when searching through his email for the last four digits of his credit card number. When he checked a message from Argos that appeared in the search results, he was puzzled. No credit card numbers appeared in the text of the correspondence. It was only when he opened up the source code behind the email that he discovered the URL bursting with personal and sensitive information.

Continue reading Solid email security requires inbound and outbound filtering

I am in contact with system administrators, network administrators and email administrators from multiple corporations on a daily basis. Quite often I hear from administrators or their higher level directors that some of their applications are running slow.

We’ll start off with a series of diagnostic techniques that will include testing their network connections, verifying that all patches and updates are in place and then monitoring and measuring user response times with specific tools targeted at their applications.

Email applications such as Outlook will invariably slow down over time and often the problem is identified as a memory issue. The simplest solution is to throw more memory at the problem but that also involves more money, something that most companies try to avoid as a possible solution. Especially in these times of constrained budgets, budget cuts and longer, more involved approval cycles with lower and lower management-required-signature purchase thresholds.

So when a slow response time for an email application has been determined to be related to memory leaks it will be followed by a sigh of relief that the company will not require additional monies to correct this issue.

When an admin receives multiple notifications that Outlook has reached a high watermark with respect to their virtual memory limits then the admin can sometimes take corrective measures such as closing down more than a couple of other applications to free up that memory. Sometimes an admin may also need to disable some of the add-ins that are running in Outlook.

Some add-ins have a search capability which can gobble up memory like a hungry man on Thanksgiving. This issue can be indicative of an inefficient garbage collection process within an application and only remedied by going back to the software vendor with data and application scenario so that the vendor can reproduce the problem on their end. Most C# code is managed and garbage collected but sometimes the cleanup process may not be running as efficiently as possible. So further review of the code is needed and hence a good data set and description of the environment will help in the vendor diagnostics.

Continue reading How to solve Outlook Memory Leak Issues

The process of making a connection between Outlook and Exchange can sometimes be problematic. Sometimes the network is not up or the connection information for either the client or the server may have changed or become corrupted.

When unable to make a connection between the client and the server a variety of error messages can be displayed: some alone and others in combination with each other. One such error message that a user or administrator may see displayed is the following:

“Exchange is currently in recovery mode. You can either connect to your Exchange server using the network, work offline, or cancel this logon.”

There are a couple different reasons for this message as well as multiple solutions. Most of the time the error message is displayed because of a difference in the cached copies of the mailboxes stored on the local client and of the cached copies stored on the Exchange server. This problem can be resolved by disabling the cached Exchange mode on Outlook, restarting Outlook and then resetting the cached Exchange mode on Outlook back to enabled status.

The “Exchange is currently in recovery mode” can also indicate that there are configuration issues with the Domain Name System (DNS) settings. This could also be the result of a connection problem either on the client or on the server. And it could also mean that the DNS server itself is down and thus not providing name resolution services.

Continue reading How to solve the Exchange in Recovery Mode Error

Outlook is a great tool for exchanging emails with friends and co-workers. Lots of times we send emails that are important enough that they need to be printed out and taken to business meetings and we usually taking the process of printing a document or email for granted.

But when we can’t print out an otherwise unimportant email then all of a sudden that print job takes on much higher priority in our lives.

Other times we are able to print out a much needed document for an important meeting and rush to grab it, run down the hall, plop ourselves down at the conference table and then start passing out copies only to discover that our print job appears discolored, grayed out or lighter in appearance than normal. We curse and say that we will never use that printer again. But later we find out that the problem was never with the printer but with problem with Outlook, particularly with Outlook 2007.

In Outlook 2007, there was a bug discovered related to color categories and printing which resulted in darker colors being printed lighter than normal.

Outlook allows the user to be able to assign Color Categories which adds another dimension to organizing your data or, in the case of email, organizing your email contents. Color Categories give your end users the ability to categorize their emails, contacts or appointments. Folders can then be created based on those categories and then filled with email messages which fit those categories. (Unfortunately IMAP accounts are not supported.)

Now let’s get back to the dark colors being printed much lighter than otherwise expected problem.

Continue reading Troubleshooting Outlook Printing Problems

I have faith that readers of this blog have enough good sense not to use social networking sites to send important emails. However, some of your users may lack that good sense, and so it behooves us all to send out a common sense reminder every now and then—only use your official corporate email for anything important or sensitive! Save the Facebook email messages for updates about parties, casual observations, and idle gossip.

Wall Street Journal reporter Zach Seward got to have a glimpse of some of that idle gossip last week after Facebook made a major blunder, and some people received emails from complete strangers that were meant for somebody else. Seward gives us a glimpse of what goes on in Facebook with a few unnamed excerpts. The editor became privy to love triangles, petty jealousies, teenage parties and other truly fascinating but private missives.

The glitch was caught shortly after it started and was resolved, but not before several emails were incorrectly routed. Although there is no data being released as to how many users were affected, Facebook noted that “During our regular code push early Wednesday evening, a bug caused some misrouting to a small number of users for a short period of time.”

There have been other security blunders in the past, including a glitch in March 2008 that made it possible to publicly view photos that had been marked as private.

A report on the Wall Street Journal details the experience of a Journal editor who received several of the errant messages. According to the report, the editor received over 100 messages, ranging from ordinary to explicit.

Facebook recently redesigned its inbox interface to make it resemble Gmail.

Occasionally sending and receiving emails can pose problems for end users. One of the more serious problems is when users are unable to receive their email messages.

A sample error message related to being unable to receive emails is the following:

“Outlook is unable to connect to your outgoing (SMTP) email server”

This error message can occur if Outlook is trying to retrieve email messages from a Post Office Protocol (POP3) email server. It can also be produced if Outlook is trying to retrieve email messages from a Simple Mail Transfer Protocol (SMTP) email servers.

It is also possible that you may receive the error code 0×80042109 along with the above error message. This can happen if an end user is attempting to send a message via an email server and they are then asked to provide their login credentials. However, if the OK button is clicked again it will only result in another login prompt being displayed. And, instead of selecting the OK button, if the user hits the Cancel button then the following error message is displayed:

Task ‘<SMTP server name> – Sending and Receiving’ reported error (0×80042109): ‘Outlook is unable to connect to your outgoing (SMTP) email server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).’

A workaround for this problem is to create a new profile for the user account. The current email server is not responding to the existing user’s profile. A new profile will correct this problem.

Continue reading Troubleshooting Error Code 80042109

These days everyone is well aware of the needs for security and the value of firewalls, anti-virus and anti-spam software and the many other protection measures in the enterprise.

But sometimes too much security can actually inhibit productivity. At the very least it might be considered an annoyance but some end users. And at its worst too much security can become redundant with many features and function overlapping one another.

Sometimes your users are attempting to open email attachments from the outside they will receive messages indicating that they are not allowed to access those attachments. In Outlook 2000 such messages look like the following:

“Outlook blocked access to the following potentially unsafe attachments.”

If Outlook blocks an attachment, then end users cannot save, delete, open, print, or otherwise work with the attachment in Outlook. However, there are several methods available which will allow end users the capability to safely access those attachments.

The reason why some users receive the attachment blocked message is that with Outlook 2000 SR-1 and SR-1a there was a new security feature included which prevented some attachments from being opened if they were categorized as containing potentially unsafe data. This feature was very useful since a lot of malicious attacks coming in from the outside could easily be disguised as or hidden in attachments. Continue reading Blocked Access to Outlook Attachments

It is to most end users’ benefits to have the ability to work in an off-line mode. We frequently see people working away on reports or email while traveling on airplanes or working in places that do not have internet access.

End users have the option to work in an off-line mode while working on their email. They are able to do this because Outlook supports files known as dot OST (.OST) files. These dot OST files are Offline Folder files that allow users to make changes to their email files and then, at a later or more convenient time, synchronize those changes with the Exchange server.

But sometimes they may encounter performance problems when they are working with items in a large dot OST file. One of the problems they may have is that Outlook stops responding or hangs during normal usage. End users will more than likely be in the middle of an email activity such as reading emails, saving emails or deleting emails.

Earlier versions of Outlook, prior to Outlook 2007, did not exhibit these problems. Most often the slow response or no response problems are with very large dot OST files that are greater than four Gigabytes (4GB). Slow response times can be seen during email downloads or during synchronization and will often take longer and longer as the dot OST file continues to increase in size. Administrators should note that the slower the disk speed is then, the more likely it is that the slower response times will be seen.

Microsoft made changes when they introduced Outlook 2007 and some of those changes contributed to the slow response time. One of those changes occurred in how data was written to disk. As the number of items in the dot OST files increased then how often data was being written to the disk drives was also increased. Part of this methodology was meant to accommodate the new data structures of the dot OST files.

Continue reading Troubleshooting Large OST Files

One very useful feature of Exchange server is that of the Autodiscover service. Microsoft Exchange Server 2010 provides a feature known as the Autodiscover service which is used to configure the user profiles of Outlook 2007 or Outlook 2010 clients. Additionally it is also supported on phones running Windows Mobile 6.1 or later versions.

The Autodiscover service also allows clients to get access to the various features of Exchange server while connected. Using the user’s email address and password profile the Autodiscover service provides profile settings for Outlook 2007 and Outlook 2010. It can also leverage the domain accounts of clients that are joined to domains.

Some of the benefits of using the Autodiscover service include the time savings and often cumbersome process that email Administrators had to go through when configuring user profiles manually for Exchange 2003 SP2 (or earlier) and Outloook 2003 (or earlier). Further adding to the sometimes moribund tasks that administrators have to periodically perform was also the fact that if changes or updates were made to any of the users’ profiles then the process would have to be repeated manually to reconfigure those profiles. Without these manual changes administrators would run the risk of Outlook clients no longer working in their normal manner.

Continue reading Outlook and Autodiscover Errors

Email administration can involve a variety of tasks. Some of these tasks are complex while others are fairly mundane. Oftentimes administrators have to support memory problems; sometimes it is configuration issues and settings, while other times it is underperforming or, at worst, non-performing clients and servers.

One of the easier issues an administrator has to support is the problem is space allocations in regards to disk or file space. On a system of limited disk space this can be a minor challenge. Conserving space on a hard disk will require the administrator to delete unwanted or unnecessary for business items from the various dot pst (.pst) and dot ost (.ost) files.

But if all your data resides on an Exchange server then this process in not needed. Most often, though, the relevant user data can be found in personal folder files such as the dot pst files. These files can be found by searching for files with the dot pst (.pst) extension. Outlook data items such as email messages, tasks, contacts, etc. reside within the dot pst files.

Once the non-critical information has been deleted then the administrator can begin the process of compacting the files which will reduce the size of those files and thus free up critical space on the system.

Continue reading Delete Item Space in Outlook