PDA

View Full Version : Important E-mail security measures... PLEASE READ



ShoppePro
04-27-2008, 11:10 PM
************ IMPORTANT - PLEASE READ ******************

Someone on one of our servers was recently the victim of Email Forgery. This happens when Spammers get a hold of your domain, and sends out hundreds and hundreds of spam emails in YOUR name. They will use email addresses associated with your domain name that may or may not exist, to send out email (i.e. fhasodiufg@yourdomain.com). They will use your mail account to send out spam to other harvested email addresses. (*Read note about Spam at the bottom of this page*)

This Email Forgery practice can get good servers like ours blacklisted as SPAM from major email providers such as yahoo, aol, msn, hotmail, etc.... This could prevent EVERYONE on our server from being able to send out mail.

--------------------------------------------------------------------------------

PLEASE TAKE THESE IMPORTANT STEPS TO PREVENT THIS:
Enable "Email Authentication" (DomainKeys and SPF) on your accounts.

- Log into your cPanel
- Under Mail, click "Email Authentication"
- If DomainKeys says Disabled, Click "Enable".
- If SPF says Disabled, Click "Enable";.

----------------------------------------------------------------------------------
About DomainKeys:
DomainKeys is an e-mail authentication system designed to verify the DNS domain of an e-mail sender and the message integrity.

About SPF:
SPF (Sender Policy Framework) is an extension of SMTP that stops e-mail spammers from forging the “From” fields in an e-mail. n order to use SPF, the domain sending e-mails must establish an SPF record that is published in DNS records. This SPF record should include the domains of any third-party e-mail service providers. When an e-mail is sent, the receiver's inbound mail server receives the e-mail and checks to see whether the domain name in the "From" field of the message matches any of the domains listed in the sender's SPF record. If there is a match, the mail is authenticated and delivered to the receiver. If there is not a match, the mail fails authentication and is not delivered. If you are using a third-party e-mail service provider to send e-mails, you need to ensure that you post the service provider's domains in your SPF record.

How do I know if I've been a victim of email forgery?
The most common first sign is when all of a sudden you begin receiving an abundance of "Mail Delivery Failed" type emails regarding emails you don't remember sending. If this is the case, contact us immediately and we will investigate.


NOTE REGARDING EMAIL LISTS / BULK EMAIL / NEWSLETTERS:
This is a reminder that when you signed up to host with Shoppe Pro, you agreed to abide by our "AUP" (Acceptable Use Policy) (http://www.shoppepro.com/pages/acceptableuse.htm), which prohibits sending out bulk email without prior permission given by Shoppe Pro. If you are going to send out newsletters or bulk email, DO NOT send it out with your Outlook or other email clients using your domain email address. Instead, please sign up with a newsletter or mailing list provider such as Your Mailing List Provider (http://www.ymlp.com/) or Constant Contact (http://www.constantcontact.com) to name a few. These services already have the necessary legal precautions in place to comply with the CAN SPAM Act, such as the ability for your subscribers to "opt out".


PREVENTING SPAM
"Email harvesting" is the process by which spammers can collect email addresses by running automated harvesting scripts to parse static web pages one by one, looking for strings of characters that appear to be email addresses. Such automatic programs can catch thousands of addresses in a very short time. If you have your email address listed in regular format on your site, it could easily (and probably will) get picked up by a spambot.

How do you protect yourself against spam and email harvesting?
DO NOT PUT YOUR EMAIL ADDRESS IN PLAIN FORM ON YOUR SITE.
Instead of using text like 'Contact us at me@mydomain.com', use your contact form to allow people to contact you instead. Lots of people really want to put their email address on their site, and that's fine. Just be prepared to deal with a lot of spam.

ENABLE SPAM ASSASIN:
There is a program in your cPanel under Mail called "Spam Assassin". If this is not already enabled, I would highly recommend enabling it. This should drastically reduce the level of spam you receive via your domain email accounts.

Thank you for taking the time to read this and I hope you will take these steps to ensure that we all stay as spam-free and whitelisted as possible!

(This will be posted in several boards throughout the forums)

abbykay
05-06-2008, 04:46 PM
Oh WOW! Thanks for the heads up. I will definantely get right on that.

Amanda

14beads.com
05-14-2008, 06:25 PM
All done. Thanks!!

limelizard
05-15-2008, 01:31 AM
I'm all done too. Thanks Karina!!

Naomi

moments2share
08-01-2008, 04:14 AM
OK.....I've got a HUGE ? It may be like the student that doesn't listen? I NEED to send out my Grand Opening notice out TONIGHT! I understand that I can not send out a BULK email to announce that I should use mailing list provider. Members have to sign up first. So......any hints would be good on how to do this please.
Thanks,
moments2share
www.moments2shareandcompany.com

retroboutiques
08-01-2008, 04:31 AM
Sign up for a gmail account at google and send it through there...if you send it through your site email....our host could be shut down for spamming.....or if you have an email with your internet service provider, use that...but I would only do it one time....

LYNNLYNN
08-02-2008, 01:43 AM
MAIL SITES WERE CHECKED AND EVERYTHING IS AS SUGGESTED.

One idea that I will share. I paid the shipping on 100 postal cards that came from Vista Print and mailed those with an opening announcement to my mailing list....cost $26.00 to mail 100 at 26 cents each.
Linda (LynnLynn)

Caps Creations
08-03-2008, 07:18 AM
All done here too!

wendyrvohn@aol.com
08-10-2008, 11:17 PM
I just did this and this is what it says...what happened?
Status: Enabled, WARNING: SPF cannot be used because this server is not a DNS server for oneposhkid.com [?]

ShoppePro
08-10-2008, 11:23 PM
Don't know why that happened. I just "disabled" then went in again and enabled it for your account and it says "Enabled & Active (DNS Check Passed)"

vintageatheart
08-29-2008, 07:42 PM
Karina
Question
I am not receiving my emails from the contact page on the site with the new license. If you email to that address from outlook or somtehing it is fine. Have any ideas?

vintageatheart
08-29-2008, 07:46 PM
PLEASE IGNORE LAST POST!
had an "idiot fit"
L

ScraplessCreations
05-06-2009, 10:01 PM
Changed my settings. Thanks for the info.

crystalsessentials
06-21-2009, 03:21 PM
I'm new to everthing - website, hosting, you name it! I work with a computer all day but feel "technically challenged" with this! LOL. Will do this as soon as I figure out how to setup my email correctly. Question, didn't understand rules 4 sending bulk email. I signed up with YourMailingListProvider but my starter email contacts are friends & their friends (all given to me by my friends) - have a newsletter I want to start sending out - what's involved in getting their "opt-in" authorization & permission from Shoppepro?
Help!

bungalow42
06-24-2009, 11:35 PM
Karina,

I only use the forwarder service. I still enabled this as you asked above, but does it help when you forward mail?

Thanks,

Kelly :)

EssentiallyMeka
05-11-2015, 09:22 PM
This is the message I get when I try to enable these settings (DKIM only) Warning: cPanel is unable to verify that this server is an authoritative nameserver for “essentiallymeka.com”. Can you let me know what I should do?

ShoppePro
05-13-2015, 04:25 PM
This is the message I get when I try to enable these settings (DKIM only) Warning: cPanel is unable to verify that this server is an authoritative nameserver for “essentiallymeka.com”. Can you let me know what I should do?

Hey Meka,

It won't be able to verify that it's an authoritative nameserver for your domain until your point your Name Servers. Right now they're still pointed at GoDaddy's Name Servers.