Best Practices: Emailing on the Go

Posted on June 4, 2013 by Barry Shurtz

I’m adding a new “Best Practices” category to the Sendmail Blog. Every week or so, this is where we’ll address many of the challenges posed by emailing in today’s world. This week, I’m going to look at email and travel.

Thanks to smartphones, it’s easier than ever to take our work on the road. We can email colleagues, clients and partners to delegate, respond, and simply remain a part of the conversation from virtually anywhere. The problem is, emailing on the go can also create some headaches.

Thankfully, with the proper settings, this should no longer involve the painful synchronization and other issues that plagued us when mobile email first arrived. But there are plenty of challenges still to be had. These include:

  • The mixing of work and personal messages and accounts

While all the smartphones I know of let you select which account to send email from, it’s easy to forget to make the switch. The result: business contacts respond to the emails you send from your personal account and then start emailing you there regularly. Besides the embarrassment of having to ask them to stop emailing your personal account, there’s the added risk of missing important messages or not remembering to check your personal account when scanning for business emails later. Some may choose to prevent this by emailing personal contacts from their business account, but I was never comfortable with this. The best solution, for me, is simply to refrain from emailing my personal contacts during my work time, and not emailing business contacts during my personal time. Not only does it keep all my messages in the right place, I’m better able to maintain a healthy life balance.

  • Emailing with distractions

You’re on the road. You can’t help but email from airports (and airplanes), shuttles, hotels and restaurants. But at some point, it’s a good idea to check your watch, look around, and decide whether it’s time to stop checking your email. If you’re relaxing with a beer in the bar, you’ve already pulled out of work mode and are at risk of sending an email you’d never send from your office during the day. Or, you may be in the hotel lobby having issues with check-in. Now is not the time to email! Wait until you are comfortably in your room to avoid subjecting your email contacts to undue frustration or anger.

  • Sending emails too quickly

We’ve all either sent or received emails that created some unintended confusion or resentment. Mobile compounds the matter, because it’s so easy to fire off rapid responses before thinking them all the way through. Every email should be reviewed to ensure it passes the “What if someone sent this to me?” test. If there’s any chance of the recipient misunderstanding the message’s content or misinterpreting its tone, either fix the problem or consider picking up the phone.

  • Reading emails too quickly

Quickly eyeballing your emails as you’re boarding a plane or hopping out of a cab may keep you in the know up to the very last minute, but it can also cause you to misread an email or miss whole bunches of them entirely. Being hurried and distracted can also make it easier for hackers and cyberthieves to lure you with their phishing, malware, and other attacks.

What email issues do you encounter while on the road? How have you

Posted in Barry Shurtz | Tagged , | Leave a comment

Friday afternoon musing on mobile apps

Posted on May 31, 2013 by Barry Shurtz

As someone who’s often working on the road, I’m always on the look out for great mobile apps and thought being Friday afternoon and all that I’d share the few I’ve come to rely on:

1. Email Management:

Mailbox from Orchestra is an app that’s been generating quite a bit of buzz, and with good reason. I’ve had years to perfect my email management skills on the desktop, but managing my mail on the road was a constant challenge. With Mailbox’s elegant design, you can easily skim messages—archiving what you want, deleting what you don’t—all while staying on top of emailed conversations I need to be a part of now and “snoozing” those I don’t. The biggest caveat: it’s only available for Gmail, but other platforms are coming soon.

2. Task Management:

My life is ruled by lists—for work, home, shopping, travel. And while I’ve tried a number of apps, nothing ever seemed to improve upon old-fashioned pen and paper. That changed with Clear from Realmac Software. Clear succeeds where others don’t, because it’s even easier than pen and paper. The app boasts an all gesture-based interface. Instead of buttons and drop-down menus, all you have to do is swipe, pull, and pinch to get your tasks under control. Now, my to-do list no longer has to include managing my to-dos.

3. Storage:

Just about everyone uses Dropbox, but do you have it on your phone? Dropbox Mobile is a must-have app for storing files and collaborating with colleagues while on the go. No more emailing heavy documents back and forth or wondering if you really are working with the latest version. And it comes with two gigabytes of free storage.

4. Travel:

For those of us who don’t have assistants (or aren’t quite comfortable with depending on others to manage our arrangements), KayakPro Mobile is a great way to find the cheapest flights, hotels, and rental cars while managing itineraries and tracking flight statuses—without the annoying ads. It even comes with handy tools like baggage fee calculator and terminal maps for 100+ airports.

5. Outdoors:

One of the great things about working on the road is the road doesn’t always have to be paved. Whether I’m out hiking the trails or fishing the lakes, the Trip Journal is a great travel app (ranked #1 by Google) that lets me document my outdoor experiences and share them with friends, family, and, ahem, envious co-workers. With Google Earth integration, I can show travel routes, waypoints for visited locations, and trip stats such as distance and time—all with content sharing across Facebook, Flickr, YouTube, Twitter and more.

What are some of the great mobile apps you use?

Posted in Barry Shurtz | Leave a comment

Phishing: DMARC to the Rescue

Posted on May 10, 2013 by Gregory Shapiro

Here is something you need to know.

DMARC, or Domain-based Message Authentication, Reporting & Conformance, is a new standard for email authentication. You will appreciate it for two reasons: it will protect your email and it will protect your brand.

DMARC does this by not only preventing phishing attacks from entering your organization but also defending other organizations against spoofed emails that appear to come from your company. Already 60% of the world’s mail boxes—nearly 2 billion accounts—is protected by DMARC.

According to the latest Phishing Activities Trends Report from the Anti-Phishing Work Group, there were 28,195 phishing attack campaigns in December of 2012 alone. That’s because, as unfathomable as it may seem to many of us, phishing attacks work. Even savvy users are sometimes caught off guard and tricked into giving up account, password, financial and other personal data.

Emails are also easy to spoof. Sometimes all it takes is inserting your company logo in an email to dupe recipients into thinking they’re dealing with your business. Not only does this reflect badly on your brand, it can disrupt legitimate communications due to customers who are now wary of any email that comes from you. But with DMARC, senders and receivers work together to protect both users and brands from harm.

How does DMARC work?

DMARC allows senders to indicate their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes—such as “junk” or “reject the message”. DMARC removes the guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to fraudulent messages. DMARC also allows email senders to request reports for messages that pass and/or fail DMARC evaluation.

For example, if user@yahoo.com gets a phishing message purporting to be

a bank account notification from account_alerts@toobigtofail.com, Yahoo! checks the bank’s DMARC policy to see whether the message should have been DKIM signed and, if so, verifies the signature, and/or checks SPF to make sure the sending system is listed in the bank’s SPF record. If any one of these checks fail, Yahoo! will obey the requests of the sender’s DMARC record which can request a failure report as well as specify the action to take (e.g., reject, quarantine, etc.).

This will require some rethinking in terms of how messages are sent by third parties such as Marketo and Salesforce, but with Sentrion, customers can “glue” together application email generated on-premises and in the cloud. This allows your messaging team to take over all email being sent by the organization to better control your brand.

Sentrion customers already get DMARC support for outbound email, which provides for specific policy handling from recipients for email that is not properly authenticated as long as DKIM and SPF are deployed. In the future, Sentrion will also support DMARC for inbound email, which will allow customers to apply policies requested by third parties to email entering their backbones that cannot be properly validated.

What do you think about DMARC? Have you already begun leveraging it in your organizations? Please weigh in below.

DMARC State of the Union: Thursday, May 30, 2013 10:00 AM – 10:45 AM PDT

Register here.

Posted in Gregory Shapiro | Tagged , , , | 1 Comment

Cloud-Email and the Risk of Data Exposure

Posted on April 18, 2013 by Barry Shurtz

Of the concerns people have about cloud security today, data control and data loss rank high—just second behind BYOD according to Infonetic’s April 2013 report. No wonder the market for cloud-based security services is growing at 69%.

Data control and loss is top of mind at Sendmail, too, where we recently announced new products and services to help large organizations securely move and keep email safe in the cloud.

Despite the popularity of texting and social networking, email remains the preferred method of communication in the enterprise, transporting not only the data within the messages themselves but via the attachments they carry with them.

Not only is this a ton of data, most of it is considered sensitive.

So what happens when all this email data is moved to the cloud? What are cloud providers and security vendors doing to secure it? Should businesses be concerned?

Most definitely yes.

Instead, many businesses are rushing to email-in-the-cloud without taking a fresh look at how to keep sensitive data from getting into the wrong hands—whether its unlawfully transferred, stolen, or simply accidentally sent where it shouldn’t have been. This is a mistake, because the migration of email to the cloud requires proper planning and new methods of management.

If your organization is thinking about making the move to cloud-based email, here are some things to consider:

  • Keep high-value email user accounts on-premises, maintaining strict management and encryption of their message flow, while allowing rank-and-file users onto the cloud where most providers don’t have the robust policy engines or TLS, S/MIME and other message encryption required to ensure the strictest level of data security.
  • Even the basic policy enforcement and spam filtering offered by cloud providers may require access to your Active Directory and other LDAP sources, which creates security and privacy concerns.

  • Identify which applications can’t be run in the cloud as they require access to data that isn’t exposed to the Internet.
  • Unless you go private, the cloud is a publicly shared resource using shared resources and comingled databases and logs, which means forensics, log data, auditing, messaging tracking and other features you get on-premises either aren’t available in the cloud at all or can take days to request it from the cloud service providers.
  • A company may feel comfortable with and trust their cloud provider after doing their due diligence, but cloud service providers often have a multitude of partners (data center partners, storage and back-up for example, who they themselves have partnerships with). Businesses need to have a complete view of the entities that their data may be exposed so they can make informed decisions and reduce their risk exposure when moving email to the cloud.

Sendmail, and our cloud partners, provide enterprises all the necessary tools, services and expertise to help them reap the benefits of the cloud while minimizing the security risks of moving email to the cloud­–check out our recent press release summarizing how we are helping Fortune 1000 companies do just that.

Posted in Uncategorized | Tagged , , , , | Leave a comment

Happy ‘Phish Friday’

Posted on April 12, 2013 by Barry Shurtz

Last week Sendmail customer EMC warned businesses that Friday sees more phishing attacks than any other day of the week.

It seems hackers and scammers have their own twisted version of ‘TGIF’.

While it may not be especially surprising, EMC’s warning reminds us just how cognizant cybercriminals are of end user behavior, and how good they are at capitalizing on it.

After all, when is someone at work most likely to open up an email designed to dupe them out of passwords, financial and other info? When they’re whiling away those last few hours before the weekend. When work is either completed or pushed back in favor of sharing videos, images and memes with friends.

Fridays, phishers know, is when employees are “less on guard” and “more likely to check out a link someone emails to them,” says EMC’s Jason Ward. I imagine this is especially true of malicious links sent from hacked accounts that recipients recognize as trusted contacts.

In addition to making sure your employees are on their guard, we recommend checking out our new Sentrion URL Filtering application, (PDF file) which scans email messages for embedded URLs pointing to malicious sites. The app complements existing anti-spam and anti-virus technologies to combat the blended threats, which use email and a combination of viruses, worms, Trojan horses, malicious code and social engineering with server and Internet vulnerabilities to create rapid and widespread damage.

In addition to classifying links by site content or threat type (i.e., offensive, malware, phishing, etc.), URL Filtering provides configurable actions on messages, such as stripping attachments containing links to known malware distribution sites or creating compliance events if links to an unauthorized site are detected.

So be it Monday, Wednesday, or Phish Friday, your business and your employees can be protected.

Posted in Uncategorized | Tagged , , | Leave a comment

Three Clicks Away from Adult Content?

Posted on April 5, 2013 by Barry Shurtz

A recent study conducted by Kaspersky Lab suggests children on YouTube are just three clicks away from playing videos featuring nudity, violence and other adult content—even if they’re watching clips from such G rated fare as Sesame Street or Dora the Explorer. The culprit, Kaspersky says, is the list of suggested videos that automatically appears alongside the video that’s currently playing.

It’s terribly worrisome. But is it surprising?

For many of us, accidentally stumbling upon pornographic content can be a daily occurrence. Some of the most innocuous Google searches can unexpectedly produce the most disturbing images imaginable. And while we know enough not to click on the spam in our junk folders, usually the headers alone are far more than we ever care to see.

Of course, we worry most about the children. But adult content in the workplace creates its own special set of distractions, liabilities and other headaches. Even security is a concern since pornographic material often comes coupled with malware, phishing and other scams.

It’s something Sendmail has been addressing for sometime through our Enterprise Anti-Spam and Sentrion URL Filtering Applications, which prevent adult and potentially harmful emails from ever touching your messaging infrastructure. These apps can be combined with our Sentrion Application Store Partner Image Analyzer to create a strong line of defense against both pornographic images and video.

Image Analyzer is an innovative piece of technology that works by isolating areas of the image that fall within the range of human skin tones while evaluating size, curvature and edge for a highly accurate compositional analysis. It works with all our Sentrion email routing and security products for seamless management of all your filters, policies and message handling. And it’s highly customizable: scanning thresholds, size constraints and engine settings are all adjustable.

Once messages have been deemed offensive, they can be forwarded for HR review, stripped of content, blocked altogether, and much more to prevent and address both a user’s deliberate and non-desired exchange of adult content.

It’s just one more way Sendmail Sentrion works to make email work…for you.

Posted in App of the Month, Barry Shurtz | Tagged , , , , | Leave a comment

Sendmail Announces New Solutions for Smooth, Secure Migration to Cloud-Based Email

Posted on April 2, 2013 by Barry Shurtz

Today we officially announced the email management products and services we created specifically to help enterprises address the security, compliance, IT and other risks that come with both moving email to the cloud and keeping email in the cloud.

While more enterprises are finding it hard to resist the cost-savings benefits of migrating on-premises IT solutions to the cloud, but as our VP, Cloud Enablement and CTO says in today’s announcement, “For larger globally distributed organizations, there are myriad of security, compliance and management risks” that accompany the move. Gartner, too, warns that the decision to move email to the cloud “is far more nuanced and complex than it might initially appear.” This is especially true for hybrid cloud architectures, which we and other experts agree is the only way to go when it comes to messaging infrastructure.

That’s why our Cloud Messaging Architecture Review is listed at the top of our new product and service offerings. Combining tools and consultative services, our Sendmail Messaging Architects are here to help organizations evaluate their current messaging infrastructure, assess needs, and properly plan their migrations for optimal configurations that meet all scalability and security requirements—including those many IT organizations simply aren’t aware of.

We also offer a new Private Cloud Managed Service, a complete custom configured suite of private cloud products and services for total email security, hygiene and backbone based on our award-winning Sentrion Email Integration Platform.

Our new cloud offerings also come with a set of Mimecast-powered applications for Email Archiving, Continuity, and Security, as well as our new Sentrion Rogue Email Application Control (REAC), which addresses the growing risks posed by machine-generated messages.

Altogether, these products and services combine to make your transition to the cloud both smooth and secure. Without a properly planned and managed migration, the cost-savings benefits of cloud-based email can quickly turn into a larger expense your organization might not be able to see… or afford.

Posted in Cloud, SMI Product Announcements!, Sentrion Cloud Apps Powered by Mimecast | Tagged , , , , , | Leave a comment

Phishing: Preparing Your Last Line of Defense

Posted on March 20, 2013 by Barry Shurtz

You’re hurried. You’re under deadline. Clicking, clicking, clicking away at your keyboard. You can hit the backspace after every typo, but if you accidentally click the wrong emailed link, there are no second chances. You’ve just fallen prey to a phishing attack.

Depending on who you ask, phishing costs about $500M (Consumer Reports) to $3B (Gartner Research) annually. The latest report from the Anti-Phishing Working Group shows the number of phishing campaigns is declining. That’s good, right? Wrong. Hackers are moving away from mass phishing attacks in favor of spear phishing attacks, which yield a much greater open rate because people are more likely to trust the sender.

Email management providers like Sendmail can help tackle the problem with anti-spam/anti-virus, authentication, URL filtering, and even big data analysis. But ultimately the success of a phishing attack will come down to the end user. Will he or she recognize the attack?

There are ways you can train your employees to be as security-minded as your security officers. Consider:

  • Tapping outside consultants for monthly (for large enterprises) or quarterly (for small businesses) training sessions that update users on all the latest threats they can expect to encounter now and over time
  • Creating and instilling mandatory reading of Security Threat Watch memos that copy users on the latest scams
  • Instilling clear disciplinary action for failure to identify, rebuff, and inform the organization of attacks as they’re discovered
  • Gamifying behavior modification by sending inventive phishing attacks of your own—reward those who rebuff your attacks, require additional training sessions from those who are duped by them
  • Working with your HR department to incorporate computer security into the required skill sets of those being hired as well as to

Technology and innovation goes a long way in securing your network. But when it comes to your last line of defense, the best way to protect users is to show them how to protect themselves.

Posted in Barry Shurtz, Email Security, Spam | Tagged , , , , , , , , | Leave a comment

Making Email Work Better

Posted on March 11, 2013 by Barry Shurtz

In a previous post, I shared some thoughts on how users can help overcome email overload by adopting better habits on both the sending and receiving ends.

But a big part of taming the beast is making it happen before it gets to the end user in the first place. You may be surprised to know that here at Sendmail, getting the inbox under control is a big part of what we do. But it’s not just about reducing clutter. It’s simply making email work better.

Cutting out spam (pdf) is the biggest problem, and one we do well—as much as 99.7 percent of incoming spam can be stopped dead in its tracks with our advanced filtering technologies. The effectiveness in our ability to block spam is equaled by our ability to eliminate false positives, which can prevent the delivery of important messages and quickly put a damper on your work day. With our Sentrion Trustphere (pdf) application, we can protect legitimate senders and make sure their messages always get through. This means you don’t have to waste time chasing down emails in the Junk folder, asking colleagues whether or not they got your email, or completely dropping the ball on a project.

Another way we make the inbox work better is through our Sentrion Strip and Link app, which automatically removes attachments from emails and replaces them with a link to the cloud where they can be accessed from anywhere. How many times have you been on the road, unable to access an attachment stored in your desktop email? With Sentrion Strip and Link, you can access those documents and other files anytime and from anywhere you want. And with our new Email Archiving and Email Continuity capabilities, powered by Mimecast, you can access the emails themselves—anytime, anywhere and even if your email is down.

But there are even more ways we make email work harder for you. Have you ever clicked send only to regret it seconds later? Perhaps your email could have been worded better. Perhaps you weren’t even done working on it. Perhaps you accidentally sent it to the wrong person. With our Sent-by-Mistake Prevention App, (pdf) which adds an automatic lag time after you click send, you get a second chance. Not only are you protecting yourself against embarrassing gaffes but also information leaks that could land you in even hotter water.

Together with Sendmail on the backend and better email management on the user end, email can work better. And when email works better, you can work better, too.

Posted in Barry Shurtz, Sentrion Cloud Apps Powered by Mimecast, Spam | Leave a comment

Another Record Fiscal Year for Sendmail

Posted on March 5, 2013 by Glen D. Vondrick

In case you missed it, we recently announced four consecutive quarters of profitability for another record fiscal year.

How did we do it? What did it take? Just hard work, smart people, and solid products meeting real needs.

We experienced sales boosts all around the world. We enjoyed another record sales year in Japan. Our customer base continues to grow across many industries—especially financial services, technology, government, and telecom.

But the best is surely yet to come.

Why? Because, we are the only company doing what we do. We’re the only company delivering certain must-have solutions to real-world problems in messaging infrastructure. And while email’s been around a long time—while our options for communication and collaboration have grown—email is still a critical component of doing business. And it too will continue to grow, in terms of both volume and function. As social media, the cloud and mobile forever evolve the way we communicate, email too is evolving with Sendmail’s help to meet new needs.

A big part of our recent success is new customers. But as a sign of email’s evolving and deepening role in the enterprise, existing customers aren’t just renewing their contracts. They’re also deepening their commitments to Sendmail, adding to their investments in our Sentrion Email Integration Platform and indulging in more of our best-of-breed partner offerings in the Sentrion App Store.

Another driver of Sendmail’s momentum is our customer response to the new

Sentrion Rogue Email Application Control (REAC) product, which resolves the security issues large and regulated organizations are starting to experience as they begin moving email into the cloud.

And let’s not forget our new Sentrion Cloud Services, powered by Mimecast, which differentiates us as the only complete enterprise-class hybrid-cloud solution for managing both on-premises and in-cloud email—an architecture many experts are now saying is the only way to go.

And so away we go. On to 2013. On to new accomplishments. And on to another great year helping our customers manage the ever importance of their email systems.

Posted in Glen D. Vondrick | Leave a comment