January 2019 Service Management Improvements

We are always looking at ways to improve our services, the delivery of them and how users can interact and manage them.

The current situation

We are aware customers currently have an ad-hock access to a portal on our website to see CDRs (Caller Display Records), IT Documentation, Agreements and more. But we feel this access is not good enough and does not give the best information.

So what have we done and why?

Due to this we decided over the Christmas period to correct this throughout the year, and we are starting with telephone services and internet connections.

We have invested in a new telecommunications billing and reporting platform. We have done this as we have the goals of: –

  • Providing a dynamic reporting platform for clients
  • Standardised billing date for communication products
  • Enable single invoice per month for all communication products and call charges
  • Reduction in manual tasks making things quicker and more accurate

When will this be operational?

The new billing and reporting platform for communication products is live now! But this is not released to our clients yet.

We are currently running the system in parallel with the existing system to make sure all dates, periods and payments match up. We have imported all Decembers information and have the system running side by side with the existing system until March.

The aim is that starting in March we will swap completely over to the new system. So in March you will find that no matter what date your current service is, this will not change; but the invoice date might.

For example, lets say you have a PSTN line, FTTC connection and SIP trunk with the following dates: –
PSTN Rental 08/03/2019 – 07/04/2019 — Included in March Invoice
PSTN Calls 08/02/2019 – 07/03/2019 — Period will change to 10/02/2019 – 09/03/2019
FTTC Connection 25/02/2019 – 24/03/2019 — Will be invoiced in March instead of February
SIP Trunk 07/03/2019 – 06/04/2019 — Included in March Invoice
SIP Calls 07/02/2019 – 06/03/2019 — Included in March Invoice

The reason with the above examples there have some changes is due to the dates we will be running the bill cycles on. From March we will be making sure all external service reports are imported into the new system on the 10th of every month with invoices being raised on the 15th.

So any service that starts before the 16th and PSTN calls up until the 10th will be listed in that months invoice. As you are only getting one invoice for communication services you will now only get two emails; one for the invoice and one about the direct debit payment.

A Month to Celebrate!

December is an exciting month for us at Strobe Technologies, not only due to Christmas.

On top of the main event of a slower pace and time of with our families ready for the jolly man in a red coat. This month now holds two other reasons to celebrate!

Strobe Technologies was started by our director Robin back in 19th December 2008 meaning it is the 10th anniversary of Strobe IT.

To top this wonderful news of 10 years, our director is now expecting their first child mid next year!

From all of us at Strobe IT, we wish you have had a wonderful Christmas and we wish you a happy new year.

November 2018 Office 365 Email connection Issues

Today we are experiencing connections issues with Microsoft’s Office 365 platform for emails. This is the first big problem we have experience with the platform that has effected users for a long period, and we can assure all our customers this is being worked on.

At around 10:00 UTC Microsoft raised an alert in our control panel saying that the they have an unconfirmed potential issue with Exchange (Email side of Office 365).

By about 11:35 UTC Microsoft confirmed there is a end user connection issue to the Exchange infrastructure and they are investigating how many people this is affecting and looking for a solution.

The latest update we have had was at roughly 13:00 UTC from Microsoft saying they have re-routed network traffic through different servers which should start seeing peoples connections come back online shortly while they fix the servers that are causing the issue(s).

If you still have issues with your system please get in touch with us so we can investigate these for you.

Xmas 2018 Opening Times

The festive season is here, and we are starting to get everything in position. From the xmas jumpers to required cover for our clients.

This year we have as normal contacted our Managed Service Clients and retrieved their opening hours. Using this information we have then scheduled engineer availability around this.

In the past this has worked well, but does not give us much time off for our loved ones, so we have a slight difference this year. We will not be manning the phones during our Christmas Cover days, instead we will be monitoring our voicemail service and getting back to service affecting issues asap.

The difference will not be big to our clients but massive to us! Doing this we are able to relax but have our phones and laptops with us ready for an alert instead of waiting by the phone begging for something to do!

To see our Christmas service times please use the following links below: –
December
January

Email Security Hardening

On a daily basis we are looking at many email issues from spam, viruses, spoofing and more.

As part of this constant stream of work we are always looking at ways to improve how this is handled, and the security offered to clients.

Incoming Mail Improvements

We are adding new rules and training the platform all the time to detect spam and stop these messages getting into your inbox.

But we have recently made some big changes to the platform giving us better flexibility and customisation for your business. This is done in the form of profiles, and each customer now has their own profile meaning we can almost tweak everything to your needs.

An example of things that can be customised for your business via a profile are: –

  • Anti-spam actions [Delete, quarantine, tag, etc]
  • Dedicated Blacklist, not to be confused with RBLs which are also known as blacklists. This is one we control!
  • Dedicated whitelist. We do not like adding items to this as it means they are not scanned for any form of spam or virus.

Outgoing Mail Improvements

We have in the past added some outgoing protection, like anti-spam and anti-virus. But this has always been our weakest point, until now….

Scanning Systems

Our scanning systems now do not just scan email you send and make sure it is not spam or contains a virus, and deletes them but actually informs you of this in the way of a bounce message.

Our scanning systems also make sure your content typed in messages do not match our DLP (Data Loss Prevention) rules. If  message does get flagged for this we are alerted so we can contact your business to discuss the issue and resolve.

Authentication

We now no longer just authenticate your businesses server via your location, but we have now started authenticating with location and email address of sender. This means that only people from your business with a business email can use our system to send messages via our filtering system.

Policy Records and Reporting

We have for awhile now publish SPF (Sender Policy Framework) records, and digitally signed emails with DKIM. But we have found this is not enough to stop people spoofing emails as not everyone listed to these rules.

Earlier this year we started publishing DMARC rules to say apply the SPF and DKIM where you can, but without any reporting we could not see if this had improved the issue or not.

We now have a new DMARC Reporting platform which we have used at the start of this month to harden our published DMARC rules informing people to apply SPF and DKIM strictly and reject any messages which do not match.

This all sounds good, but what is best of all is we have added rules to DMARC for recipient servers to report back to us meaning we can monitor if your messages are delivered or not and if anyone is trying to spoof you and from where.

This has been so successful we have already seen improvements in mail flow and a reduction in spoofing. Unfortunately any business with no email protection on it will still be hit as they have nothing to apply these rules.

Summary

As you can see we are always aiming to improve our services, and this is a good taste of what has been done as of late.

If you are having email issues, why not look at taking up our spam filtering and protection service?

October 2018 3CX Updates

Improved Password Security

As part of an improved drive to protect your telephone system from abuse the latest update has stronger password policies with a built-in compliance checker.

To take advantage of this additional security position we will soo be informing the system to regenerate usernames and passwords for accounts that do not meet these requirements. Once your account has been regenerated we shall send you a new welcome email with these details.

SSL Security Updates

In the next month 3CX will be updating the security certificates on their servers, required for secure communication with 3CX. This means that we will need to go to update 6 as soon as possible. 3CX continue to add many security features under the hood to ensure safe operation of the PBX and secure communications.

Faster Smartphone Apps with Improved PUSH

The PUSH functionality for the iOS and Android smartphone apps has undergone major improvements. It is now much faster and more reliable.

Web Based Softphone

Now you can make phone calls right from your browser without even installing a softphone. The new update integrates a WebRTC softphone in the webclient. As this feature is still in beta, it needs to be enabled from the management console. If you would like this feature enabled please raise a support ticket requesting this. The web client will then have an additional phone option under the phone icon in the top right corner, as shown below.

Other Features

There are many other smaller improvements like new compatible phones, QR Code support for setup etc; but nothing that should effect your use of the system.

19 September 2018 BT Email SPF Error

Since about the 18th September 2018 BT have been having issues with emails being delayed for hours or not being sent at all!

We have now seen this first hand as customers are coming to us asking why this is happening.

Looking at the issue our mail servers are informing us that BT are failing SPF checks. These checks are sender policies checks, and the policies are created by BT and published to the internet for mail servers to use. Basically these policies state who is and who is not allowed to send using a BT address, and if someone not on this list tries they are a spammer.

This being honest seemed a little odd, a big company like this having all the tech guys they have getting something so simple wrong. So I manually checked against a couple of emails myself…

And BT have the wrong policies listed on line compared to what servers are trying to send emails as BT address like @btinternet.com

Having a quick search on the internet I found my good old Downdetector site which shows others stating the same too.

If your a BT customer and using their email platform, don’t expect people to receive your emails for a long time; and to our clients we are sorry but this is a BT issue that only they can solve as they write the policies our system(s)s stick to.

*** UPDATE ***

On 24/09/2018 we have looked at this issue again as we are still getting delayed messages or bouncing them due to SPF failures.

We have found that BT look like they now have correct record, this record calls multiple other records which do validate the recent sender servers but we are still rejecting them.

We have found that a DNS change or something from BT has not been accepted or read correctly but some DNS Services causing a time out looking up and reading all the SPF records.

This delay in reading all the records meant a match was not found and the fail command as specified by BT was actioned.

We have now corrected our services and hope this information helps others.

Greylisting Relevant or Dead

What is Greylisting?

For email security professionals they will know about greylisting and how this is similar to a blacklist. But unlike a black or whitelist this is a temporary listing making the sender send the message again to prove they are real.

How does Greylisting work?

Greylisting is a extremely clear and basic way of stopping spam coming into your business. I say this is a simple protection method as it works on the sending address and the sending server address only.

If a sender sends you an email for the first time this message will be bounced back with a temporary email error message to the sending server only, that server will be informed to try again in X minutes. Once the same server tries to send the message again the system will see this attempt and give it the all clear and allow receipt of the message.

As mentioned above, this is not just the senders address, but also the senders server address that is looked at. So if a company has two different sending servers for email then the message has to come from the same server else it will be bounced again.

Once the Greylist has been accepted this is added to a temp database for a period meaning emails from that combination will no longer be greylisted until the period has expired.

The reason this works so well is spammers generally do not use servers to email, they use scripts and other methods. As these methods do not store information and do not have the ability to retry once greylisting happens the message never gets through.

What’s the problem?

The issue is actually down to progression of email systems and trying to make them accessible 24/7. Most companies and online services like Microsoft’s Office 365 or Google’s GSuite have multiple outgoing servers to get around blacklists, server outages etc.

Having these multiple outgoing servers resolves many issues, but with greylisting this could delay emails by days as it bounced from one sending server to the other.

Conclusion

Greylisting is a wonderful idea which stops a vast amount of spam with not much overhead to spam systems. The problem is, with new services and the need for email now; this technology is showing it’s age.

Personally I would like to see this technology rise like the phoenix and once again help fight spam, but for the moment this technology is not used by us.

September 2018 Return of the Spoof

Email spoofing used to be a thing of the past, but it is back!

The basic’s of email spoofing is to send an email from address A, but make it look like it was send from address B. This was stopped by a lot of technologies like SPF, DKIM and DMARC.

Unfortunately a newer version is hitting at present, and this is currently hard to stop.

What is the new version?

The idea is the same, but instead of pretending to be from a different address they are using just the name.

As an example, I might send an email from my account of johndoe@example.com which normally has my name of “John Doe” attached.

What the spammers are doing is sending an email from fakeaddress@someonesdomain.com but providing the name of “John Doe”.

People see this email is from “me” and hopefully trust it and click on the link provided etc…

How can we spot this?

This is very easy to spot if we all take just 5 seconds to look at the email. Here is a sample email we actually received. (Actual real names/address removed, but spammer stuff remains)

Fake Email printed via Microsoft Outlook

Hopefully after my brief description above you have already spotted the main way of telling if an email is spoofed or not. If not, do not worry as below we shall go through this in full detail.

As with above, here is the same email with some coloured boxes over certain areas. These boxes explained below the picture show how we know this is a spoof.

Fake email with errors highlighted

Blue shows part of the from field on an email, this part is the name of the sender. In this case saying John Doe which is the spoofed information.

Orange shows us the section of the email before the @ symbol. In the from field of the email it states it is jifitzgerald where the signature states it is JDoe. The from field shows the real sender of the message which is clearly not JDoe.

Yellow shows the senders domain name (section after the @ symbol). If you look you will see in the from field is shows us it is roofwcohd.com, but in the signature they are saying it is realcompanydomain.co.uk. Once again these do not match and the from field is the actual sender.

Red shows the senders signature. I know the spoofed sender John Doe, and due to this I know this is not his email signature. Knowing your contacts and what they normally send is an extremely good giveaway that this is fake.

Green shows the information the spammer wants me to access to infect my machine with a virus or other form of malware. This is another big giveaway as the link is to a service that John Doe does not use or has nevered used in the past.

What is being done to protect us?

Customers who have our spam filtering system at present will hopfully see less of these due to the protection systems we have in place. We are always working to protect people on our platform from receiving these emails.

Unfortunately, if your name is being used to spoof others we do not have a way of stopping this has your name has been captured by the spammers in one way or another. Hopefully the phase of using your name will pass as spammers move on when people learn.

September 2018 Spam Blacklists

What are blacklists?

There are many blacklists around the world, and these lists are used reduce load on email systems and improve spam, virus and email garbage detection.

Unfortunately, these lists are not perfect as some list the sending server, others list the senders domain etc. So if you share an email service with a spammer you could be listed by mistake.

So basically a blacklist is a list of email servers, domains and people who have been reported to have been sending spam, viruses or similar content.

Improving the results

We are always looking to improve the results of blacklists by contributing back to them, and companies doing this help improve spam detection without the need of many complex detection rules.

Due to many shared platforms like Office 365, Google, GoDaddy and many other major hosting companies. These blacklists do capture good emails as well, as they could be sharing the same resources as a spammer.

For September we have introduced a big upgrade to our spam service. This upgrade splits all our clients into profiles. These “profiles” enable us to apply filtering settings to just your emails only. As part of these settings we now have white and black lists for each client enabling us to improve results.

Our platform and service will still have global blacklists we use, as well as the hundreds of rules we are always improving. But now we also have our own blacklists and more importantly a whitelist on a per customer basis.

How does this effect us?

Our black/white lists have the highest priority when classifying emails, meaning what we say is final.

If you look at our email detection now, we have the following priority: –

  1. Strobe IT Blacklist/Whitelist
  2. Global Blacklists
  3. Detection Rules

With us having the overriding say it gives us flexibility to aid you greater were a client might be using the same shared platform as a spammer meaning we can add temporary whitelists for them and more.

Who is responsible for getting off Strobe IT’s blacklist

Where a traditional blacklists is 100% down to the sender to resolve, we are not that strict. We understand that not all senders realise they are on blacklists that are otherwise known as “RBLs”.

If a client of ours has an issue with a customer being listed we will accept communication from them to get this looked at and possibly removed.

Unfortunately we still do not control all blocklists out there and suggest anyone using email should always work to stay off the following lists: –

« Older posts