Skip to content

Category: Email

Backing Up Tons of Email

Published by Will Chatham on 1/18/2009

MailStore HomeI have about a dozen email accounts I try to manage locally with Thunderbird.  By and large, things run pretty smoothly until I need to move it all, as I did recently when upgrading from XP to Vista.

I have been a big fan of MozBackup in the past, but as my email accounts grew and I had more and more email stored in folders, MozBackup started taking a long time to process it all.  After my move to Vista, I realized I had over 2GB of mail backed up, and restoring it from Mozbackup didn’t work.  It recreated all my accounts and folders, but all the folders were empty.

After the initial panic faded, I found some forum threads discussing the manual opening of MozBackup archives and restoration of email.  I finally got it all back, but it wasn’t without more than a few sweat bullets hitting the keyboard.

Since this episode, I have been looking for something to put my mind at ease in regards to email storage, backup, and even reduction. I don’t know why I had never heard of it, but I stumbled across MailStore, which offers a free home version called, get this, MailStore Home.

MailStore Home will back up and archive email from many different clients, including Outlook, Thunderbird, Exchange, GMail, Yahoo mail, and others. At first I thought it was too good to be true, but after installing it I was quickly impressed with the simplicity and ease of use.

I had soon archived my two biggest email accounts, and even burned them to DVD through the MailStore application itself. Knowing DVD’s aren’t indestructible, I also backed up the archive using Carbonite (another of my favorite apps).

Going back into a MailStore archive is very easy, and it lets you read email, open, and even search mail and contents of attachments.

Once I was convinced that I had succesfully archived and backed up all my email, I was able to go through my Inboxes and delete over 1GB of email.  Hopefully, this will allow MozBackup to run more smoothly, if I ever really need it again in the first place.

If you find yourself with an unweildy inbox and a nagging feeling that you haven’t done anything to back it  up, go grab MailStore Home now.

mailStore Home: http://www.mailstore.com/en/mailstore-home.aspx

GMail Vulnerability? Watch Your Back.

Published by Will Chatham on 11/23/2008

I’ve been following the story about the domain name hijacking of MakeUseOf.com the last few weeks with interest.  All signs are pointing to the domain thief having cracked the MakeUseOf.com Gmail account in order to retrieve their GoDaddy.com password and transfer the owenership of the domain.

This is not good for any GMail user, let alone domain name owners who have registered their domains through GMail.

Apparently, this one hacker has stolen over 850 domains this way, and holds them for ransom at $2000 a piece.

The latest part of the saga details how the MakeUseOf.com folks think this happened, right down to the hacking of the GMail account.  If there is indeed a security flaw in GMail, which there appears to be, MakeUSeOf.com offers prudent steps to take in order to secure yourself (emphasis added by me):

(1) Well, my very first advice would be to check your email settings and make sure your email is not compromised. Check fowarding options and filters. Also make sure to disable IMAP if you don’t use it. This also applies to Google Apps accounts.

(2) Change contact email in your sensitive web accounts (paypal, domain registrar etc.) from your primary Gmail account to something else. If you own the website then change the contact email for your host and registrar accounts to some other email. Preferably to something that you aren’t logged in to when browsing web.

(3) Make sure to upgrade your domain to private registration so that your contact details don’t show up on WhoIS searches. If you’re on GoDaddy I’d recommend going with Protected Registration.

(4) Don’t open links in your email if you don’t know the person they are coming from. And if you decide to open the link make sure to log out first.

I would add to that list:

(5) Always use secure, encrypted GMail.  There is an option at the bottom of the main Settings page in GMail for “Always use https” under the “Browser Connection” heading.  Select this and leave it selected!  Otherwise, anything you do in GMail is sent unencrypted over the Internet.  Not good!

Keep in mind that this security flaw not only matters to domain name owners, but to anyone who has any sensitive email in their GMail account, whether it be online banking info, love letters, or whatever.

This will be interesting to watch, and I hope Google takes notice of this.

UPDATE:  This fellow here has posted a proof-of-concept on creating malicious filters in someone’s GMail account.

Captchas. No, I didn’t sneeze.

Published by Will Chatham on 8/29/2008

Are captchas annoying to you?  They are to me.  I probably fail at solving them about 15% of the time, which is far too often for my liking.  They get annoying, and as spammers find ways to automate solving them, the captchas continue to get more difficult to read.

Someone who knows a lot about combating spam, and has done a pretty darned good job at it, Matt Mullenweg, suggests in a recent Guardian article that “…Captchas are useless for spam because they’re designed to tell you if someone is ‘human’ or not, but not whether something is spam or not.”  I would have to agree.

There are many efforts to improve upon Catpchas, such as the 3-D Captcha.  In my opinion, this is just making things more complicated than necessary, and would be difficult to implement easily on a typical blog or contact form.

I run about 6 to 8 blogs (depending on my mood from week to week), and have been reluctant to use Captchas on any of them, partly out of usability concerns, but also because they are so easy to fail.  Instead, for my blog comments, I rely upon Mullenweg’s own Kismet spam system.  This feature is built into WordPress blogs, which makes it a breeze to set up, and I am constantly amazed at the loads of spam comments that it stops.

As Mullenweg suggests, focusing on the content rather than the submitter, is the way to go in the long term, and Kismet is great at doing that.

However, I also rely on a simpler test to determine if someone is a human or not mainly because it’s not as annoying as a Captcha, and it prevents a lot of spam comments from making it through in the first place.  It’s easy to add a basic question to a form which must be answered correctly in order for the form to be submitted succesfully.  Questions could be as simple as:

  • What color is an orange?
  • What is 3 plus 3?
  • How many wheels does a car have?

There is a great WordPress plugin which provides this capability and is relatively easy to set up called the Secure and Accessible PHP Contact Form.  If you run any WordPress blogs, I recommend you try it out.

By having a list of simple questions that are randomly selected to appear on your forms, you can stop automated scripts from filling out your forms quite easily.  This, combined with Kismet, a content-based filter of what gets submitted, will pretty much stop spammers in their tracks without creating a hassle for your visitors.

Practical Security: Secure Email on Public Wifi Spots

Published by Will Chatham on 8/8/2008

In my revised capacity at my current job, I’ve been handling a lot of
security issues: hardening of systems, software, and processes. I’ve
also been studying for the Security+ certification, so needless to say,
security has been at the top of my mind the last 5 months, and I wish it
would be at least a little closer to the tops of the general public’s
mind.

I’m going to start a new series of blog posts here called Practical
Security in which I will pass on some of the more relevant best
practices relating to the typical internet user, in hopes of helping to
raise awareness amongst anyone who happens to read this blog. (Yes, all
4 of you).

Using Email on Public Wifi
(and the high level of risks therein)

Question:
How often do you stop at a coffee shop to check your email with your
laptop, or leech that open ‘linksys’ network while sitting at a traffic
light with your PDA to shoot off a quick note to your boss? OK, maybe
I’m the only one who does that at traffic lights, but you get my point.

If you have a portable device that can access the Internet, my guess is
that your answer is “quite often”.

Question:
How many of you have configured your email to use some sort of
encryption? (Cue the crickets chirping).

As this excellent StopDesign article explains:

What you may not realize is how easy these low security settings
allow someone else on the same network to spy on the data passing around
on that network. Just because you’re the only person who can see your
laptop screen, doesn’t necessarily mean you’re the only one who can see
the email message you just got from a friend. Just as easily as someone
could sit near you in a quiet cafe or library and overhear your entire
verbal conversation with another person, so could they “listen in” on
all the usernames, passwords, and messages passing to and from your
computer. (And everyone else’s computer for that matter.)

Kinda scary, huh? If you think about it, once they have your email
account password, it’s not too hard to go to your bank and generate a
“lost password” request, which will get sent to your email address,
which they now have control of. Or they might simply decide to send a
breakup letter to your boyfriend on your behalf if they are not feeling
so malicious. Or maybe they thought it would be funny to email your
boss and tell him how good he looks when he gets out of the shower.

By default, email is not secure!

Yes, this includes you, Mac user. Yes, this includes you, Gmail/Yahoo/Hotmail/AOL user.

Make sure your email is on a secure connection!

The Lowdown
If you use a webmail service such as Hotmail, Yahoo Mail, Gmail, or the
like, make sure your web browser (Internet Explorer, Safari, Firefox,
etc) is in “secure” mode by looking for the lock icon. Alternately (or
additionally), look at the address bar of your web browser to make sure
the address showing starts with https and not just http.

If you use Outlook, Outlook Express, Thunderbird, Mac Mail, or any other
‘program’ on your computer to manage your email, there are ways to set
up these applications to run only on secure connections using SSL, TLS,
SSH, and other methods. You may need to consult your local IT guru or
read the rest of the StopDesign article, or this well-written article entitled “5 Steps to Make Your Email Secure“.

Whatever you do, stop checking your email at Starbucks unless you know
it is secure!