Dear Customer,

As part of our efforts to cut down unsolicited email from our system and the problems created due to it, we’re introducing certain measures to mitigate such activities. The idea behind these measures is to ensure that our email system is not viewed suspiciously by other service providers, which would lead to email originating from our servers to be deferred or rejected.

A lot of spam email that gets caught in our anti-spam filters, and is reported to us by the feedback loop with other email service providers, shows a high correlation with spoofed envelope from addresses. For example, when a user a...@domain.com authenticates with smtp.domain.com in order to send a mail from our outbound servers, he can currently set whatever he wants as his “from” address, including email addresses that don’t actually exist. This is a widely used method for email spoofing. In order to avoid such instances, users will now be asked to register a set of identities from their webmail interface for email addresses that need be used to send email. Every identity must have a valid email address, which must be authorized before it can be used to send email. The process to do so is fairly straightforward -

1. The user must log on to Webmail for e.g. as a...@domain.com, and add the necessary identities, say sal...@domain.com and x...@gmail.com.

2. The system will send verification emails to sal...@domain.com and x...@gmail.com, asking them: “a...@domain.com is trying to use x...@gmail.com to send email, do you want to allow this?”

3. Upon confirmation, the user will be able to send email as x...@gmail.com or sal...@domain.com from their account.

4. A list of user accounts are allowed to use sal...@domain.com as their from address will be stored by the system (since there may be more than one user who may want to use the same from address).

We are monitoring email logs to identify accounts that are sending email in this fashion. We shall pro-actively add identities for these accounts, and send out alerts to users using a different ‘from’ address than the authenticated one. However, we might not be able to determine all users who need this feature. Thus, we recommend that you inform all you add sender identities if required. The identities must be created and verified before the 24th of March, after which any unauthorized ‘from’ address will not be allowed to send email.

If you have any questions about this process, please contact our support team, we’d be happy to clarify doubts and provide any other information you need.

Dear Customer,

As part of our ongoing campaign against abuse and to ensure the security of our users’ email services, we are planning to impose a stricter password policy for email accounts hosted with us. As a result of this change, the system will no longer allow passwords of the type that could be deemed vulnerable to sabotage attempts. Email account passwords must fulfill the following criteria henceforth -

1. The password must contain at least 8 characters (and can be up to 32 characters long).
2. The password can not contain the email prefix in its exact form. For instance, if your email address were j...@yourdomain.com, then your password can not contain the word john.
3. The password must contain at least one alphabet (a-z in upper or lowercase), and at least one numeral (0-9).

We will shortly send a advisory to all email users whose passwords do not satisfy these criteria, alerting them to update their password on or before March 20th, 2011.

If you do not change your password then the password will be reset and a new password will be sent to the alternate email address.

If you have any questions about this process, please contact our support team and we’d be happy to answer your queries.

As part of our efforts to minimize mail deferrals, we will be deploying a popular and simple technique to combat outbound SPAM i.e disabling Port 25 for MUAs (such as outlook, thunderbird etc). Port 25 will be disabled in the third week of January and we will send you the final date soon.

Port 587 has already been enabled as a replacement and we encourage you to enable Port 587 for SMTP connections.

To change the SMTP Port you need to enable Port 587 in the following way:

Outlook: Tools >> Account Settings >> Email >> Change >> More Settings >> Advanced >> Outgoing server (SMTP)

Thunderbird: Tools >> Account Settings >> Outgoing server (SMTP) >> Edit >> Port

Coupled with SPF and DKIM that we launched earlier, disabling Port 25 will help ensure a more stable and seamless email experience for your Customers.

As mentioned previously, we have introduced SPF and DKIM on our mail hosting servers as part of our efforts to increase security.

We will begin signing emails on the 7th of September, 2010 and we suggest that you create the necessary DNS records at the earliest.

You will not be required to make any changes if you are using our DNS services.

In case our DNS services are not being used, certain TXT Records will have to be added at the DNS Provider.

The following are Sample DKIM and SPF Records:

DKIM
Format: Hostname TTL Zone RecordType Value
Example: 20100802._domainkey.dummy.pws 86400 IN TXT “v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2t0wVC8xxBYWsnRPYyo24Dk65pNr
jyf28Y4q5GWyAGrgtyIls7M/t/vUfdY5gYmliTwWkXq6xvJ0fVSTv6HD3lYFnf1OouDdNqlZJZQ
SLZfqFKFr2vgkwWxFx+6kBAf6wR5PM6r3i97JsNc7kvNgGHTFxeAPHRKfpA7KEFa6eqw
IDAQAB”

SPF
Format: Hostname TTL Zone RecordType Value
Example: dummy.pws 86400 IN TXT “v=spf1 exists:%{s}.%{i}._spf.mailhostbox.com redirect=_spf.mailhostbox.com”

You can also view the records in your respective Control Panel under Nameserver Details in the Order Details View of your Hosting Package.

Why do these Records need to be added?
SPF and DKIM help to reduce mail spoofing and sender address forgery. Therefore adding these records will ensure that you are protected against the same.

Using SPF and DKIM will also go a long way in upholding the reputation of our mail servers.
It would result in a lower risk of issues regarding spoofing and spam, and would help improve our service levels to Resellers and Customers.

Email authenticity is a major concern for a lot of customers and one of the best ways of addressing this is by adding SPF and DKIM Records. Both these techniques can be used to prevent email spoofing.

So what are SPF and DKIM Records?

SPF stands for Sender Policy Framework and is an open standard to prevent sender address forgery. The way it works is that it stops email forgers from forging the sender address in an email. It does this by authorizing addresses that can send email for a particular Domain Name. You can get a little more info on SPF here.

Similarly, DKIM i.e. Domain Keys Identification Mail is another mechanism used to fight email forgery. It uses encryption technology to verify the authenticity of the sender address. If a message has been verified through Domain Keys, you’ll see a small icon of an envelope and key in the email header. Read more about DKIM here.

Adding these Records:

No changes will be required if you’re using our DNS Services.

However, in case you’re not using our DNS services, you will need to add certain TXT Records in the package being used. These can be viewed under Nameserver Details in the Order Details View of your Email Package.

On the 6th of September, we will introduce Free Mail Forwarding with every Domain registered through Indi Domains! Mail Forwarding will be added to our already irresistable Free Services suite that includes services like DNS, Domain Forwarding and Privacy Protection. We hope that this great new service translates into an even more compelling offering with huge profits for you.

Control Panel Changes

Mail Forwarding Sign-up and Setup:

• All accounts on the system will be signed up for the Free Mail Forwarding Service on the 6th of September
• All Customer  sign-ups post 6th September will be automatically signed up for this service
• As Mail Forwarding will become a Free Service, the Pricing page will be deprecated from the Control Panel
• The Mail Forwarding Service will now be moved to the .PW infrastructure
• Post 6th September, the Mail Hosting and Mail Forwarding tabs will no longer be seen in the Control Panel. Instead, it will be consolidated in to a single tab called Email. On clicking on the Email tab, you will be given the option of either purchasing Mail Hosting or activating Mail Forwarding

Activating Free Mail Forwarding:

In order to activate the Free Mail Forwarding Service, you will need to:

• Navigate to the associated Product Management Console
• Click on the Email button
• Click on the Activate Mail Forwarding button
• Once successfully activated, the Activate Mail Forwarding button will be replaced by a Manage Mail Forwarding button

Nameserver Information:

1. If the Domain Name using the service is registered through Indi Domains, but the nameservers are not the same as those required, our system will prompt the you by displaying an Auto Update Nameservers button. On clicking this button, the nameservers will be updated automatically
2. If the Domain Name is not registered with us, the required nameservers will be displayed to you. The auto-update option will not be available

Impact on Existing Orders:

1. Wildcarded forwarding will no longer be available with the Free Mail Forwarding Service. However, you can create a Catch-All account using the Free Service
2. If the Mail Forwarding order is associated with one or more Products in the system, you will simply need to search for the Product associated with the Mail Forwarding Service and access the management console from the Email button. Alternatively, you can use the widget on the Control Panel homepage to locate the Mail Forwarding Service
3. If the Mail Forwarding order is not associated with any other Product in the system, you can use the Manage Free Services widget on the Control Panel homepage to locate the Mail Forwarding Service