Dear Brainwrap Hosting Client--
Due to 2 unrelated incidents in the past 3 weeks, in which 2 different client email accounts were compromised due to security issues at their end, I have to announce two new policies regarding email and server password security:
First, I'm implementing a 6-month password reset policy. Starting in January, all Email and Control Panel / FTP passwords will have to be reset at least once every 6 months. The new passwords will have to meet a minimum strength threshold, which basically means including both upper- and lower-case letters; at least one numeral; and at least one other character (such as !@#$%, etc). I'll be contacting clients on an individual basis to discuss the initial reset, which should be done in January.
I realize that this may seem inconvenient, but this is for your security as well as ours. When your email password is compromised, not only does the hacker gain access to your email account, they also gain access to any of your mail still on the server. If the password was revealed by a virus/trojan infecting your computer, they may also have access to any other sensitive information you have on your computer, including credit card information, passwords to other websites and so on.
From Brainwrap's perspective, the main concern is that once someone has access to your email password, they're also free to start sending out spam using your account as the sender. If spam is sent out from the server for too long, various spam databases will eventually detect it and will eventually add the server to their "blacklists", blocking all mail from that server until the block is lifted (which can take several days to do).
This has only happened a half-dozen times in the 14 years that Brainwrap has been in business. Unfortunately, the past 2 incidents happened in the past 3 weeks, necessitating this new policy. I should note that policies of this nature are quite common in the web hosting industry; run a Google search for "password reset policy" and you'll find thousands of similar policies from other services.
Secondly, as you may know, the hosting accounts have the ability to set up email "forwarders" to third party accounts. Some people have have their "yourname@yourdomain.com" email set up to forward to a personal Gmail account (or whatever) instead of adding a second account to their email program.
This is a very convenient feature. Unfortunately, AOL tends to treat any mail that's "forwarded" in this fashion as potential spam, and is more likely to block the originating server if their customers (anyone with an AOL.com, AIM.com or Netscape.com) receive mail which is forwarded from a different email address.
The problem is that when AOL (or any other major ISP) blocks mail from a server, it blocks all mail from that server until the block is lifted. Only a handful of Brainwrap clients had email accounts set up to forward to AOL accounts until now; I've contacted each and have made other arrangements. In the future, forwarders to AOL accounts won't be allowed on the server.
Here's several links which explain the problem--this is NOT specific to the Brainwrap server, it's pretty much an industry-wide issue:
http://ryowebsite.com/email/aol-email-forwarding/
http://sevensages.com/Company-News/AOL-blocking-email-again.html
http://serversitters.com/aol-blacklist.html
If you have any question or concerns about either of these new policies, please feel free to contact me at cgaba@brainwrap.com or by phone at 248 545-7570.
As always, thank you for your continuing business and understanding, and Happy Holidays to you and yours!
Sincerely,
Charles Gaba
Brainwrap Web Design
P.S. I'm also very proud to announce that as of a few weeks ago, Brainwrap is once again 100% Michigan-based (the hosting was done out-of-state for a time, but has gradually been moved back home over the past year).
