OnYourMark, LLC Blog

Dear Clients,

We apologize for the delay in receiving email this morning.

It was reported to us this morning that incoming email was not being received.  In doing investigation we found that our spam filtering service provider Postini apparently was having trouble with email delivery.  We checked the server connection rate and it was well within reasonable levels, but when we checked the connection rate reported to us by Postini, it was much higher. We have been working with Postini and the problem should now be resolved.

There is a backlog of mail on their end that needs to be delivered and it should arrive over the next hour.

For the clients that use OnYourMark SMTP servers, beginning on August 15, 2009 the outgoing email server address will change from mail.samplenamehere.com to smtp.samplenamehere.com (replacing samplenamehere.com with your domain name). Many clients have already made the change but for those that haven’t now’s the time! The reason for this change is growth; we want to prevent a situation where are email servers are overloaded! This also gives us further separation of services to mitigate any potential problems that could arise and make further growth easier.

When you change the settings, there should be no lapse in service. If you have any questions, please feel free to contact us.

Yesterday, at approximately 3:00pm CST it appears that our database cluster experienced a very heavy load from a Denial of Service (DoS) attack. This caused some services to become slow or unresponsive for a short period of time. We had the problem diagnosed and amended by 4:00pm CST.

Although we don’t know the exact cause yet, we believe it may have been a failed attempt to breech the  security of that server cluster.

We are going to be taking steps in the upcoming days and weeks to further tighten website security, as well as database resiliency to ensure this does not happen again. If you have any questions, please feel free to contact us.  We apologize for any inconvenience this may have caused.

From time to time you may receive tests of your website’s forms from OnYourMark staff.  If your site is updated, forms are tested to make sure the updates did not effect the forms’ functionality.  Form tests may also be sent if we are doing behind-the-scenes technical updates as part of your site’s hour per month of promotion and maintenance.

If you receive a test submission from your website’s forms, it is extremely important that you forward the emails you receive to OnYourMark as soon as possible! This confirmation lets us know that the form is working properly.

If you have questions on your website’s forms, please Contact Us.

Dear Client,

We’d like to provide you with an update on recent spam attacks.

Our message security vendor has advised us on high volumes of bogus CNN and MSNBC messages that contain links to download malware. Spammers have copied the contents of CNN and MSNBC alerts and substituted a link that prompts users to upgrade to a new version of a fake Adobe Flash player.

The security service has detected and blocked the vast majority of these attacks, and continues to release protections to stop the new mutations. Their capture rate is over 99%; however, the attack volumes are so large (in the hundreds of millions of messages) that a 1% passthrough rate means that a few messages may end up in your inbox.

For best security practices, if you see any CNN, MSNBC, or suspicious news alert messages:

• Do not deliver these messages from your Message Center or Quarantine Summary.
• Delete these messages from your inbox.
• Do not click on any links in the messages.

If you need to access CNN or MSNBC content, visit the website directly.

Please be assured that our security service considers virus and spam protection as their highest priority, and continues to be on the cutting edge against new spam attacks and tactics.

I noticed a new domain spoofing email come in today from icann@icannresolve.com, pretending to be the non-existent “ICANN Resolutions Department”, the email read;

Dear Domain Account Holder,

You are being sent this notice from ICANN due to the fact that you
currently own an active domain name. ICANN is currently upgrading all
domains from their registry database.

The upgrade will introduce new control options for your domain and easier
access. The new upgrade is required by the registry. All domain users are
expected to submit their domain information manually at
http://www.blockedsoyoudontgothere.com/spamaddress with the
required information for ICANN to apply the required updates.

The upgrades will be applied to accounts on a first come, first serve
basis. You have until July 25, 2008 to submit the required information to
avoid service and domain interruption.

Thank you for your time.

Sincerely,

ICANNResolve
ICANN.org Resolutions Department

The whois record shows the domain being registered on June 14, 2008, making it pretty blatantly obvious that it was spam. Just in case though I took a look over at the actual ICANN site and found nothing to support the spam email. After some further careful snooping (actually I just visited the site, something I discourage you from doing), I can see they are simply trying to get you to after filling out some dubious forms, they can take your domain or credit card information.

For more information on what ‘Phishing’ is, please read the OnYourMark Ask the Pro article

If you receive one of these spam messages, please disregard it and notify us.

Our backbone provider at TW Telecom will be doing network maintenance on their switches on Friday, June 13, 2008 (yes Friday the 13th, I didn’t pick it) which will result in periods of downtime starting at midnight and lasting for approximately 1 hour. OnYourMark support staff will be on hand to ensure all services are in working order when network connectivity is returned. We will make an update to this post when the upgrades have been completed.

If you have any questions, please feel free to contact the support team at 1-800-747-3399 or email them at support@onyourmark.com.

Update: Tonight (May 14, 2008) at 10:00PM CST we will be implementing the new filter via Postini. You will not lose any email and should not see any downtime in your service.

We have noticed that Non-Delivery Receipts (NDR) messages have been flooding users inboxes, sometimes at a rate of 100 or more per hour. A NDR is a message sent from a mail server when a problem occurs with delivery. Normally these are returned to the sender when you type in the wrong email address or send an email to an address or user that doesn’t exist. The increase is due to a tactic spammers are utilizing more prevalently to ’spoof’ your email address, basically making the “From” address be a real domain or sender. The result is that when a server sends a message to a user that doesn’t exist, well spoofing your email address, the recipient email server sends a NDR back to the spoofed email address. When a spammer sends our tens of thousands of emails at a time, the quantity of email bounces increases.

This does not mean you have sent bad emails, only that someone ’spoofed’ your address.

We are currently working with Postini for a solution to this and expect to have it in place within the next week or so. We appreciate your patience and understanding as we fight the ever lasting battle against spam. If you have any questions, please feel free to contact us at support@onyourmark.com or call toll free at 1-800-747-3399.

We were advised by a client today that NetNanny, a popular porn blocking software, blocks sites that use a legal statement at the bottom of their pages. Since all of our clients have this legal statement I contacted NetNanny to find out when this will be remedied. They assured me the problem will be fixed within the next week.

We will monitor their progress and if it continues into next week, we will contact NetNanny again to find out what updates need to be taken on the legal statement so the site is no longer blocked.

If you are our client and you have any concerns about this, please contact Keith or Ellen.

Thanks you.

March 31, 2008 – A current “phishing” email scam is targeting advertisers using the Google AdWords program.

The emails ask AdWords advertisers to click a link to verify account information or credit card numbers. The emails look very official and may appear to come from support@google.com and adwords-noreply@google.com.

Clicking the link in the email will take you to a page that resembles Google, but it is really a fake page on another server designed to trick you into sharing account information or credit card numbers.

All authentic communications from Google AdWords are sent to OnYourMark, LLC on our clients’ behalf. If a credit card number or account data needs to be changed, OnYourMark, LLC will notify you. If you receive any emails that appear to be from Google AdWords or ask for data from your Google AdWords account, please Contact Us. We are happy to help!

To learn more about “phishing,” please see our January 2004 Ask-the-Pro article, “What is phishing?”

Sample Messages

Dear Google AdWords Customer,Please sign in to your account at http://adwords.google.com/select/login, and update your billing information.

Your account will be reactivated as soon as you update your payment information. Your ads will show immediately if you decide to pay for clicks via credit or debit card. If you decide to pay by direct debit, we may need to receive our signed debit authorization before your ads start running, depending on your location.

If you choose bank transfer, your ads will show as soon as we receive your first payment.

We look forward to providing you with the most effective advertising available.

Sincerely,
The Google AdWords Team

******************************

Dear Google AdWords Customer,

Your ads have stopped running because we were unable to process your billing information. We will reactivate you account after you update your billing information. In order to reactivate your account, please sign it to your account at http://adwords.google.com/select/login, and update your billing information. Once your account is reactivated and your billing information has been processed, any your ads and campaigns can begin running immediately on Google.

You will not be asked to submit your billing information every time you create a new ad or campaign. If your payment has been declined and you’d like to resubmit the same credit card information, you may also do so by clicking the Retry card button on your Billing Preferences page. After updating your credit card information (regardless of whether or not you use a different card), it can take up to 24 hours before your ads start running again. You also have the option of providing a backup credit card to help ensure that your ads run continuously in the case that your primary payment method fails.

Sincerely,
The Google AdWords Team

******************************

Dear Google AdWords Customer,

Your ads have stopped running because we were unable to process your billing information.

We will reactivate you account after you update your billing information.

In order to reactivate your account, please sign it to your account at http://adwords.google.com/select/login, and update your billing information. Once your account is reactivated and your billing information has been processed, your ads and campaigns can begin running immediately on Google.

Advertise your business on Google

No matter what your budget, you can display your ads on Google and our advertising network. Pay only if people click your ads.