Fake MDaemon – Critical Patch Update

Featured

There are reports going around of a Critical Patch Update spoof email being sent that include download links and claims to be from MDaemon Support using the email sender address [email protected].

As a reminder, always check the “From” address sending domain to ensure it is mdaemon.com. While I’m not one to tell you what to do and I’m very likely not your boss, emails from unusual addresses are spoofed messages and should be ignored and you absolutely should not follow the links or install whatever this spoof is providing.

Let’s Encrypt revoking some certificates – Check to see if you are impacted

Are you using Let’s Encrypt with MDaemon or SecurityGateway (or anywhere else)? If so, great! But due to a bug re-validating CAA records, Let’s Encrypt will be revoking a subset of otherwise valid certificates. This bug has existed since 2019-07 and therefore could apply to any certificate issued prior to the fix which was applied 2020-02-29.

So what should you do? Well, luckily there is a tool to check your certificate, so you should check to see if your certificate is being revoked and if so, issue a new certificate as quickly as possible.

Modern browsers don’t check certificate revocations immediately or on all requests, so just because your browser works does not mean there is no impact! If your certificate is revoked you may see an impact some time in the next week or so, or you might not see it at all while users of other operation system / browser / client combinations may have a different experience.

How harmful is spam?

I often hear comments like “it’s no big deal”, and “just hit delete” while obsessing over tracking down and blocking spammers.

I stumbled across an interesting perspective that I wanted to share:

I think it’s worth noting that the largest cost of spam (and other forms of Internet-borne abuse) is not financial.

It’s time — irreplaceable, precious time. Do the math: construct an estimate for how many seconds it takes someone to realize that a message is spam and Just Hit Delete (TM); now multiply by all the someones doing that for the same spam message; now multiply by all the spam messages send in a day or a week or a year.

Then divide by the average human lifespan. The results are disturbing.

Luckily, MDaemon includes many tools that help you combat spam. Life’s too short to waste on deleting garbage that shouldn’t exist in the first place.