Spam May Be Killing Legitimate E-mail

Today I had a real problem.  One of the servers I manage for a customer was having problems.  It wasn’t sending e-mails.  This isn’t your typical problem of not sending e-mail this is one of the bad problems.

So, as always with e-mail problems the first thing you always do is check it out for yourself.  So I went onto the server, played around for a while and sent myself an e-mail.  Ahh, simple success.  Everything was working correctly and a scan through the server event logs showed that everything had always been working perfectly.

Nuts, that’s not good.  My customers aren’t technological savages, they don’t report a tech problem like not receiving e-mails unless  they do some checking for themselves.  Actually oftentimes problems are quite well established before I hear about them.  This means that except for very, very rare instances the problem is absolutely true.  So while all this was heading through my mind and the check of the logs, a couple of minutes had passed and it was time to check my e-mail account for my delicious test e-mail.

It wasn’t there.  Everything had worked properly and yet the e-mail hadn’t arrived at its destination.  It was a single hop and I knew my e-mail was working because this issue had only been reported moments prior by e-mail.  After confirming a few more things and waiting on my hands for even more time I eventually gave up and decided that e-mail wasn’t working after all even though it was working as evidenced by this customer sending e-mails to me.

So my in depth research has shown some very interesting results.  Essentially the server that was sending e-mails is not the typical e-mail server.  Now due to the proliferation of Spam e-mail servers have started getting “smarter” and taking the spam verification process much more seriously.  There are many ways of checking for spam and most of those options are potentially error prone and thus we all have spam folders that need to be gone through on occasion.

There is one newish way of checking for spam though.  And this way is “fool proof”.  Basically each server that is suppose to send mail is actually registered at a very low level on the internet.  This information can be searched for and the sending domain (like @hotmail.com) can be pulled out and tested.  If this information doesn’t match or doesn’t exist, then the message can and often is marked as spam.  The e-mail provider for my client took this an extra step (one that I suspect will become far more common) they just deleted the messages without delivering them at all.

So, I fixed this issue by making changes to how the server was sending e-mails.  What does this mean to you?

Basically this means that you need your IT people to make sure that e-mail is only sent through the official channels.  Normally if you are using Exchange that is taken care of for you, but if you are using e-mail programs for newsletters or specialized programs that directly send e-mail you could be in a tight bind.  It is getting to be close to impossible to send e-mails without using the properly setup servers.  If your e-mails are being caught often as spam, you need to have IT take a look and ensure that your e-mail servers are properly registered otherwise you may find your e-mails go missing more often than not.

Business, Technology

A Look At Taxes – Part I – GST

One thing that all businesses have to deal with, and really all people have to deal with is Taxes.  Taxes are all around us as business people and it can often feel like everything we do is steeped in taxes.  One of the objectives as a small business owner is discovering how we can legally avoid paying as much tax as we possibly can.

The type of tax I was going to talk about this time is GST.  Worldwide this type of tax is commonly known as VAT or Value Added Tax.  Basically it is a type of tax that companies are able to recover.  A VAT type tax is often known as a “good” tax if any type of tax is known to be good.  It is better for sure than some provincial taxes that are unrecoverable by business.

In Canada a business has the option of not charging or recovering GST if they earn less than $30,000 a year.  Most accountants or bookkeepers would advise any business to register for GST.  I see both sides of the equation because obviously not charging GST is a favorable situation for most small businesses since it can make your products seem more attractive.

On the other hand not being able to claim tax credits for business purchases does hit your bottom line.  I would suggest small business owners who do not have to collect GST to take a look and decide on your own if your input costs related to GST are less than the “loss” you would take by charging GST.

Businesses who supply goods to other companies, take a look though at registering for GST.  Any company of any size will have GST registration so the GST cost to them is temporary since the Government will credit back all those costs.

Monitoring the costs of taxes paid out on purchases verses the impact that charging your customers taxes is always important to businesses.  Fortunately due to Canada’s implementation of a VAT tax instead of a non-refundable tax like many other countries and states/provinces.

My next tax article will cover the new changes going on in Canada’s largest province with a change from GST + non-recoverable provincial taxes to the new HST (Harmonized Sales Tax).

Business, Finance

The Cost of Bad Business Practices

If you have been paying attention to business news over the past 5 to 10 years you would have noticed an alarming trend.  Companies are being breached and sensitive data is being stolen.  This isn’t data that is sensitive to just the company but usually data that (in my opinion) the company should never have stored in the first place.

Companies like Home Depot have our credit card numbers.  Brokerages have pretty much every piece of information about us and our money.  Honestly its getting scarier all the time because of the amount of data these companies store.

A more recent tale of woe belongs to D.A. Davidson.  They managed to loose 20,000 customer records in an attack on their website on December 25, 2007.  The biggest problem is that not only did they have this data stolen they didn’t know about it till the thief contacted them 2 weeks later asking for a ransom for the data.

According to security experts the security was “deficient in that the database was not encrypted and the firm never activated a password, thereby leaving the default blank password in place.”  Basically they left the door wide open for anyone with a little (very little actually) knowledge and malicious intent.

In April 2006 Davidson was actually told by security auditors to beef up their security by implementing intrusion detection systems.  20 months later and they still had no system in place.

Here is where the cost comes in.  Normally you would expect that thousands of people are now at risk of having their identities stolen and maybe even having vast sums of money taken.  The businesses often seem to get away unaffected.  Well this is where the government is cracking down, the firm had to pay $375,000 to settle with the US government for the breach of trust.  Now in addition to that I would expect that anyone affected would also have the ability to sue this company as well.

So the next time you are collecting any customer information, give some thought to keeping that information secure.  It could cost you more than a quarter million dollars to ask forgiveness from the government for that failure.

Business

Found Some Deals

Something that can often be the bane of a small business owners existence is how expensive things can be.  Especially computers.

So to help you out with that I will occasionally post deals that I find that may be of interest to business owners.  Most of these deals will likely only be applicable to Canadian businesses but that will depend.

So this time the deals that I have found that could be of interest to the small business are from Dell.  Dell has an event running from Monday April 12, 2010 to April 23 (excluding weekends).  Each day they post about 6 deals that might be of interest to small businesses.  Actually the products are only found on the Dell.ca Small Business site so I guess that’s a clue.

New deals show up at about 6AM eastern time so you’ll need to keep and eye.  Check them out at the Days of Deals site on the Dell.ca Small Business area.  Previous days deals have included desktop and laptop computers with discounts of $100 to many hundred dollars and some very interesting prices on peripherals for computers.

Deals

Please Enter Your Password

A new study commissioned by Microsoft is showing the futility of constantly changing your passwords.  It is a common security feature in numerious organizations that passwords, strong passwords and regular password changes are not only well known but common.

Now, a study has concluded what lots of us have long suspected: Many of these irritating security measures are a waste of time. The study, by a top researcher at Microsoft, found that instructions intended to spare us from costly computer attacks often exact a much steeper price in the form of user effort and time expended.

The reality is that stolen passwords and the damage done with those accounts are estimated to cost IT many billions of dollars a year.  This staggeringly huge number makes a lot of businesses start to create policies to prevent those stolen passwords as much as possible.  The problem with password change policies is that research shows people who steal your passwords are not going to wait around for you to be able to change it before they use it.  Generally speaking the damage is done shortly after your password has been stolen.  Changing your password even once a day is unlikely to stop the damage caused by a stolen password.

Quite honestly a regular password change policy can be counter productive as many of us can attest to.  If the passwords need to be changed we still need to be able to remember those passwords.  This causes people to start picking easy to remember passwords, using a system that might be easily guessable or worst case, writing the password down on a sticky note and posting it on the computer.

For businesses the point that needs to be grasped here is the appearance of security doesn’t actually mean you are secure.  Often the opposite is true.

A more sobering fact that might make those who are still unconvinced more aware of the financial cost of wasting peoples time without security benefits.  A paper was presented at a security workshop at Oxford University last fall.  This paper used some crude economic analysis and a little bit of basic math to estimate the worth of a users time.  Based upon the approximately 200 million users who go online in the US each day.  If they each earned twice the minimum wage, a minute of time from each of them per day costs $16 billion dollars a year.

That is certainly a sobering number.  The biggest problem that exists with security time sinks is that the damage is not easily expressed in dollars.  Its actually expressed in getting less done, having people who are less happy in their jobs.  Or again, really decreasing the overall security because someone decided to cut a corner.

IT is really suppose to make peoples lives easier.  Far too often we react and make peoples live far more difficult in the name of security.  Business owners, keep this in mind, always try to find out the true cost of security before you setup a policy that doesn’t actually make us any more secure.

Technology