Google making major changes to email acceptance requirements

Will your email be blocked by Google, or are you ready for the changes they are making? Google will be blocking emails from weakly configured systems as of February 1^st, 2024. Make sure your system isn’t one of them that will be blocked.

Starting February 1st, Google will be imposing requirements on any emails being sent to a Gmail account.  They are asking for you to have some basic email system hygiene in place for your mail system.  If you are at all responsible for your own domain (the part after the @ symbol, such as username@gmail.com), then you must pay attention, whether you have an email server in your own data centre, or your email is hosted such as with 365 or Google.

Two other large email systems (Yahoo! and AOL) have already stated they are following in Google's footsteps, Microsoft is expected to follow before long.

These are Googles new requirements as of February 1st, 2024, and your email administrators need to make sure they are in place:

• All your outbound email servers must now do TLS encryption.  Without this, your email can be intercepted and read, or worse. There are still so many systems running without this, as it is Not a default on most of the ones you setup yourself.  Most hosted solutions do have this already, but not a bad thing to check.
• For systems with lower send rate, you need at least one of SPF and/or DKIM setup and working correctly.
• For systems that sometimes send more than 5,000 messages a day to Google Mail servers (including their customer domains they are hosting), then you must have both SPF AND DKIM working correctly AND DMARC setup.

 The most basic SPF and DMARC records you can setup for you domain is (in standard BIND notation):

@ TXT "v=spf1 a mx ~all"

_dmarc TXT "v=DMARC1; p=none; rua=mailto:{emailAddress2processReports}"

That SPF record is NOT guaranteed to work, as it must identify your email server(s). That DMARC record is very safe with an email address that does accept mail. Checking DKIM requires a proper analysis of those DMARC reports, though some spot checking can be done looking at the source header of received messages. 

For more details of Google’s current requirements, including the other 'little' details, read their "Email sender guidelines." https://support.google.com/a/answer/81126

Expect Google and others to increase their requirements in the future, such as the number of messages per day trigger point to be reduced, as well as requiring DMARC enforcement (not just reporting).

Yes, this can seem overwhelming. If you would like some assistance checking to see if your email system is ready for this major change, we may be able to assist you. Please reach out to us and we can discuss this with you.

If you want a thing done, Get out of my way!

If you want me to do something, give me the goal and authority, then get out of my way.

Many people will sit and complain that something isn’t working correctly, but they won’t give someone else the authority to investigate the issue and get it resolved. They may talk about wanting someone to do that work, but don’t give the actual authority to do so and/or the desired outcome.

I have encountered individuals/clients that will complain that the system isn’t doing what they expected. The reason it’s not working, is that no one has been given the responsibility of learning and taking on the system, and then setting up a progress to maintain it.  This happens in all sizes of organizations, and it is something that I keep tripping over.  

One of the issues I see, is that some managers don’t want someone else to understand a system that they don’t. Managers can’t know every system and all the different ins and outs that are required to make it work. Being a good manager means giving someone the authority to take on that specific program/system and get it working the best they can, and a process documented. In some (too many) cases, authority or task might be given in an unclear and undefined way, so that no one knows what really needs to be done. A simple email to the team/individuals involved is all that it takes to give that authority, e.g. ‘x’ is now doing “the thing”, articulate the goal, and please support and assist ‘x’ where needed/requested.

So yes, get out of my way is one way for that to happen. It can be difficult for a manager to do this, but if they want to be a good manager, they need to be able to do just that. Getting out of someone’s way can result in a process being developed that will work for everyone, and more people will understand the system.  It will end up resulting in a better overall system, as well as processes being developed and documented for your organization's use and support of the system.

Now, if you want to me to do the task, simply give me a clear goal and the authority, then get out of my way.

 

Rebooting your computer

This is an email that we recently wrote for a client to help them communicate with their end users that rebooting their computers are important. Watch for another blog entry that will provide additional feedback that you, as IT can use when you get questioned about this.

Subject: Why you need to reboot at least one or twice a month

Why reboots are required.

• Many computer device patches require a restart of your system for them to be applied. Patches can be installed while you are working, but will not get applied until a reboot/restart of your computer has been done.
• IT can also push out other necessary patches that don’t trigger a reboot, but still require a reboot to complete the patch being applied.

How often is a reboot required?

• It is ideal that a reboot be done at least once or twice a month (reboot with patches when applicable) to ensure that your system is up-to-date with all the necessary patches. A system can be compromised if the patch has been installed but not applied.
• Ideally, rebooting once a week would ensure you are keeping your system up to date.
• IT could schedule reboots, but it is ideal that everyone manage their system themselves, as they know when the best time to reboot is. (Sleeping or hibernating your computer is not a reboot). If systems continue not to be rebooted, IT can schedule forced updates on these systems.

Why does my computer reboot itself?

• Some operating system patches force a reboot, and they usually do it automatically overnight. By keeping your system patched and up to date, these forced rebooted happen less frequently.

By rebooting our systems, we are not only keeping our systems up to date, it is contributing to ensure that the company data is kept safe.

Let Sleeping Services Be

AKA, latest scam attempted on me, with most of the caller's fumbles of his script left out.

A call claiming to be my ISP (never used it for home internet, but the phone number had been with them at one point, so others may have a match claiming your ISP based on who your phone has been with), that they had a failure on their server and that there 70% services stopped, and we need to fix them. 

Caller: How many devices do you have using the internet?  

Me: (quickly count the list) I have 15 IPs active today as seen on WhoIsConnectedSniffer (software I have running on my computer most of the time), but some of them should never get to the internet.   

Caller:  Then I need you to get in front of your computer.

Me:  OK, since that is where you caught me, where did you think I had WhoIsConnectedSniffer running?  yes I am there.

Caller: confused sounding

(a bit of back and forth with this drone in a call centre, to get him back on track of the scam to see where it is going)

Caller:  Do you see the Windows key?  Hold it down and press R

Me:  Ah, you want the Run prompt, OK, I am there.

Caller:  type in msconfig   and then press the OK button

Me: (I know this first bit is safe, so I proceed) Oh, it looks a bit different since I last looked this way, I see the Tabs: General, Boot, Services, ...

Caller:  OK, need you to click on Services, now see how many are stopped. 

Me:  Yes, I see many of  them stopped and that is the normal amount I expect there.

Caller: Then we need to remote into your computer to fix these stopped services as part of the service you paid for.

Me: But those services aren't needed, in fact some of them really shouldn't be running most of the time, rather like one doesn't leave their car running in the garage when they aren't driving it.

Caller:  But you paid for this service, so we need to restart them for you.

Note: This goes on back and forth for nearly 5 minutes until a meeting reminder gets me to wrapping up.  I could have so dragged him along for ages if I had the free time.

Me:  I have several ways to prove you are a scammer. 

• I'm not with the ISP you claim to be, though I have worked with them.
• It is normal for Windows to have stopped services as many are use only occasionally and the system knows how to trigger them on when needed, or are only on when the applicable hardware is turned on, example: the Bluetooth support service is stopped because I don't currently have Bluetooth turned on. 
• Clearly, as someone who mainly works on Linux servers, I still know way more about Windows than you do. 

Caller:    Ahh..ahh....ahhh..........

The line goes dead.  He was clearly very new at this, or was just following the script in front of him. 

Summary:

If you ask a question and they immediately re-ask their question, it is almost certainly a scam. 

Stopped Services on your computer is a normal thing, just like your microwave or shower are not running much of the time.  A server failure at your ISP is not going to impact the services on your computer, as, if necessary, a reboot of your system is all you should need.  Never let one of those callers remote into your system, as that is a disaster waiting to happen.  What exactly they will do varies, bit it won't be in your interest. 

Billing and working with clients

As a bookkeeper and an office manager, people have asked me some questions about managing getting paid by clients. I have put together my recommendation of both billing and receiving payments from clients. This may not work for everyone, but I have seen it work, and it means you aren’t working for free.

How often should I bill a client?

• I recommend that if you are a consultant and working with clients, it is a good idea to bill them monthly. Billing at the end or the first of the month means it is easier to track when bills have been issued. If you have a standard flat rate for the clients, it is recommended to bill that at the beginning of the month. I also have a recommendation of either doing net 15 or net 30 days. I normally go with net 30 days for existing clients.

Client hasn’t paid the invoice, what do I do?

• When the invoice is close to the 30 days since issuing it, I recommend sending a reminder email letting the client know that the invoice is still outstanding. The working I normally use is “can you let me know the status of the invoice?” This gives the client the chance to look into it without you saying it’s due. If you don’t receive a reply, you start slowing down the response time for emails.
• At 45 days, another email is sent, but this time you do mention that the invoice is overdue and would like to know when you can expect payment. This lets the client know that payment hasn’t been received and maybe there is an issue on their end or some communication with you is required. At this point, if you are not getting a reply to emails, a phone call is required to talk to the client about payment. If you don’t get any answers, this is when work really starts to slow down.
• At 60 days from the billing date, this is when another email will be sent and requested payment. Also, letting the client know that work will need to be slowed down or discontinued until payment is received. If a client says, "I promise to pay the bill, trust me", be careful because this could be a sign of other issues. Try and set up a meeting with the client to discuss the situation.

Handling new clients

• When you are approached by a new client, there are a couple of different ways to handle payment.
• You can request a deposit via credit card for the work, as this ensures that you will receive some money for work being done.
• You can let the client know that a bill will be sent immediately after the work has been completed, with net 15 days. This is the one time that billing monthly is not applied.

Can I do a credit check on a potential or existing client?

• The simple answer to this question is yes. If you are going to be doing major work with a client that you have got out of the blue, it might be a good idea to do a credit check on them. Also, the biggest piece of advice I give is if you don’t get the first payment, and you just get a “trust me”, it’s time to do that credit check.
• You can also do a credit check on an existing client if you are going to be doing major work with them.  Remember, you are the one that will be providing your services, and you need to make sure that you will be receiving payment for it as we have seen this happen in the past.
  

 

Summary

It is difficult when you don’t receive payments from clients, but if you make sure that you are fair with them, there should be open communication. When clients start not answering your emails or phone calls, it’s time to start looking at how you can let them know that work is going to have to be reduced until some payments are received. Remember, do not spend the money that is owed to you until it’s in your bank account. Using the money before it’s in your bank account can result in a big financial challenge for your own business.

Billing and working with clients can be a challenge, but if you establish a standard way of billing and communicating with a client, it does help a lot. Don’t be afraid to ask for advice from other small businesses because it helps to hear what other people do as well. Asking a client for payment can be a challenge, but it’s better than just sitting back and hoping, that one day you will receive payment for what they owe you.

 

 

Wired is Better

The debate is not wired vs wireless, but wired vs Less power|bandwidth|security

Cables can be a frustration at times for many people, so being without them feels so freeing, . . to a point.

To go without wires/cables for signal still requires power, and if you don't have a wire to provide that, you certainly have batteries involved that have their own frustrations to deal with.

The Batteries.  

Replaceable or built in rechargeable?

How fast are they drained?

•  Fast enough, you get the replace or recharge process down pat?   They last long enough that you might not recognize the odd symptoms of the system for a bit before it clicks that it is time to do something with the batteries. (mouse in the middle of an epic gaming session, or keyboard in the middle of trying to write down that perfect award-winning idea)
• And for built-in rechargeable, at least until they can not hold a charge anymore.

Yes, there is wireless power transmission tech being developed, but:

•  Extra cost to have and to power
• extra energy inefficiently spread in the form of non-ionizing radiation through you. We are many years away from any chance of proving them safe. Are you volunteering your body as a test bed?

The bandwidth you can put through radio (wireless communications) is about the same as a few strands of wire or fibre in a cable. And the space of radio waves is shared.  So if you try and pack a room full of active Wi-Fi sharing systems, you generally will get less bandwidth to each than if they were wired connections. Especially if there are many other nearby users of those radio frequencies. How many Wi-Fi Access Points do you see near you? You are sharing bandwidth with them and anything else that might be using those particular frequencies that you can't see, such as Bluetooth on 2.4GHz and microwaves that are really noisy in that space.

Security is typically less with wireLess.  There are so many more ways of intercepting wireless(radio) traffic, most without any indications of such an interception. Encryption can be defeated, it is anything but perfect. The end points of any wireless system can be readily attacked from a distance in a whole range of tactics in addition to any possible wired attack vectors. 

Example:  With some USB dongles they can be used to take over the computers they were plugged in to.  When did you last update your dongle's firmware? 
Is your dongle subject to MouseJack or KeyJack attacks?

Personal health, a potential issue with adding more radio waves going through your body and those you may care about nearby.  Radio waves are a form of Radiation. While not the really nasty ionizing radiation of fission of big atoms like Uranium, it is still energy that we didn't evolve with. We are already seeing evidence of harm from cellphone radio waves.

So where ever you can, a wired/cabled/fibred connection is generally more reliable, secure, energy efficient, lower cost (especially over product lifetime), less resources used to make and operate, less impact on the surrounding environment. While there are always exceptions, they are just exceptions to a rule, not an invalidation of this point.

Wireless things have their place, but like everything in life, there are trade-offs along the way.  Make them deliberately rather than letting marketing brainwash you down any particular path as they won't tell you the hidden costs or risks. 

Glossary: 

Wire - single strand of an electrical conducting metal. One is almost never enough

Fibre/Fiber - a single strand of optical fibre, usually plastic, that carries light as the signal medium.

Cable - a bundle of wires or fibres in a protective bundle. i.e what we usually see.

Paying it forward

For a lot of people, graduating from college can be a time when they say that they are done with education, and they aren't going to think about college ever again.

Well Darlene has proved that yes you can graduate from college but education never stops. She has also shown that paying it forward to the next generation of business students is also important. Darlene has over the last couple of years been mentoring students through the Ten Thousand Coffee program at Centennial College. She enjoys getting to know the students and new graduates and is always willing to share her knowledge and experience with them.

Recently, Darlene was interviewed for the blog "It Started at Centennial" for her journey from being a student at Centennial College to now being a Mentor.