No one is sticking floppies to their fridge anymore, but we still occasionally see the modern equivalent: saving data or documents in places that are likely to disappear. Just as you shouldn’t write the only copy of essential information on an easily erased whiteboard, you shouldn’t store important data in any of these locations:

• Unsaved documents: While autosave is becoming more common, it isn’t universal and often doesn’t activate until a document has been saved for the first time. When you create a new document, always save it right away, before you do anything else. Otherwise, you risk losing all your work if the app crashes, the Mac kernel panics, or the power goes out.
• Trash: We know, we know! Who would put something in the Trash that they want to keep? But it happens. Don’t do that! On the other hand, there’s also no reason to empty your Trash regularly unless you’re low on space. A good compromise is to choose Finder > Settings > Advanced and select “Remove items from the Trash after 30 days.” This way, you’ll always have a 30-day grace period to recover mistakenly deleted items.
• Clipboard: Most people know that the clipboard serves as a temporary holding place, overwritten with each new Copy or Cut. However, if you’re unaware of this, you might write something lengthy, use Cut to place it on the clipboard with the intention of pasting it elsewhere, and then forget to do so right away, resulting in data loss on the next use of Copy or Cut. Always paste anything you cut immediately. Many utilities (such as Copy ‘Em, Keyboard Maestro, LaunchBar, Pastebot, and Raycast) provide clipboard history so you don’t lose clipboard data immediately, but you still shouldn’t rely on it persisting indefinitely.
• Email Drafts mailbox: There’s nothing wrong with starting an email and coming back to it later to finish—that’s the point of the Drafts mailbox. It’s also a sensible way to begin a message on one device and complete it on another. However, avoid storing anything in Drafts for an extended period, and be aware that items there may disappear without warning. (And never, ever store anything in your email Trash mailbox—it will be deleted eventually.)
• Temporary folders: Thanks to its Unix roots, macOS includes several temporary folders, one located at /tmp and others specific to each user. These folders are cleared regularly, such as when the Mac is restarted, left idle for a long time, or when drive space is low. Storing important data in a temporary folder is a digital version of Russian roulette.
• Downloads folder: Although the Downloads folder isn’t inherently volatile, it’s unwise to store anything important there. You might forget about that document while tidying up and accidentally delete it, or you might use a cleanup tool in the future that does it for you.
• USB flash drives: There is nothing wrong with putting files on a USB flash drive. However, avoid storing the only copy of an important file on one, as it is too easy for the drive to be lost or damaged.
• Public computers, virtual machines, and sandboxed environments: This scenario is unlikely but not impossible. Imagine you’re working on a public computer in a lab and save a file on the desktop. When that computer reboots, it will likely delete all data to return to a fresh state for the next user. The same could apply to a virtual machine used for testing or a sandboxed environment that you log in to remotely.

There are also a few locations that generally aren’t problematic but deserve extra attention due to the higher likelihood of losing data:

• Third-party app folders in ~/Library: Some apps store their data in folders they maintain within your user account’s Library folder. While this is acceptable for data managed by those apps, we advise against putting anything else in these folders since it’s impossible to know how the app might deal with data it doesn’t recognize during a cleanup or major update.
• Desktop: It’s fine to work on documents stored on the desktop, but we recommend filing them away carefully when you’re finished. If you frequently move files in and out of your desktop, it’s all too easy to delete something important accidentally. Additionally, if you have iCloud Drive’s Desktop & Documents folder syncing enabled, you might unintentionally delete files from another Mac due to being in a different context.
• Box, Dropbox, Google Drive, iCloud Drive: Cloud storage services are entirely acceptable locations for important data, but they all offer options that store files only online, downloading them only when necessary. These options may prevent online-only files from being accessible when you’re offline or from being backed up locally. Worse, if you share cloud storage with others for collaboration, they could accidentally delete your data. Be sure to enable any available version history options and ensure everything is backed up locally.
• External drives or network storage: Many individuals and organizations store essential files and data on external drives and network storage. This approach is perfectly valid, provided that these locations are backed up. When designing your backup system, remember to include your external drives, network servers, and NAS devices. Lastly, if an external drive is encrypted, ensure that you have a backup of both its data and the decryption key.

If you want to avoid all these issues, save your files in your Documents folder and make sure you have a solid backup strategy.

Don’t Leave Your Important Work to Chance

At MacTech Solutions, we’re jealously protective of our customers’ data — and we can help you build a backup strategy that fits your life.

Whether it’s organizing your files, setting up Time Machine, or choosing the best storage options, you don’t have to do it alone.

Visit MacTech Solutions today in Finishing Touch Plaza, Wichita Falls — and let’s keep your digital life safe, secure, and stress-free.

(Featured image based on an original by iStock.com/shutjane)

The post Never Save Your Work in These Locations first appeared on MacTech Solutions.

The effort and inconvenience that different people are willing to endure also vary. Higher levels of security often necessitate significant effort and inconvenience. We have divided our list of suggestions—roughly organized from easiest to hardest—into two sections: actions we believe everyone should take and security measures mainly for those most concerned and willing to tolerate some fuss.

Before we delve into the details, it is important to remember that privacy and security are not the same thing. Privacy refers to the proper collection, use, and governance of personal data. Security, conversely, is concerned with protecting data from unauthorized access and malicious threats. It entails defending data against external dangers, while privacy ensures that the management and use of that data adhere to agreed-upon standards.

Security Improvements for Everyone

These actions are generally beneficial for most users. They don’t require much technical knowledge and can often be accomplished with easily accessible tools and settings:

• Keep apps and operating systems up to date: Nearly every operating system update from Apple addresses numerous security vulnerabilities, and the same is often true for major apps. Always ensure you’re running current versions to take advantage of all those security improvements.
• Enable FileVault: While all data on the internal SSDs of Macs with Apple silicon and Intel-based Macs with the T2 chip is automatically encrypted to prevent unauthorized access if the SSD is removed, it is automatically decrypted whenever the Mac boots, even before you log in. To link decryption to your user account, which makes your login password necessary to decrypt all data, enable FileVault in System Settings > Privacy & Security > FileVault. There are essentially no drawbacks.
• Improve your passcode: For nearly a decade, it has been easy to set a six-digit passcode on the iPhone and iPad, greatly enhancing security compared to the previous standard four-digit passcode (1 million possible combinations versus only 10,000). If you still use four digits, consider switching to six digits, a custom number of digits, or a custom alphanumeric passcode in Settings > Face ID/Touch ID & Passcode > Change Passcode > Passcode Options. Alphanumeric passcodes offer the highest level of security but are more challenging to type.
• Turn on biometric authentication and Stolen Device Protection: If you aren’t already using Face ID or Touch ID on your iPhone or iPad, that’s a mistake. Both provide significantly stronger security than repeatedly entering your passcode, which could be observed. Turn on biometric authentication and Apple’s Stolen Device Protection in Settings > Face/Touch ID & Passcode.
• Adopt strong password habits: If security matters at all to you, you must use a strong, unique password for each online account and never reuse a password. It’s easy and secure as long as you create and store passwords with a password manager like Apple’s Passwords or 1Password.
• Enable MFA whenever it’s available: Multi-factor authentication greatly enhances security, safeguarding you even if your password is compromised in a breach. It typically requires entering a six-digit code that you retrieve from an app or receive via text message. Apple’s Passwords and 1Password can both automatically enter MFA codes for many websites.
• Use an ad blocker: Much of today’s surveillance society relies on ads to track you. Anything you can do to block ads will enhance your privacy, so use ad blockers whenever possible. Highly regarded options include 1Blocker, AdGuard, NextDNS, and uBlock Origin.
• Enable privacy and security features in Web browsers: Safari can prevent cross-site tracking and hide your IP address, along with other privacy and security features. In Safari > Settings, review all the options in the Privacy and Security screens and enable those that are appropriate. (Keep cookies and JavaScript enabled; many sites won’t function properly without them.) If you don’t use Safari, choose Brave or Firefox instead of Google Chrome.
• Utilize secure DNS services: To enhance browsing privacy and protect against DNS leaks, configure your devices to use a privacy-focused DNS service like Cloudflare’s 1.1.1.1 or Quad9’s 9.9.9.9.
• Minimize app exposure: Be vigilant about iPhone or iPad apps that might be sharing information about you with data brokers without your knowledge. Specifically:
  • Turn off Settings > Privacy & Security > Tracking > Allow Apps to Request to Track.
  • Rescind location tracking permissions for all apps except those that require it, such as navigation or weather apps, in Settings > Privacy & Security > Location Services.
  • Delete apps you’re not using to prevent them from spying on you.

Security Improvements for the Particularly Concerned

Implementing these actions may require extra steps, specialized knowledge, or significant changes in habits. They’re primarily for those with heightened concerns or those at greater risk, such as journalists, activists, and individuals handling sensitive data:

• Use independent search engines: Google and Microsoft are known for collecting information about their users. To keep your searches private, use a search engine that prioritizes privacy, such as DuckDuckGo, Brave Search, Kagi, or Startpage.
• Protect network traffic: While we used to recommend ensuring you were using secure HTTP (HTTPS) connections, that’s now the bare minimum. For greater privacy while browsing the Web with Safari, turn on iCloud Private Relay in Settings/System Settings > Your Name > iCloud > Private Relay. (This requires an iCloud+ subscription and won’t encrypt traffic from most non-Apple apps.) More broadly, you can safeguard all your traffic by using a trusted VPN service like Mullvad VPN, NordVPN, or ProtonVPN.
• Activate Advanced Data Protection: End-to-end encryption (E2EE) keeps your online data private from everyone, including cloud providers. However, it requires you to manage your encryption keys, which means no one can help recover your data if you lose those keys. You can enable E2EE with Apple services using Advanced Data Protection; turn it on in Settings/System Settings > Your Name > iCloud > Advanced Data Protection.
• Use encrypted messaging: The iMessage system used by Apple’s Messages app for blue bubble conversations is highly secure, particularly with Advanced Data Protection enabled. However, for the most secure messaging with E2EE, look to Signal. While WhatsApp also offers E2EE, its backups might not be encrypted, and its parent company, Meta, is one of the most egregious privacy abusers on the planet.
• Regularly review and revoke permissions: Periodically check and manage app permissions on your device to ensure that no apps have unnecessary access to sensitive information, such as your contacts or location. Work through the options in Settings/System Settings > Privacy & Security and revoke permissions for anything that seems inappropriate. Apps that require additional permissions will always prompt you again.
• Encrypt cloud-stored data: To ensure that cloud storage services like Box, Dropbox, Google Drive, and OneDrive cannot read your data, use the free and open source Cryptomator to encrypt it first.
• Use encrypted email: While it’s impossible to ensure that email will remain private because you can’t control your recipients’ actions, the most privacy-focused email services are ProtonMail and Tuta Mail. They employ E2EE for emails sent to other users of the same service and allow the encryption of email messages sent to any external recipient.
• Reduce reliance on cloud services: If you have general concerns about cloud services, consider exploring peer-to-peer alternatives that remove the need for a central provider. You can find peer-to-peer solutions for file storage, file sharing, chat and messaging, videoconferencing, collaborative documents, cloud-based notes, and more.
• Avoid social media: Posting on social media, especially on platforms owned by large corporations, allows those companies to create a comprehensive profile of you that is shared with advertisers and is vulnerable to data breaches. Further, any information you disclose about yourself could be exploited by hackers in social engineering attacks targeting your accounts. Consider replacing social media with independent forums devoted to your interests and private messaging spaces for friends and family.

Ultimately, enhancing privacy and security is your responsibility. Apple and other companies may offer tools to assist, but it’s up to you to implement them and stay vigilant against new threats. We’re also happy to provide advice and assistance.

Protect Your Digital Life with Confidence

Staying safe online doesn’t have to be complicated — and you don’t have to figure it out alone.

At MacTech Solutions, we’re passionate about helping you protect your digital life.

Whether you need help securing your Mac, your iPhone, or your online accounts, we’re here for you.

Stop by MacTech Solutions in Finishing Touch Plaza in Wichita Falls — and let’s make sure your digital world stays safe, private, and protected.

For more information on all the great Apple products, features, and services, give us a call!  940-767-MACS (6227).  Or stop by MacTech Solutions, 4020 Rhea Rd, Suite 3B, Wichita Falls.  We’re open Monday thru Friday, 10am to 6pm

(Featured image by iStock.com/andreusK)

The post Protect Your Digital Life: Quick Privacy and Security Tips You Can Use Now first appeared on MacTech Solutions.

While email service providers excel at their primary functions of sending, receiving, and storing emails, they prioritize availability and uptime over backup and recovery. Depending solely on their built-in protection systems can leave organizations vulnerable to data loss. Although it’s exceedingly rare for email service providers to lose data due to system failures—all modern email systems are distributed and replicated in virtualized storage—they cannot safeguard against every risk. Here are some scenarios we’ve encountered where a separate email backup solution was useful:

• Recover from human error: This is the big one. People often accidentally delete important messages or clean out old messages too aggressively, inadvertently including critical conversations in a mass deletion. Backups ensure that these messages can be retrieved.
• Ease employee turnover: When employees leave, it’s essential to deactivate their email accounts for security reasons. However, information in their accounts may be vital for ongoing projects or legal purposes. Backups preserve this data for future access.
• Mitigate cyber threats: Phishing attacks are commonplace today. If an employee falls victim to one, their email account could be compromised and data lost. Worse still, the attacker could install malware—even ransomware, though that’s not a significant real-world concern for Apple-only installations—that could result in email data loss. While training employees to recognize and avoid phishing attacks is crucial, backups provide an essential safety net for anyone who makes a mistake.
• Facilitate data migration and archiving: Organizations often need to migrate email data from one system or user to another. While it’s rarely necessary or desirable to migrate everything—all the mail from the past year may be sufficient—it can be helpful to maintain archival access to historical communications.

In fact, both Google and Microsoft explicitly state that they store data for only a limited time and recommend employing a backup service. (The specifics may differ, but generally, you can retrieve a deleted email within 30 days, after which it may be recoverable for an additional 14 or 30 days.) Numerous companies provide email backup services, many of which are quite similar. The list below highlights some of the most common services, but we encourage you to reach out for recommendations based on your email service provider and organization size.

• CloudAlly offers unlimited data retention and extends its backup capabilities beyond email to encompass platforms such as Box, Dropbox, and Salesforce.
• CubeBackup focuses exclusively on Google Workspace and Microsoft 365. It provides a cost-effective solution by allowing users to utilize their own local or remote storage.
• Backupify and Datto SaaS Protection are from the same company and offer the same backup capabilities, but they serve different market segments. Datto further enhances its branded services with a range of business continuity and data protection tools.
• Dropsuite provides unlimited storage and also supports QuickBooks Online backup. It features a flexible backup cadence, with email backups up to 12 times per day.
• MSP360 Managed Backup is a feature-rich solution that, while more complex and potentially more expensive than those from competitors, offers extensive customization and supports a wide range of storage providers.
• Spanning goes beyond Google Workspace and Microsoft 365 with Salesforce backups. It offers highly granular restores, enabling the recovery of individual emails. Its FLEXspend feature simplifies backup expenditures when transitioning between platforms.
• SpinBackup offers disaster recovery services at an affordable price point, and its developer, Spin.ai, provides a wide range of security solutions beyond backup, including data leak and ransomware protection.
• Synology Active Backup includes free add-ons for Google Workspace and Microsoft 365 that back up cloud data to a Synology NAS. It’s an excellent solution for avoiding ongoing expenses.

As important as an email backup solution is for protecting against data loss, we urge you to proceed carefully when selecting one. If you end up with data that exists solely in a particular solution, legal retention requirements or the inability to export data in a non-proprietary format may lock you into paying for it indefinitely. Ideally, keep all data live so you can transition to a different solution to meet changing needs. Again, please contact us for help picking the most appropriate solution for your needs.

Protect Your Email — and Meet Compliance Requirements

Whether you’re managing a business, a professional office, or your personal communications, dedicated email backup and archiving are critical for protecting important information — and in some cases, meeting legal or regulatory compliance.

At MacTech Solutions, we can help you choose the right backup solution, set up compliant email archiving, or both — depending on your needs.

Stop by our store in Finishing Touch Plaza here in Wichita Falls, give us a call, or visit our website to schedule an appointment — although appointments are never required.

We’re your trusted local experts — ready to help you safeguard your email and your peace of mind.

(Featured image by iStock.com/Rasi Bhadramani)

The post Businesses, Don’t Overlook Email Backup first appeared on MacTech Solutions.

For more information, give us a call!  940-767-MACS (6227) MacTech Solutions, 4020 Rhea Rd, Suite 3B, Wichita Falls.  We’re open Monday thru Friday, 10am to 6pm

(Featured image based on an original by iStock.com/Igor Kutyaev)

The post Protect Domains That Don’t Send Email from Email Spoofing first appeared on MacTech Solutions.

As always, MacTech Solutions is here to help! Give us a call at 940-767-MACS (6227) or stop by 4020 Rhea Rd, Suite 3B, Wichita Falls.  We’re open Monday thru Friday, 10am to 6pm

(Featured image by iStock.com/Igor Kutyaev)

The post Find Some Ham Amidst Your Email Spam first appeared on MacTech Solutions.

You can protect your organization’s email accounts from being compromised and used in phishing attacks by training your users to identify forged emails and use password managers, which won’t autofill a password on a malicious site. But how do you prevent bad guys from forging email that looks like it comes from inside your organization? You can’t, but you can reduce the chances that other email servers will accept it. In the process, you’ll enhance the deliverability of legitimate email from your domain.

The rest of this article is aimed at two types of readers. The first is the IT professional who needs an overview of email authentication technologies and pointers to helpful tools. For other readers, this article will give you an idea of what’s involved so you can talk more knowledgeably with your IT staff or better appreciate what they manage for you.

Whether your email is hosted at Microsoft 365 or Google Workspace, or managed by your Internet service provider or IT department, if your organization has its own domain for email addresses—yourname@yourcompany.com—you need to know about and set up three authentication technologies: SPF, DKIM, and DMARC:

• SPF, which stands for Sender Policy Framework, lets you specify which servers and domains are allowed to send email for your organization. It allows receiving mail servers to verify that incoming messages from your organization are actually from you.
• DKIM, or DomainKeys Internet Mail, adds a digital signature to every message sent from your organization. Receiving mail servers can use your public key to verify that messages actually came from you and were not changed in transit.
• DMARC, which expands to Domain-based Message Authentication, Reporting, and Conformance, leverages SPF and DKIM to publish policies that tell receiving mail servers what to do with messages that fail authentication: deliver, quarantine, or reject them. A message fails DMARC authentication only if it fails both SPF and DKIM—only one is necessary for the message to pass DMARC’s checks.

These three authentication technologies exist inside DNS (Domain Name System) records. The primary use of DNS is to link your human-usable domain name with the underlying IP addresses of the servers that manage your Internet presence; for example, matching www.yourcompany.com with an IP address like 192.168.1.23. However, DNS can also contain TXT records with additional information about your domain—you configure SPF, DKIM, and DMARC using TXT records.

These TXT records must be carefully constructed to work correctly—an incorrect configuration could cause email failures. You could build them manually, but it’s safer to use a tool that asks you questions and spits out a correctly formatted TXT record for you to add to your DNS configuration. If all that sounds intimidating, work with your ISP or email service provider, or ask us for help. But here are the basics.

Tools abound for creating SPF, DKIM, and DMARC records, but we recommend those from DMARCLY and EasyDMARC. We’ll use DMARCLY for the examples here, and it provides a comprehensive explanation that’s worth reading if you want more depth.

SPF

SPF is the oldest of these technologies. To get started, all you need to do in DMARCLY’s SPF Generator tool is specify the names or IP addresses of servers that are allowed to send email from your domain. The mx (mail exchanger) and a radio buttons automatically add the servers listed in your DNS records, and anything you put in the Includes field will allow email sent from anything allowed by a third party that sends email on your behalf. It’s common to put Google, Amazon SES, SendGrid, or other systems there. The IPv4, IPv6, and Hostnames fields let you specify other allowed servers, but aren’t necessary.

The Policy menu is important—you can choose from Fail, SoftFail, and Neutral. Start with Neutral, which should allow messages to be accepted (it prefixes all in the TXT record with a ?). Then bump up to SoftFail (a tilde ~ prefix) to have messages accepted but marked. When you’re confident everything is working correctly, move to Fail, which uses a - prefix.

DKIM

Because it relies on public key cryptography, DKIM is significantly more complicated. Although DMARCLY’s DKIM Generator tool will generate the necessary public and private keys, that’s not helpful unless you have full control over your email server and know how to install the private key to sign all your outgoing email. It’s much more likely that you’ll use a tool managed by the company that hosts your email to create your keys. That tool will automatically install the private key and give you the necessary details to add to a TXT record in your DNS settings.

DMARC

Where SPF and DKIM are all about authenticating email messages, DMARC lets you say what happens when authentication fails. DMARCLY’s DMARC Generator tool makes it easy to generate your DMARC record. For Policy and Subdomain Policy, you can choose None, Quarantine, or Reject—those specify what will happen to messages that fail both SPF and DKIM authentication. Start with None to see what happens in your reporting, move to Quarantine, and if everything seems OK, end up at Reject.

To set up reporting, enter an email address in the Aggregate Email field, but don’t put a personal address there. DMARC reports are daily XML digests that aren’t human-readable, so they should be sent to a service that will parse them and provide you with a dashboard for exploring the problems. DMARCLY and EasyDMARC both offer dashboards, as does the Cloudflare service if you use it for DNS or other tasks. To start, you can leave DMARC’s Strict Alignment and Forensic Options blank.

Configuring DNS

Once you’ve generated your SPF, DKIM, and DMARC records, you have to configure them in your DNS settings. How you do that depends on your DNS host; we’ll show what it looks like Cloudflare. Other DNS hosts should be similar.

For each case, you’re creating a TXT record, but what goes in the Name and Content fields varies:

• SPF: The name for an SPF record should be the @ character, signifying the root level of your domain. Paste the text that the SPF Generator tool created in the Content field. You can have only one SPF record for each domain, although you can set up separate SPF records for subdomains.
  
• DKIM: You can have as many DKIM records as services that send email on your behalf, so the first part of the name can vary—we show example below. However, the ._domainkey part is required for each DKIM record. For the content, paste the text given to you by the email-sending service. Note that some email services may require you to create one or more CNAME records instead of a TXT record—just follow their instructions.
  
• DMARC: For DMARC, the name must be _dmarc. Once again, you’ll paste the text given to you by the DMARC Generator tool in the Content field.
  

Reporting and Evaluation

After you set up SPF, DKIM, and DMARC, it’s essential to keep an eye on your email. If you’ve started with SPF in Neutral mode and DMARC in None, nothing should go wrong. You can look through the headers of test messages you send to verify. This DMARCLY article explains what to look for. If you’ve signed up for an aggregate reporting service, you’ll be able to see reports like this one from Cloudflare that show the percentage of email that passes each of the authentication technologies.

If everything looks good and most email passes, change SPF to SoftFail and DMARC to Quarantine. Make sure you can send email to some known personal addresses on Gmail, Yahoo, or iCloud. Also, tell people who send email from your domain to be on the alert if they don’t hear back from someone who typically replies quickly—if a misconfiguration is causing your email to be marked as spam, you want to know about that quickly. If you’re using a DMARC reporting service, look at those reports to see if any email services are sending a lot of messages that fail DMARC.

After you’ve run with those settings for a month or two, bump SPF up to Fail and DMARC to Reject. Continue to monitor your DMARC reporting and pay attention to any complaints from users about the messages they send not arriving.

That’s a lot, we know. Feel free to contact us if you need help with any step of the process. Mac Tech Solutions is located at 4020 Rhea Rd, Suite 3B in Finishing Touch Plaza in Wichita Falls. Contact us by clicking here!

(Featured image based on an original by iStock.com/Ole_CNX)

The post SPF, DKIM, and DMARC: What They Are and Why You Need Them first appeared on MacTech Solutions.

Back Up All Your Devices

The most important thing you can do to stave off the slings and arrows of digital doom is to make regular backups. Bad things happen to good people, such as a Mac’s SSD failing, an iPhone accidentally falling off a boat, an Apple Watch breaking in a fall, or loss due to theft, fire, or flood. With a good backup strategy, you can recover from nearly any problem.

For the Mac, it’s easiest to back up with Time Machine to an external drive, but remember that an offsite or Internet backup is also essential. With iPhones and iPads, it’s easiest to back up to iCloud, which happens every night automatically if you turn it on in Settings > Your Name > iCloud > iCloud Backup, but you can also back up to your Mac if you don’t have sufficient iCloud storage space. Apple Watches automatically back up to their paired iPhones, so if you protect your iPhone, you can always restore your Apple Watch.

Keep Your Devices Updated

Another key thing you can do to protect your security is to install new operating system updates and security updates soon after Apple releases them. Although the details seldom make the news because they’re both highly specific and highly technical, you can get a sense of how important security updates are by the fact that a typical update addresses 10–30 vulnerabilities that Apple or outside researchers have identified. Some are even zero-day vulnerabilities that are already being exploited in the wild.

It’s usually a good idea to wait a week or so after an update appears before installing, on the off-chance that it has undesirable side effects. Although such problems are uncommon, when they do happen, Apple pulls the update quickly, fixes it, and releases it again, usually within a few days.

Use a Password Manager

We’ll keep banging the password manager drum until passkeys, the replacement for passwords, have become ubiquitous, which will take years. Until then, if you’re still typing passwords in by hand or copying and pasting from a list you keep in a file, please start using a password manager like 1Password or BitWarden. Even Apple’s built-in password manager and iCloud Keychain are fine, if not as fully featured as the others. A password manager offers five huge benefits:

• It generates strong passwords for you. Mypassword1 can be hacked in seconds.
• It stores your passwords securely. An Excel file on your desktop is a recipe for disaster.
• It enters passwords for you. Wouldn’t that be easier than typing them in manually?
• It audits existing accounts. How many of your accounts use the same weak password?
• It lets you access passwords on all your devices. Finally, easy logins on your iPhone!

A bonus benefit for families is password sharing. It allows couples to share essential passwords or parents and teens to share specific passwords.

Using a password manager is faster, easier, more secure, and better. If you need help getting started, get in touch.

Beware of Phishing Email

Individuals and businesses frequently suffer from security lapses caused by phishing, forged emails that fool someone into revealing login credentials, credit card numbers, or other sensitive information. Although spam filters catch many phishing attempts, you must always be on guard. Here’s what to watch for:

• Any email that tries to get you to reveal information, follow a link, or sign a document
• Messages from people you don’t know, asking you to take an unusual action
• Direct email from a large company for whom you’re an anonymous customer
• Forged email from a trusted source asking for sensitive information
• All messages that contain numerous spelling and grammar mistakes

When in doubt, don’t follow the link or reply to the email. Instead, contact the sender another way to see if the message is legit.

Never Respond to Unsolicited Calls or Texts

Although phishing happens mostly via email, scammers also use texts and phone calls. Thanks to weaknesses in the telephone system, such texts and calls can appear to come from well-known companies, including Apple and Amazon. Even worse, with so much online ordering, fake text messages pretending to help you track packages are becoming more common.

For texts, avoid following links unless you recognize the sender and it makes sense that you’d be receiving such a link. (For instance, Apple can text delivery details related to your orders.) Regardless, never enter login information at a site you’ve reached by following a link because there’s no way to know if it’s real. Instead, if you want to learn more, manually navigate to the company’s site by entering its URL, then log in.

For phone calls from companies, unless you’re expecting a call back from a support ticket you opened, don’t answer. Let the call go to voicemail, and if you feel it’s important to respond, look up the company’s phone number elsewhere and talk with someone at that number rather than the one provided by the voicemail.

Avoid Sketchy Websites

We won’t belabor this last one, but suffice it to say that you’re much more likely to pick up malware from sites on the fringes of the Web or that cater to the vices of society. The more you can avoid sites that revolve around pirated software, cryptocurrency, “adult” content, gambling, or sales of illicit substances, the safer you’ll be. That’s not to say that reputable sites haven’t been hacked and used to distribute malware, but it’s far less common.

If you are concerned after spending time in the darker corners of the Web, download a free copy of Malwarebytes or VirusBarrier Scanner and scan for malware manually.

Let’s raise a glass to staying safe online in 2024!

(Featured image by iStock.com/Bet_Noire)

The post Improve Your Digital Security in 2024 with These New Year’s Resolutions first appeared on MacTech Solutions.

• Email: It’s easy to attach a file to an email message, but most email providers limit the attachment size, such as 20 MB (iCloud) or 25 MB (Gmail). Thus, email is best for sharing small files with other people—there are better ways of moving files among your own Macs. Attachments also take up significant space in your email account, and running out of space will cause new messages to bounce.
• Messages: For relatively small files, dropping a file in an iMessage (blue bubble) conversation in Messages works well as long as the file is smaller than 100 MB. Remember that files sent in Messages consume iCloud and local storage space unless deleted, so this approach is also best reserved for occasional use.
• AirDrop: To copy a file to another Mac in the same room, AirDrop is the most convenient solution. Make sure it’s turned on in Control Center on both Macs and the discovery options are correctly set. Bluetooth and Wi-Fi must be on, but the Macs don’t need to be connected to any network or to iCloud. To transfer a file, select AirDrop in a Finder window sidebar (enable it in Finder > Settings > Sidebar if necessary) and drop the file on the icon for the other Mac. Or Control-click the file, choose Share, click AirDrop, and select the desired Mac. AirDrop has no file size limits, but it’s not the fastest approach and might have issues with multi-gigabyte files or older Macs. Received files appear in the Downloads folder.
  
• File Sharing: Regularly copying files between Macs on the same network is best done with network file sharing. It’s fussy to set up, requiring one Mac to be set as the file server in Settings > General > Sharing > File Sharing. Then click the info icon to add shared folders, designate users, and set access privileges. (In macOS 14 Sonoma, the temporary “Allow full disk access for all users” option for the server Mac may simplify things.) To connect to the server Mac, in the Finder, choose Go > Network, and click the Connect As button to log in if necessary. On the plus side, once you’ve configured everything and made aliases or sidebar items for quick access, file sharing is easy and fast.
  
• Network server or NAS device: If you need to copy files between several Macs on a network, it may be better to use a dedicated server or NAS (network-attached storage) device as an intermediary. (Or, instead of copying files locally, you can access the files directly on the server or NAS. This requires a fast network.)
• Target Disk Mode: The fastest option for moving huge files around occasionally is Target Disk Mode over a Thunderbolt connection between two Macs. The setup differs between Intel-based Macs and Macs with Apple silicon, but once one Mac is in Target Disk Mode, it appears in the Finder of the connected Mac as an external drive, and you can drag files to and from it. It’s most appropriate for transferring many gigabytes of files.
• External storage: Never underestimate the speed and ease of copying files to external storage, whether an SSD, hard drive, or USB flash drive, and then copying them off to another Mac.
• Cloud storage service: Box, Dropbox, Google Drive, and iCloud Drive can all work well for moving files between Macs, although they’re best used with files under a few hundred megabytes. For sharing among your Macs, they’re particularly convenient, and it’s usually easy to copy a link to a file to share it with someone else, though that sometimes requires setting sharing permissions first. iCloud Drive sometimes has problems updating quickly.
• File sending service: The best way to send a large file via email, Messages, or another messaging service is to send a link. That’s easy if the file is already in a cloud storage service, and some email apps and services automatically create links for attachments over a certain size. Otherwise, try a file sending service such as Files to Friends or WeTransfer, which email links to files up to 1–2 GB in size for free. Many other services exist but allow only smaller files for free.

With so many options, you should have no trouble finding one that meets your needs in any particular situation.

(Featured image by iStock.com/LightFieldStudios)

The post 9 Ways of Moving Data from One Mac to Another first appeared on MacTech Solutions.

(Featured image by iStock.com/Marut Khobtakhob)

The post If Mail Fails to Send, Try, Try Again (Instead of Changing Servers) first appeared on MacTech Solutions.

(Featured image by iStock.com/Nicholas77)

The post Pay Attention to Unsolicited Facebook Password Reset Messages first appeared on MacTech Solutions.

A State of Phishing report from security firm SlashNext claims that there were more than 255 million phishing attacks in 2022, a 61% increase from the year before. Luckily, according to the Verizon Data Breach Investigations Report for 2022, only 2.9% of employees click through from phishing emails, but with hundreds of millions of email addresses targeted, the raw numbers are still high. We’ve been noticing—and hearing from clients—that phishing emails are also slipping through spam filters more than in the past.

To help you avoid falling prey to phishing tricks, check out our example screenshots below from real phishing emails, complete with annotations calling out the parts of a message that give it away. All phishing emails are trying to lure you into clicking a link or button to a website that will encourage you to enter your password or other confidential information. Once you realize that a message is a phishing attack, you won’t get suckered into clicking a link or revealing your personal information.

Fake Password Expiration Scam

Our first example is a password expiration scam—it’s trying to get you to click a button to keep your password from expiring. What’s ironic about this scam is that passwords should never expire—forcing users to change them regularly is terrible security practice. If a password is strong and unique, there is no reason to change it unless the site suffers a breach. Let’s look at what identifies this message as a phishing attack.

1. Note that the Reply-To address is generic and doesn’t match either the email domain used throughout the message or even a major email service provider, which would never send such a message.
2. Using your email address instead of your name is something scammers do to make the message seem personalized. If this email really came from your IT support staff, they’d be more likely to use your name or leave the email address out. And they’d never send such a message either.
3. The body of the message uses likely words, but they don’t quite sound like a native English speaker wrote them. The phrasing is slightly off, and quoting words like “send and receive” while not quoting the button name feels strange.
4. Be careful of things that look like buttons—we’re trained to click them without thinking. In many email apps, you can hover the pointer over a button or link to see where it will go. If you look at the URL at the bottom of the window, you can see that it’s completely different from any other domain listed—a clear sign that this is a phishing message.
5. “See full terms and conditions” is a strange thing to say in a password-expiration message. What terms and conditions could possibly apply? This is an example of someone who’s not a native English speaker throwing in random phrases they’ve seen elsewhere.
6. The copyright line is a similar tell. No organization would go to the effort of claiming copyright on a simple support message, and even if it did, it would use its name, not “Email server.”

Spurious Account Access Scam

Our second example pretends to be alerting you to a sign-in to your email account, with the goal of trying to scare you into resetting your password. Frankly, this phishing email stands a good chance of fooling people. You have no way of knowing if your account has been compromised, and if it were compromised, resetting your password is the right thing to do. However, never click through from an email to change a password! You can’t tell if you’re on the right site. Instead, navigate to the site manually, log in, and then change the password. Persuasive though this message is, it does make some mistakes.

1. The capitalization of “Mail” in the Subject and this line should give you pause. Most people wouldn’t capitalize the word, or they’d refer to something more specific, like your “Gmail” or “Outlook” account.
2. Another slight strike against this message is the specificity in the timestamp. There’s no reason to include the seconds or the time zone, and most normal people wouldn’t.
3. There are three mistakes in this line that could tip off a savvy Internet user. It claims to provide the IP address from which the sign-in occurred, but real IP addresses are four sets of numbers from 0 to 255. This one has five sets of numbers, the first of which is way too high at 719. The missing space before the parenthetical makes it look wrong, and finally, the parenthetical claim that the IP address is located in Moscow is overdoing it by invoking scary Russian hackers.
4. Note that the “reset your password” link doesn’t have an underline, unlike the other two links. Again, that could happen in a legitimate message, but it’s another slight tell. Hovering over the link reveals the fleek.ipfs.io URL at the bottom—clearly nothing associated with your email account and a dead giveaway.
5. A line saying “Please do not reply to this message” is commonplace in transactional messages, so it makes the message seem more real, but a real warning from an IT department would want to make sure you could contact the support staff.

Fraudulent DocuSign Confirmation

Our final example pretends to be confirmation of a document that you’ve already signed in DocuSign. That’s more clever than trying to get you to sign a document (which we’ve seen in other phishing messages) because most people won’t sign something without looking at it carefully. But you might want to see what document this message is talking about and be suckered into clicking through. What’s trickiest about this message is that it has merely changed some of the text in a real DocuSign message, so someone familiar with DocuSign might think it was real. But there are always giveaways.

1. The Subject line of this message is a tell because its grammar is atrocious.
2. The Reply-To address should also ring warning bells because it’s so generic that it couldn’t possibly go with an organization with which you were signing documents.
3. The yellow line claiming that the email has been scanned for viruses will likely seem unusual to you—even if an email app presented such a message, it likely wouldn’t do so in the body of the message.
4. There’s nothing wrong with the View Completed Documents button, which looks exactly as it would in a real DocuSign message. However, hovering over it reveals the URL at the bottom, which has nothing to do with docusign.net.
5. Someone familiar with DocuSign messages might notice that there’s no email address under “Administrator,” as there should be. But that’s a long shot, we know.
6. As with an earlier example, personalizing with an email address is a definite tell. A real person would have entered your name there, if anything.
7. Once again, the phrasing isn’t what a native English speaker would say, but even more problematic is how it asks you to sign the enclosed file, whereas the text and button in the blue box say that the document is completed. The mismatch is a complete giveaway.

We didn’t have room to show the rest of this message, which adds to the verisimilitude by continuing to copy text from a real DocuSign message. The two remaining tells further down are links that are empty when you hover over them and an unknown name in the fine print at the bottom, which reads (bold added for emphasis):

This message was sent to you by sefanya maitimoe who is using the DocuSign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.

Overall Advice

Let’s distill what we’ve seen in the examples above into advice you can apply to any message:

• Pay close attention to emails that are very simple, like our second example above, because there’s less they might get wrong.
• With legitimate-looking messages copied from large firms like DocuSign or PayPal, pay special attention to unfamiliar names and email addresses.
• Don’t click anything in an email unless you’ve given it a close-enough look that you’re sure it’s legitimate. It’s too easy to skim and click without thinking, which the scammers count on.
• Read the text of messages with an eye for capitalization, spelling, and grammatical mistakes. Scammers could write correct English, but if they don’t speak the language natively, they’re likely to make mistakes.
• Evaluate any claim about something happening within your organization against what you know to be true. It’s always better to ask someone if passwords need to be reset or accounts are being deactivated instead of assuming a random email message is true.
• Fight the urge to click big, legitimate-looking buttons. They’re easy to make and hard to resist, but if you can preview the URL under one before clicking, it will often reveal the scam.
• None of our examples fell into this category, but if an email message is just an image that’s being displayed in the body, it’s certainly fake.

Stay safe out there!

(Featured image by iStock.com/Philip Steury)

The post A Practical Guide to Identifying Phishing Emails first appeared on MacTech Solutions.

As with file organization, how you manage and organize your email is all about making it easier to find a specific message or conversation later. The big difference between files and email is that you usually care about how other people will be able to find and work with your files. With email, however, you’re the only person who has to sort through your messages. Imagine you run an ad agency that has the Belvedere Hotel as a client—your organizational structure for files needs to work for all your colleagues, but no one but you needs to find your email message about what should change in the next print ad campaign.

When managing email so you can find what you want later, most people gravitate to filing messages in mailboxes (sometimes called folders) or searching, though we find that a combination is usually best.

Find Email in Mailboxes

Many people have traditionally used a hierarchical filing structure to organize their email, creating a mailbox for each project. (There’s generally little benefit in creating mailboxes for people or date ranges because it’s easy to search for messages from specific people or between certain dates.)

So, much as with files, you might have a top-level mailbox for Clients and a sub-mailbox for each client, including the Belvedere Hotel. You could make additional sub-mailboxes for different Belvedere Hotel projects, but unless you expect to receive a lot of email for each of those projects, increasing the depth of the hierarchy is often unnecessary and extra work.

It’s unnecessary because date sorting options usually make it easy to home in on the message you want even when the mailbox contains hundreds of messages. Plus, the more granular your filing approach, the more manual filing you’ll have to do to ensure that every message ends up in the right place. Worse, many messages will likely cross projects, as could happen in a discussion of a print ad when your contact mentions that they want to reuse the text and graphics in the next email blast too. Should it go in a Print Ads mailbox or an Email Blasts mailbox? Don’t waste time deciding—just leave it in a general Belvedere Hotel mailbox.

How do messages end up in these mailboxes? You can always file messages manually, and you’ll spend some time doing that, no matter what. However, whenever possible, you want to create rules (also known as filters) that file messages automatically. Rules look through every incoming message and take actions—including moving to a mailbox—on messages that match the criteria you specify. For sanity’s sake, you want to make your rules as general as possible.

For instance, you could make a rule that moved messages from your contact at the Belvedere Hotel to your associated mailbox. That would work initially, but it would fail if you regularly work with multiple people there or if someone else fills in while your contact is on vacation. So instead of creating a rule that looks for a specific email address or even a set of email addresses, set your rule to look for all messages from the belvederehotel.com domain.

Let’s assume a colleague asks you for details on the latest Belvedere Hotel print ad. How do you find that information? Here’s how we’d go about it:

• Open the Belvedere Hotel mailbox, sort by date if necessary, and scroll through the list of recent messages. Most of the time, the message you need to find has arrived recently, and you’ll remember the sender and subject well enough to pick it out.
• If you can’t identify the message quickly by scanning, search for it based on the sender or recipient, date, and keywords. Look first within the mailbox where you think the message is located, but if that fails, broaden the search to all your mailboxes.

The reason to start with a scan of the mailbox is that it’s usually the most efficient. However, if you know a message is old or can’t remember the sender, you may be better off starting with a search.

If you can’t easily build rules to move most of your email into the appropriate mailboxes, that’s a hint that a search-first approach might work better for you. You shouldn’t be spending a lot of your time filing email—that’s what computers are for!

Search for Email

When Google launched Gmail in 2004, the company introduced a new way of managing email that leveraged the company’s strength in search. The subsequent popularity of Gmail—which now has over 1.8 billion active users worldwide—means that a great number of people now default to searching when they want to find particular email messages, regardless of which email service they use.

A search-first approach can be fast and effective and doesn’t require that you file messages into mailboxes. For instance, if you always get email about Belvedere Hotel ad campaign details from the same person, it may be faster to search for email from that person first, rather than looking through a mailbox.

Searching rather than browsing for email works best for people whose work doesn’t break down neatly into categories or regularly cuts across multiple projects. But it’s not for everyone. For a search-first approach to be effective:

• You must have the sort of brain that remembers details to use as search terms. If you’re more in the “I know it when I see it” camp, you may find searching less effective.
• Your email must contain sufficiently unusual keywords that searching for a person and a keyword or two is likely to find the message you want.
• You have to keep most messages. That may seem obvious, but if you delete a lot of incoming messages, you’ll likely remember messages you won’t be able to find.
• Your email app must search quickly and accurately. Gmail is the gold standard, but other email apps have decent search capabilities.

Although we’re all familiar with searching in Google—and if you like searching the Web, you’ll probably like searching your email—a few tricks will make your email searches more likely to succeed:

• Start with a focused search term—usually a person or unique keyword—that’s the most likely to give you the smallest number of results to scan for the message you want.
• When searching for a person’s name, if your email app offers to autocomplete to that person’s email address, let it. This is because searching for “smith” is much less likely to work well than “johnqsmith1999@example.com.”
  
• You can specify whether the person for whom you’re searching was the sender or the recipient, which helps reduce the number of results for people who appear regularly in your email.
• If you’re looking for an attached file, you can usually specify that your search should return only messages that contain attachments, perhaps even just specific file types.
• When you can’t remember much about the contents of the desired message, try to remember surrounding details, such as when the message might have been sent or who else might have received it, and add those terms to your search.

Precisely how you formulate these searches will vary by email app, but check these pages for details on using Mail, Outlook, and Gmail.

Choose the Best of Both Worlds

In reality, neither solely browsing through mailboxes nor relying entirely on search is likely to be satisfying. Those who file everything will find themselves needing to search within mailboxes at times, and those who prefer searching may find that using rules to store easily identified messages in associated mailboxes (mailing lists, for instance, or all email from your organization’s domain) makes searching easier.

(Featured image by iStock.com/anyaberkut)

The post Two Ways to Manage Your Email So You Can Find It Later first appeared on MacTech Solutions.

These features are extremely similar across all of Apple’s platforms, but they may differ in small ways. Don’t worry if you haven’t updated all your devices yet—you can still take advantage of these features on your iPhone or iPad even if you’re cautiously (and appropriately, for now) sticking to macOS 12 Monterey on your Mac.

Undo Send

If you’re like us, it’s all too common to send an email and then immediately remember you wanted to add something or Cc someone. Mail now gives you a grace period during which you can unsend a message—10 seconds by default, but configurable to 20 or 30 seconds on the iPhone or iPad in Settings > Mail > Undo Send Delay, or on the Mac in Mail > Settings > Composing.

To unsend a message, tap Undo Send at the bottom of the screen (look in the sidebar on the Mac and iPad). On the Mac, it’s easier to press Command-Z immediately to undo the action. Either way, the message opens for editing again so you can make the desired changes and resend.

Send Later

It’s not always appropriate to send email messages as soon as you finish writing them. Some organizations have policies against sending email significantly outside of business hours to discourage unhealthy work schedules, and you may want to compose a message—a last-minute reminder for event participants, say—well in advance and then schedule it to arrive at an appropriate time. Mail now makes that possible.

To schedule a message for sending later, touch and hold the Send button on the iPhone or iPad, or click the menu next to the Send button on the Mac. It suggests an appropriate time later in the day or the next day, or you can use Send Later to set a specific date and time. Note that the device on which you’re scheduling the message must be online for the message to be sent, but the scheduled send works fine if the device is asleep.

Scheduled messages live in a Send Later mailbox until they’re sent, so if you need to reschedule them, open the message and tap the Edit button in the scheduling banner at the top.

Get Reminders

Some people like to “snooze” email messages so they reappear at the top of the inbox at a later time that may be better. Mail can do this now with its built-in reminder feature, which also temporarily shows the message in a Remind Me mailbox and pops up a notification when the specified time arrives.

To set a reminder, swipe right on it (use two fingers on the Mac) and tap or click Remind Me to choose a reminder schedule of 1 hour, tonight, or tomorrow. You can also specify a precise time and date. If you can’t swipe on a Mac, you can instead Control-click the message and choose a reminder schedule; on an iPhone or iPad, you can also tap the Reply button and then Remind Me.

Note that this feature only repositions the message in the inbox, so if you’ve read it, for instance, but you have your inbox filtered to show only unread messages, you won’t see the moved message. It does get a little Remind Me tag in the message list.

Follow-ups

It’s bad enough when you ask someone a question in email, don’t get a response, and have to send a reminder. Worse is when you lose track of the question entirely until it becomes a problem. A new feature in Mail could help. When the app detects that you’ve asked a question, it starts a timer, and if you don’t get a response within 3 days, Mail brings your message back to the top of your inbox with a reminder to follow up. Tap that reminder to send another message to the original recipient.

You don’t have to do anything for the follow-up feature to work, other than compose messages that the feature determines are asking questions. However, there’s no guarantee it will work correctly on every appropriate message, and the feature has no way of knowing if your recipient replied in a completely new conversation or outside of email. If you find it annoying, you can turn it off on the Mac. Go to Mail > Settings > General and deselect “Enable message follow up suggestions.”

Focus Filters

Finally, Mail supports the new Focus Filters, which lets you hide content in specified apps when a certain Focus is active. For instance, if you have a Focus for Personal and another for Work, you might want to specify that your work email account appears only when the Work Focus is active and your personal email account appears only when the Personal Focus is active. It’s logically sensible—you don’t get distracted with personal email at work or work email at home—but it likely isn’t worth the effort unless you have trouble exercising self-control.

To add a Mail account to a Focus Filter, open Focus in Settings or System Settings, select a Focus, tap Add Filter, select Mail, and choose the desired account. After that, when you open Mail, you’ll see only messages from that account, with a Focus Filter banner explaining why and letting you turn it off temporarily.

(Featured image based on an original by iStock.com/Motortion)

The post Mail Gains Welcome Features in iOS 16, iPadOS 16, and macOS 13 Ventura first appeared on MacTech Solutions.

Understanding Blocklists

Blocklist services are conceptually simple. They maintain lists of IP addresses that have been identified as sending spam. Receiving email servers subscribe to those blocklists, and for every connection that’s made, the server checks the blocklist in real-time to see if the incoming message originates from a blocked IP address. If it does, the receiving server rejects the connection, preventing the message from being delivered.

How do sending email servers end up on blocklists? There are several basic ways:

• Traps: If you’ve purchased or scraped lists of email addresses (don’t do that!), you may have ended up with dormant addresses or addresses that the blocklists surreptitiously seeded to spammers. If those addresses receive email from you, the blocklist knows you’re not sending just to people who have opted into your mailings. Similarly, if there are many typos in the email addresses on your list, that can raise a flag.
• Triggers: Certain words and links in your message can increase the likelihood that a spam filter will catch your message, and some spam filters report back to blocklists. If a draft message sounds spammy or overly promotional when you read it to yourself, that’s a hint that it might trigger a spam filter.
• Reports: If too many people mark your messages as spam, that can put you on a blocklist. Sadly, some people use the Junk button instead of unsubscribing from mailings they’ve subscribed to.
• Takeover: Although this problem is less common now than it was when more organizations ran their own mail servers, if a hacker compromises your server or account and uses it to send actual spam, that’s almost guaranteed to land you on one or more blocklists.

To avoid ending up on a blocklist, make sure you’re being fastidious about your mailing list. Only add people to it if they have legitimately signed up, make it easy for them to remove themselves with an Unsubscribe link at the end of every message, delete bouncing addresses right away, and avoid spammy language in your messages. It’s not hard—just be a good Internet citizen. And, of course, if you control your own mail server, pay special attention to its security to keep hackers out.

Is Your Organization Already on a Blocklist?

Let’s say your IP address has ended up on a blocklist even though you’ve been good. How would you know? You might hear that people who should have received your mailings didn’t or that your messages were marked as spam. Or you might see your deliverability numbers falling in your sending tool. Neither of those is reliable, though, so we recommend you use MXToolbox’s Blacklist Check, where you can type in your hostname or IP address to see if it’s on any of over 100 blocklists.

You can use MXToolbox for quick checks against 100+ blocklists whenever you want, but if you sign up for a free account, you can set up a monitor that checks your email server’s hostname or IP address against 30 common blocklists every week and emails you the results. (MXToolbox offers lots of other email and Internet-related tests that can help you monitor and troubleshoot your Internet presence.)

Getting off a Blocklist

Once your IP address is on a blocklist, your goal is to remove it as quickly as possible. Many blocklists automatically remove entries after a certain amount of time, but clicking the Detail button in the MXToolbox blocklist listing will tell you more about the blocklist and potentially how to request a manual delisting.

The precise steps will vary by blocklist, but the most important thing is that you resolve whatever issue caused your server to be added in the first place. Once that’s done, you’ll probably need to provide the IP address of the server and an explanation of what happened, either in a Web form or in an email to the blocklist admins.

We won’t lie—ending up on a blocklist can be stressful, particularly if your organization relies on sending customer-focused email. But if you keep your list clean and avoid sending spam-like messages, the occasional blocklist listing should be only a temporary blip in your operations.

(Featured image by iStock.com/ipuwadol)

The post What Your Organization Needs to Know About Email Blocklists first appeared on MacTech Solutions.

Business Accounts

For a business, email is essential. You cannot put up with downtime, lost email, unpredictable spam filters, or any other nonsense. Plus, you need support for custom domains, multiple users, role accounts, two-factor authentication, and an admin console where you can manage it all (or someone can manage it for you). Although there are other providers in this space, the safe choices are Google and Microsoft. (We realize this falls into the category of “No one ever got fired for buying IBM.” It’s basically true in this case—email isn’t an area to experiment with unknown quantities.)

• Google Workspace: Previously known as G Suite, Google Workspace brings together Google’s well-known collaboration tools, including Gmail, Calendar, Drive, Docs, Sheets, Forms, Slides, and so on. Pricing starts at $6 per user per month and includes 30 GB of cloud storage per user; $12/user/month increases that to 2 TB. The big win of Google Workspace is that it provides a first-class experience for use within a Web browser. Google also provides iOS apps, and Apple’s Mail apps can access Gmail via IMAP.
• Microsoft 365: Previously known as Office 365 (what is it with all this renaming?) Microsoft 365 offers Web and mobile versions of the Office apps (Outlook, Word, Excel, PowerPoint, and OneNote) along with hosted email with a 50 GB per user mailbox. 1 TB of OneDrive cloud storage space is standard, along with online meetings and video calls using Microsoft Teams. The Basic plan costs only $5/user/month, but to get the desktop versions of the Office apps, you need at least the Standard plan, which runs $12.50/user/month.

The main way to decide between Google Workspace and Microsoft 365 is to examine how focused your business is on core productivity apps. If you’re already relying heavily on Word, Excel, and PowerPoint, it makes sense to go with Microsoft. However, if your company is more Web-based or uses a variety of non-Microsoft productivity apps, Google is probably the better option.

Either way, it’s a big decision, and please check with us before making any major moves. Depending on your situation, there may be less obvious reasons to choose one or the other, or even a third option that’s perfect for your situation. Plus, transitioning between providers may require significant work to ensure that you retain all your email archives.

Individual Accounts

For individual users, you want reliability and good spam filtering, and some people might appreciate being able to use a custom domain name. However, most people don’t need support for multiple users, an admin console, or other big-company features. Plus, you probably don’t want to pay much, if anything. Again, tons of companies offer email—many for free—but the ones we recommend are Apple, Google, and Fastmail:

• iCloud Mail: Nearly every Apple user has an iCloud account associated with their Apple ID, and with it comes iCloud Mail. It’s a fine choice for basic email, making it easy to access your messages on all your Apple devices and even on the Web at iCloud.com. Apple provides 5 GB of storage for free, which might seem like plenty for email, but it’s shared with iCloud Backup, iCloud Photos, iCloud Drive, and more, so it’s easy to run out. For more storage, upgrade to iCloud+, which costs $0.99 for 50 GB, $2.99 for 200 GB, and $9.99 for 2 TB. With iCloud+, you also get the option of adding a custom domain name, though it’s a rather involved process. The main thing we don’t like about iCloud Mail is that Apple sometimes goes overboard with spam filtering.
• Gmail: The most popular email service in the world is Google’s Gmail, with well over 1.5 billion users. Although the default way to access Gmail is through a Web browser on a Mac or the Gmail app on an iPhone or iPad, you can enable IMAP support to access it using Apple’s Mail apps. There’s also a highly regarded new Gmail-specific macOS app in development called Mimestream. Gmail provides 15 GB of storage for free, which is enough to hold most people for quite some time, and more storage is available inexpensively. Gmail’s spam filtering is generally very good, and unlike iCloud, it doesn’t delete any filtered messages without allowing you to see them first.
• Fastmail: In contrast with iCloud Mail and Gmail, Fastmail isn’t free—it costs $3/user/month for the Basic plan, but that’s limited to just 2 GB of storage, doesn’t support a custom domain, and requires that you ​​use Fastmail Web and mobile apps. For $5/user/month, the Standard plan increases the storage to 30 GB, lets you set up your own custom domain, and provides full IMAP access so you can use Apple’s Mail or any other standard email app. The big reasons to choose Fastmail are the company’s focus on privacy and to support a firm that does nothing but email.

Although switching your personal email isn’t as difficult as changing email providers is for a business, it’s still not something to be undertaken lightly. Contact us if you need advice on which service provider would be best for you and if you need assistance setting up forwards and bringing your old mail over to your new account.

(Featured image by iStock.com/anyaberkut)

The post Looking for a New Email Provider? Try These Services first appeared on MacTech Solutions.