Monthly Archives: May 2007

MxToolBox Offers Free Email Archiving with New Email Hosting Accounts for National Small Business Month

In celebration of National Small Business Month, MxToolBox, Inc. is offering free Email Archiving for new accounts with its FlexBox Business Email Hosting service throughout the month of May. Small Businesses that take advantage of the offer essentially will have free email archiving imbedded with a premium email hosting service for life.

?Small Businesses are becoming increasingly concerned with storing and accessing electronic business communications,? said CEO Eric Rachal. ?Recent developments, such as the new Federal eDiscovery Rule and NASD Small Business Continuity Plan Requirements, are driving small business managers to consider the implications of electronic discovery requirements. Preserving the vast amount of business information that is contained within email has also become a major concern? Rachal added, ?But, until now, email archiving has been both technologically and cost prohibitive to most small businesses.?

The imbedded email archiving feature within the FlexBox Hosted Email and Groupware package is ideal for small businesses, because it eliminates the need for multiple vendors and platforms, while ensuring that all company emails are preserved and easily retrieved/reproduced for as long as company policy requires. The email archiving feature saves all sent and received emails withint a given account. Even when a user deltes a message from their mailbox, the message remains in the archiving box. All emails and files are indexed for rapid retreival.

The FlexBox Hosted Email and Groupware service is an ultra-secure, ultra-reliable email hosting system designed to give small businesses all of the features that they would get if they had a professionally managed, dedicated email server in-house, without the excessive cost and administrative burden.

?Small Businesses absolutely need the same level of sophistication and functionality from their email systems as large enterprises,? continued Rachal, ?It usually just doesn?t make financial sense for them to manage those systems themselves. That?s why we created FlexBox?to give small businesses the security, reliability, flexibility, service and collaborative features that they need, at a price that makes sense.?

FlexBox Hosted Email is based on the Hosted Zimbra mail platform and includes shared synchronized calendars, shared synchronized contacts, shared documents, enterprise grade spam and virus filtering, blacklist protection, one gigabyte of storage per user, and more. The system is designed to work with multiple operating systems, including Windows and Mac, plugs into most desktop mail clients, such as Outlook and Apple Mail, and has an intuitive, powerful AJAX web interface. As an additional bonus, customers can opt to add full synchronization of mobile devices.

When discussing the system?s features, Joel Harvey, MxToolBox?s Director of Marketing chimed in, ?These features mean less to small businesses than the results they lead to. At the end of the day, FlexBox lets business managers rest easy. They know that their email is going to work. Messages will be delivered when and where they are supposed to be. Inboxes will not be flooded with spam. Dangerous viruses will be kept off of the network. Blacklists will not be a problem. Additional service needs, such as mobile device synchronization and archiving, can be easily added. Support for PC and Mac users is equally simple. And employees will be happier and far more productive.?

To take advantage of the Email Archiving offer, businesses should contact the company at 866-MxToolBox (866-698-6652) or on the web at

About MxToolBox, Inc.
MxToolBox, Inc. offers innovative on-demand messaging infrastructure to the small and medium business market throughout North America. The company provides leading edge ?Flip the Switch? on demand messaging services, including email spam and virus filtering, blacklist protection, email hosting, and email archiving.

How Legitimate IP Addresses Get Blacklisted

“I’m Not a Spammer, so why is my IP Address Blacklisted?”

Everyday, legitimate email users find their outbound email flow blocked by recipient email servers using blacklists (aka Blocklists, RBLs) to block spam. Most of these users are shocked to find their IP Addresses on a list with IP Addresses used to flood the world’s inboxes with spam and malware. The news of their listing stirs up fear, anger, and righteous indignation. “How can we be on a blacklist when we don’t spam?” they ask. That is a great question–how do business email IP Addresses operated by non-spammers get placed on legitimate, targeted spam blacklists (i.e. blacklists that list IP Addresses that have recently sent spam, instead of lists that include large ranges of IP Addresses by default)? Simple…by spamming.

“What,” you ask, “A non-spammer that doesn’t spam gets listed on a spam blacklist for spamming?” Yes. For several years, spammers have hijacked mail servers and other computers to send spam. The spammer’s strategy has always been to find a quiet, undefended place on a network where they can send spam and perform other illicit acts without detection. A recent example from one of our clients provides a real life illustration of how this works.

Spammers Hide Clever Tools Where You Least Expect

This particular client (who will remain un-named) runs an email server, as well as an internal document server. They utilize an enterprise-grade email spam and virus filter for security and are relatively proactive in managing their network for security risks. Despite these efforts, a spammer was able to download a mass mailer program onto the client’s document server. How the spammer bypassed the client’s security is a question that remains unanswered. The payload was most likely delivered via a malware infected website. In this case a simple anti virus software solution that stops executable programs from loading without administration permissions would have stopped it, but the document server had no anti virus services running at all. What is most important to note, though, is where the spammer put the program and what the program did.

The program was a modified commercial mass mailing program know as Advanced Mass Sender 4.3 (published by KBB Software. This screenshot was forwarded to us after our client discovered the program on the document server:

Botnet Mass Mailer Screenshot

The program is touted as a powerful email marketing tool that is developed to manage and send mass quantities of email to a large number of clients, quickly and affordably. The program’s features include:

  • Built-in SMTP server, powerful, supporting packet-sending emails without using the SMTP server of your provider allows you do send up to 500 emails a minute using a modem. The unique ability to send through several SMTP servers simultaneously allows you to send up to 1500 emails a minute using a fast connection.

  • Support for large sender lists – 200000+ addresses per group.

  • Support for proxy servers.

The spammer managed to download the program onto a document server, a machine with no SMTP capabilities that most network administrators would not associate with email. But, because the program has a built-in SMTP, the spammer was able to send a high volume of spam from the server–40,000 messages in total at a rate of 1,500 per minute. (note: these volumes indicate that the perpetrator was not particularly sophisticated when compared to other bot herders. Most spammers today prefer to send low volumes of messages from multiple machines to avoid detection).

The Fallout from Hosting a Spammer

The client’s public IP address was blacklisted instantly on five widely used blacklists. Fortunately, we handle the client’s outbound mail flow through or secured connections so the backlist listings did not effect their ability to send email. Had they been sending outbound email from their own IP address, most major ISP’s and many business mail servers would have blocked their email. And, if their local service provider would have seen the traffic coming off of his network they likely would have stopped all SMTP traffic, causing catastrophic email failure.

This particular client is proactive and technologically savvy, so they quickly determined that something was not right on their network, found the problem and terminated it. But, what if they had not been so fast? What if they did not use our outbound mail filtering service? The consequences could have been devastating. Not only would they have inadvertently contributed to the global spam scourge, they would have suffered extreme email failure due to large scale listings on blacklists.

How to Protect Yourself

There are several lessons you should take from this study:

1) Spammers can use any part of your network that is connected to the internet to send spam, whether it is part of your email system or not.

2) Even well defended networks can fall victim, which is why you have to move from a well-defended network to an extraordinarily well-defended network. Block threats from all potential entry points, instead            of the most common entry points.

3) Constantly monitor your network for intrusions and infections

This case certainly does not resemble every bot infection, but is a real-world illustration of how an infection can occur.

eTools Group, Inc. Changes Name to MxToolBox, Inc.

AUSTIN – April 23, 2006 – eTools Group, Inc announced today that it will immediately begin operating under the name MxToolBox, Inc. MxToolBox will continue to serve the small and medium business customers and IT Consultants that currently subscribe to the company’s spam and virus filtering and email hosting services.

“We are re-branding because the IT community that uses our tools and services knows us as MxToolBox. We are changing our name to make it easier for people to do business with us and to eliminate any confusion that comes from operating under two names,” says CEO Eric Rachal. “For some customers, our name has changed, but our intense customer service ethic and our unwavering commitment to providing value absolutely has not.”

Company officials were careful to emphasize that eTools Group, Inc. was not bought by another company and is run by the same people and the same technology that its customers have come to know and rely on.  The company will be calling customers and sending letters with invoices to make sure customers understand the change. “The only discernable change that our eTools Group customers will see,” said Rachal, ” is the logo on their invoices will change from the eTools logo to the MxToolBox logo.” is a popular website among IT professionals across the globe. The website has free tools that help users uncover, diagnose and fix messaging related problems. In an era when more and more companies are trying to charge users for access to content and tools, MxToolBox, Inc. is adamant about keeping its free tools separate from its paid services.

The company offers a suite of tools that allow users to test the health of their email systems and to diagnose email related problems. The tools include MX Records Lookup, Server Diagnostics, Blacklist Lookup, SPF Records Lookup, and Free Mail Server Monitoring.   

“We believe in providing value to the IT and business communities, whether to a client or someone at-large,” says Joel Harvey, Director of Marketing. “The free tools, or MX Widgets, are our way of doing that. Yes, we have paid services that thousands of IT professionals use to solve problems and keep them from reoccurring. Yes, we could charge for our widgets as well. But, in the end that would dilute the value that we provide, which is the last thing we want to do.”

eTools Group, Inc Announces Name Change to MxToolBox, Inc.


Update: Bots Inside Fortune 1000 Companies

We first reported on bots inside Fortune 1000 companies in late March. Since then, the Support Intellegence Project has identified more large corporations with botnet infections. The list has grown to include AIG, AFLAC, Bank of America, Conseco, Thomsen Finacial and 3M. Most of the companies ideitifeid have repordtedly found anf removed the bot infections. They also claim that no data has been compromised. But, how can they be sure?

If a bot can infect and send spam from a network, what is to stop it from logging keystrokes or stealing corporate data? 


House Judiciary Subcommittee Approves Anti-Spyware Bill

The House Subcommittee on Crime, Terrorism and Homeland Security approved house bill HR 1525 by voice vote. The bill will now go before Congress for a vote. If voted into law, HR 1525 will make it a crime to install software to alter security settings, damage a computer or commit fraud. Violaters could face fines and/or prisson sentences of two to five years, depending on the offense.

$1 Billion Lawsuit Filed Against Spammers

On April 26, 2007, Project Honey Pot filed a $1 Billion Dollar Plus lawsuit against spammers in a court in the Eastern District of Virginia. The suit seeks damages on behalf of its members and targets a “large swath” of known spammers and email address harvesters, and is the biggest anti-spam lawsuit ever filed. There is an unspecified number of John Doe defendants represented by more than 2.5 million IP Addresses. You can read a copy of the complaint here.