The answer is a resounding NO!  Blue Pixel Design will never send you a file by email without discussing it with you first.  The emails that have been circulating recently are examples of spoofing and/or phishing.

Spoofing: "The sender information shown in emails (the "From" field) can be spoofed easily. This technique is commonly used by spammers to hide the origin of their emails. Email address spoofing is done in quite the same way as writing a forged return address using snail mail. As long as the letter fits the protocol, (ie. stamp, postal code) the SMTP protocol will send the message."

Phishing: "In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one."

More information can be found here:  http://www.bluepixeldesign.com/how-can-i-be-spamming-myself

The spoof phishing emails that are going around are being sent with an attachment that is very dangerous. If you receive one of the emails outlined below, or an email like it, you should immediately delete the email and its attachment.  If you're unsure, send me an email and I can clear things up for you.

Example #1

SMTP and POP3 servers for raielene@bluepixeldesign.com mailbox are changed. Please carefully read the attached instructions before updating settings.

[Link to the file would follow]

 

Example #2

Dear Customer,

This e-mail was send by bluepixeldesign.com to notify you that we have temporanly prevented access to your account.

We have reasons to beleive that your account may have been accessed by someone else. Please run attached file and Follow instructions.

(C) bluepixeldesign.com

Please have your Email Username and Password ready and then…

1.  In Microsoft Outlook, select Tools > E-mail Accounts.

2. On the E-mail Accounts wizard window, select "Add a new e-mail account" and click Next.

3. For your server type, select "POP3" and click Next.

4. On the Internet E-mail Settings (POP3) window, enter your information as follows:

Your Name
Enter your first and last name or whatever you would like to appear in the From field of your emails.

E-mail Address
Enter your e-mail address.

User Name
Enter your e-mail address, but substitute a "+" for the "@".

Password
Enter the password you set up for your e-mail account.

Incoming mail server (POP3)
mail.yourdomain.com or mail.yourdomain.ca

Outgoing mail server (SMTP)
Same as above (mail.yourdomain.com) or leave your current Internet Provider’s settings as is.

5. One thing you need to also do is change the Outgoing Server Port to 26. When you’re at the Internet E-mail Settings screen, click on More Settings and that should bring you to the screen where you can change Ports. (Port 25 is generally blocked by Internet Providers and you will have trouble sending mail if this isn’t changed.)

6. Click "Test Account Settings" to double check that things are working, and you’re done!

1. Log into your cPanel.  (The login information should have been sent to you when you signed up for Blue Pixel Design Hosting, but you can contact us to have it resent to you.)
    
2. Follow the link to MailScanner at the bottom of the page.
   
    
3. The box under Current Settings on the MailScanner page shows what your filters are set at now.  To change these levels, switch some of the settings in the box labeled Change All Domain Settings and click Change.
   

   
   Mail Scanning Options
   

   Spam Scanning
   If you would like all your email for this domain scanned for spam, select yes. If you don’t want your mail scanned for spam, select no.

   Low Scoring and High Scoring Spam
   MailScanner assigns a score to each email based on various attributes and triggers. The higher the score, the more likely the mail is to be spam. There are two levels of spam, low scoring and high scoring. High scoring spam is almost certainly spam, and low scoring spam is probably spam but it’s possible to have false positives. You can also change the level of the low and high scoring spam; Normally low scoring spam must have a score of at least 5 but less than 20, and high scoring spam is email that has a score of at least 20. These score settings can be changed on a server wide basis by your hosting provider, and you can also change these scores for your own email (see Other Settings below).

   When SpamX determines that an email is low or high scoring spam, you can configure whether this email is delivered as usual with a tag to let you know it is spam, deleted so you do not see it at all, or forwarded to a different email address which you can check on a regular basis.

   If you choose to have the spam forwarded to an alternate email address you must create this email address in cPanel — either the default "spam@yourdomain.com" or a different email address (see Other Settings below.)

   Virus Scanning
   If you would like all your email for this domain to be scanned for viruses, select yes. If you don’t want your email scanned for viruses, select no.

   Deliver Cleaned Emails
   Most email viruses are sent by infected "zombie PCs" and have no valid content. If you want to receive notifications of each virus that was sent to you, select yes. If you do not want to receive these notifications, select no.
    

   Blacklist and Whitelist Settings

   Spam whitelist
   You can add email addresses or domains to this list that you never want marked as spam. Please note that emails sent to you from these email addresses or domains will still be scanned for viruses and dangerous file attachments but they will not be marked as spam.

   Spam blacklist
   You can add to this list any email addresses or domains that you want always marked as high scoring spam. The action you have specified for High Scoring Spam in the Mail scanning options will be applied to any emails sent from domains or addresses on this list (i.e. marked and delivered, deleted, or forwarded).
    

   Other Settings

   Low scoring spam setting
   You can change the level at which MailScanner will identify an email as low-scoring spam (probably spam) by changing this setting. If you change it to a higher number you may receive more spams that have not been identified as spam by MailScanner. If you change it to a lower number you may find that MailScanner is identifying non-spam emails as spam, i.e. there will be more false-positives.

   High scoring spam setting
   You can change the level at which MailScanner will identify an email as high scoring spam (almost certainly spam) by changing this setting. The default is 20 and this setting works well in most cases. If you find you are getting excessive amounts of low scoring spam with a score just below 20, you may want to change this setting to a lower number, such as 15. If you change it to a lower number we would recommend NOT setting high scoring spam to Delete until you’ve tested it for a while to be sure the new scoring is working well for you.

   Additional email address
   If you’d like to have spam forwarded to a different email address than "spam@yourdomain.com", for instance an email address on another domain, you can specify that email address here. It will then be listed as one of the options for Low and High Scoring Spam in the Mail Scanning Options so you can select it.

The following article appeared on Webopedia way back in 2003. For more information on how to deal with spam, check out our related post with spam reduction tips.

The first time it happened, you were probably confused and even a bit curious, especially if you were not aware of this phenomenon of self-sent spam. A message appears in your e-mail inbox with your own e-mail address as the sender of the message, but you are pretty sure that you did not send yourself an offer for a rock-bottom mortgage rate or secrets to making millions on eBay. So then, what’s happening?

It’s not because a spammer has hijacked your e-mail account and is spamming the world using your identity but because the spammer is disguising the true sender of the e-mail with a different address, a process called e-mail spoofing, to target you specifically. In e-mail spoofing, the sender manually constructs the e-mail header and chooses which information (your e-mail address as the sender, for example) to include.

Why do the spammers do this? To get you to read the e-mail and/or click on the hyperlinks contained in the e-mail, of course. Sometimes the spammers want you to buy the products they are peddling; sometimes they want you to click on the link contained in the e-mail, which signals them that their e-mail message received a live account with a curious human at the other end, and they can then sell your e-mail address to other spammers as a potential audience for more spam from a different source. Sometimes it is for both these reasons and also to bypass filters set up through the e-mail client. Most people don’t even think about having to filter out e-mails sent to themselves from themselves.

Self-sending spam relies on human nature. A 2002 study by Hamilton, Ontario’s McMaster University revealed that e-mails containing shared names of the recipient had an emotional appeal that caused the recipient to read the e-mail in greater numbers than e-mail that came from sources that did not share a name with the recipient. Also, human curiosity compels the recipient to want to know how he has sent himself a spam e-mail, resulting in the recipient of self-sent spam to read the e-mail to investigate. For those who want to go after the spammers, this link explains how to read the header information for the more popular e-mail clients.

Last updated: December 10, 2003

Original article by Webopedia can be found at http://www.webopedia.com/DidYouKnow/Internet/2003/SelfSentSpam.asp.

Note from our Blue Pixel Design server techies: 

Spoofing is typically not a problem because mail servers that do spam scanning can tell that the sender’s IP does not match the domain’s actual IP so they will not get blacklisted, however you may receive bounced error messages and other spam.  You can find the actual sender’s IP in the full message headers of the email so you can determine who is spoofing you and report them.

Our SMTP mail servers (SMTP is the protocol for sending mail) do have security features enabled on them and require senders to log in to check their mail first before they will be allowed to send, verifying that they have permission to use our SMTP mail servers.  The problem is that these spoofed emails are not passing through our servers at all. The spammers are faking the domain names and using their own mail servers to send them.  As such, there’s nothing we can do to stop this. Your customers will just have to bare with it, possibly increase their mail scanner filter settings, or try reporting the sender’s IP to their ISP to stop this (usually they use hacked servers to send anyway so this is often not worth the time).

The following article was written by Mark Rushworth, self proclamined web design, SEO and internet marketing guru.

Reduce Spam – 10 Top Tips to Stop Spam

Here are 10 top tips to reduce spam in your email in-box.

1. Delete/turn off your catch-all.

   Catch-all’s are generic mail boxes that collect all email not being sent to a named account. The up-side of catch-alls is that if someone spells an email address correctly then you still have a chance to access the message. The down side is that automated mailers send emails to randomuser@yourdomain.com. So by removing your catch-all email account you will stop a majority of junk messages.

   [Blue Pixel Design Hosting accounts have the Default Address set to ":fail: No Such User Here" by default.  This can be set to forward to your main email address instead, but of course, as mentioned above, might increase your spam levels.]

2. Make sure that you don’t publish personal email addresses on your website.

   Automated systems ‘trawl’ websites looking for email addresses, adding them to lists without your permission. If you do want to publish a personal email address disguise it using javascript or as an image (these will be inaccessible and stop some disabled viewers from emailing you), or even better, replace the email address with a contact form allowing you to pre-qualify enquiries by asking detailed questions or giving a choice of specific variables.
    

3. Set up a generic email address for use on forums, registration pages and other situations where you know that you may be opening yourself up to receiving spam email.
    
4. Don’t use single names i.e. fred@ for your email address.

   Again, these addresses can be guessed and within a few minutes a flood of spam begins to arrive. Instead opt for firstname.surname@. An added benefit is that it makes sure your contacts really know who you are.

   [I'm not sure how much difference this is going to make, and use my own name in my email.]

5. Don’t use sales@ support@ or any other guessable addresses for the same reason as above.

   Instead come up with your own codes for online contact forms etc. As they’re being accessed through a form and don’t need to be entered manually – you can really go wild with these.
    

6. Register a dedicated email domain.

   It may be a bit extreme, but if spam becomes so unmanageable, it may be worthwhile registering a completely different address to email from. This could be name@emailcompanyname.com.
    

7. Use an email program with integrated spam filtering.

   Outlook (not express) has limited in-built spam filtering. A better option would be to use Mozilla’s free email program Thunderbird, which automatically tags possible spam for you. A great feature of Thunderbird is you can set the default view to show all messages marked as not-spam, which dramatically reduces the amount of clutter and enables you to toggle between spammy and non spammy views.

   [The link to download Thunderbird: http://www.mozilla.com/thunderbird/  or visit their main site at http://www.mozilla.com and download Firefox as well and rid yourself of the evil that is Internet Explorer!]

8. Ask your host what spam filtering packages they offer.

   [Included in your cPanel is the MailScanner.  It's here that you can set the filters higher to catch more spam.  See our post on how to increase your spam filter levels for instructions on how to do this.]
    

9. Subscribe to a mailing preference service.

   There are a number of mailing preference services out there that operate as closed email networks. In order to send a message to a member of these systems, you have to register on the website and provide proof that you are who you say you are. As someone who wants to send a simple message, this can be pretty hard going, with lots of forms to fill in; but as a recipient, you know that all messages being delivered are from authentic sources.
    

10. Don’t send bulk emails using TO or CC.

    If you’re sending the latest Friday Funny, or a quick promotional offer to friends and/or colleagues, don’t use TO or CC. These types of email have tendancy to be passed on to persons unknown, the result is that everyone you’ve listed as an original recipient could be easily added to a list by an unscrupulous individual. What makes this worse is that not only are the original recipients easily visible, but also the subsequent chain(s) of people.

Original post by Mark Rushworth can be found at http://www.markrushworth.com/template_permalink.asp?id=102.

You can go through cPanel, but you don’t have to.

This is the fastest way to get into your Webmail account:

http://yourdomain.com/webmail/ (obviously replace “yourdomain.com” with your domain URL, e.g. my webmail address would be http://www.bluepixeldesign.com/webmail/).

When the prompt box comes up, enter the following:

Username:  your full email address (myemail@domain.com, e.g. raielene@bluepixeldesign.com)

Password:  the password for the email account entered above

Many ISPs are beginning to block access to common SMTP server ports in an effort to force their users to use their SMTP server so that they may monitor and control users who are sending unsolicited emails (SPAM).

If your ISP is blocking access to port 25, you may use our secondary SMTP server which is installed on port 26 by adjusting the settings in your email client application to use port 26 for your SMTP server instead.

If you find that your ISP is also blocking access to this secondary port, please contact them to request their SMTP server address and configuration instructions so you may use their SMTP server in place of ours.

Our mail servers also require SMTP Authentication to be turned on, so please ensure that this advanced option is activated.

Please note that you should always be able to send and receive mail through Webmail without issues even if your ISP is blocking access to our SMTP ports.

Please have your Email Username and Password and then…

1.  Open Mail.

2.  Choose Preferences from the Mail menu. If you have not yet set up any accounts, the Mail Setup window appears, and you can skip to Step 5.

3.  Click the Accounts icon in the Mail Preferences window.

4.  Click Create Account (or the plus sign at the bottom).

5.  Choose POP as the Account Type from the drop-down menu.

6.  In the Account Description field, type any name you would like to use to identify the account. This is the name that will appear in your list of accounts if you have multiple email accounts in Mail. Full Name is the name that will appear in the From field of your emails.

7.  Hit continue, then fill the next fields with your information.

8. Hit continue.  Leave the security settings as is or change them to look like those below.

9.  You can either leave your current Outgoing Mail Server selected (e.g. Shawmail) or use our server (this is the same as the Incoming Mail Server).

10.  Hit continue again. If your Mail program is like mine, it will try to connect, but won’t because the Port is wrong. Wait until it says it won’t work (this can take some time), then hit continue anyway.

11.  Leave SSL blank, and hit continue until you are Done.

12.  Follow the Advanced tab, and change the Port to 26.