Microsoft just exposed email’s ugliest secret

Screen Shot 2014-03-22 at 10.12.26 AM

Email is more broken than you think

If you’re hiding something from Microsoft, you’d better not put it on Hotmail.

It came out yesterday that the company had read through a user’s inbox as part of an internal leak investigation. Microsoft has spent today in damage-control mode, changing its internal policies and rushing to point out that they could have gotten a warrant if they’d needed one. By all indications, the fallout is just beginning.


But while Microsoft is certainly having a bad week, the problem is much bigger than any single company. For the vast majority of people, our email system is based on third-party access, whether it’s Microsoft, Google, Apple or whoever else you decide to trust. Our data is held on their servers, routed by their protocols, and they hold the keys to any encryption that protects it. The deal works because they’re providing important services, paying our server bills, and for the most part, we trust them. But this week’s Microsoft news has chipped away at that trust, and for many, it’s made us realize just how frightening the system is without it.


We’ve known for a while that email providers could look into your inbox, but the assumption was that they wouldn’t. Even a giant like Microsoft is likely to sustain lasting damage, simply because there are so many options for free web-based email. Why stick with Microsoft if you trust Apple or Google more? But while companies have created a real marketplace for privacy and trust, you’ll find the same structural problems at every major service. Ad-supported email means companies have to scan your inbox for data, so they need access to every corner of your inbox. (That’s been the basis of Microsoft’s Google-bashing “Scroogled” campaign.) Free email also means someone else is hosting it; they own the servers, and there’s no legal or technical safeguard to keep them from looking at what’s inside.


A close look at company privacy policies only underlines the fact. As Microsoft pointed out its initial statement, “Microsoft’s terms of service make clear our permission for this type of review.” Look at the company privacy policy, and you’ll see that’s true: “We may access or disclose information about you, including the content of your communications, in order to … protect the rights or property of Microsoft.” That’s a straightforward description of what happened in the Hotmail case.

You’ll find similar language in the privacy policies from Yahoo and Google. Yahoo reserves the right to look through your emails to “protect the rights, property, or personal safety of Yahoo, its users and the public.” Google’s language is nearly identical, saying it will access user data “if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to … protect against harm to the rights, property or safety of Google.” Apple is a little better, but not much, promising to disclose user content “if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.” What counts as public importance, exactly?

What’s worse, the current laws won’t do anything to stop them. For standard law enforcement, it takes a warrant to read a person’s email — but there’s no such restriction on hosting providers. Peeking into your clients’ inbox is bad form, but it’s perfectly legal. Even if the rights weren’t reserved in the terms of service, it’s not clear there are even grounds for a lawsuit. Without stronger privacy laws, all companies have to worry about is bad PR.


Microsoft’s mole hunt isn’t unprecedented either. There have been LOVEINT-style abuses of sysadmin access, as when a Google engineer was fired for spying on friends’ chat logs. Last year, Harvard searched its own professors’ email accounts as part of a cheating investigation. (The dean behind the search stepped down a few months later.) But those are just the instances we’re aware of. In all likelihood, there are dozens of similar incidents that were simply never made public, encouraged by the open nature of third-party hosting. As long as the access is legal and technically feasible, there’s no reason to think it will stop.


Anyone living a modern and complicated life over email is left in an awkward place. The crypto crowd has an easy answer: use end-to-end encryption, locking up emails with GnuPG and online chats with programs like Cryptocat. You can hold your own keys, making sure no one can decrypt the message but the person you’re sending it to, and count on open-source code reviews to expose anyone who tries to slip a backdoor into the code.

It’s a good system and it works, but for most users, it’s still a bunch of extra inconvenience for no obvious benefit. In the end, it’s easier to blame Microsoft for violating our trust and move onto the next company, with the same data practices and the same terms of service. With Google, Apple, Yahoo, and countless other free webmail services waiting in the wings, there are plenty of options to choose from. They’d never do a thing like this… right?

Link to Story from the Verge

PostmanMojo IT Reseller & Consultant – Locally Available in Beverly Hills / Malibu, CA


PostmanMojo is proud to announce our new Reseller in the Westwood District of Los Angeles, CA. PostmanMojo is now offered locally by our local expert in the Beverly Hills / Malibu Area. PostmanMojo has built a management platform, from the ground up, that runs on top of Kerio Connect. Our technology is completely proprietary and we have also modified the core of Kerio Connect to speed up the delivery of email services to clients.

MS III Consulting
[email protected]
Westwood, Los Angeles, CA

PostmanMojo IT Reseller & Consultant – Locally Available in Casper, WY

wyoming big sky

PostmanMojo is proud to announce our new Reseller in Casper Wyoming. PostmanMojo is now offered locally in Big Sky Country. PostmanMojo has built a management platform, from the ground up, that runs on top of Kerio Connect. Our technology is completely proprietary and we have also modified the core of Kerio Connect to speed up the delivery of email services to clients.

Wyoming Tech Solutions LLC
525 West Yellowstone
Suite 203, Casper, WY 82601
Phone: 307-680-8812
Chad Cundy
Email Consultant & Reseller

[email protected]

PostmanMojo VS Hosted Microsoft Exchange

Adobe’s security breach and the impact to you

Unless you’ve been without internet since before Halloween, you’ve more than likely heard about the massive security breach at Adobe. Hackers were able to access and steal upwards of 38,000,000 user accounts…which included the most sacred of all id’s; the password.

So, what are you to do? I think first and foremost everyone needs to realize this is going to happen. And the more our lives are tied to the internet, the greater the chance that one day, you, will be affected. It’s not a matter of if; only when. If you sense a lack of concern in my tone, it’s because I realized a long time ago that the best play is a good offense. No one wants to spend countless hours fixing hacked accounts and repairing the financial damage that could occur from breached accounts. If you think a stolen identity is bad – consider waking to an emptied bank account. And yet, in 2013 our lives are so intertwined with electronic transactions and storage, that short of hiding $100’s in your mattress, you my friend, are as good a target as anyone.

This realization hit me very hard. One day about 9 months ago, I began receiving text messages from friends asking why I was dm’ing video to them from my twitter account. Had I been wasting my day doing this? Of course not!  A hacker had gained access to my twitter account by knowing my password. How did they achieve this? Well as it turns out – they had compromised a much less secure service that connected to my twitter account. By getting access to one they were able to go to work on the other. I might as well just have left the front door open! To make my day worse, I broke the biggest of all cardinal password sins; I used a single password for multiple sites. You know what I’m talking about – the famous 1mC00lDud3 password you swear is secure and you use for just about everything? Yea..that was me. And now judgement had been delivered.

The end of our story is a happy one. I was in a place where I could immediately react and salvage what little dignity I had from direct messaging ‘adult content’ to several hundred twitter followers. I didn’t lose any money and my integrity was repaired! #HappyHappy.

However I did learn some valuable lessons that I immediately acted upon so that when the Adobe breach was announced, I barely thought twice about it. When my Lifelock service emailed to say they detected my adobe user info on a well known password sharing site, I hardly noticed and reacted calmly.

How did I do this? By adopting these simple security measures:

Password Integrity

The absolute worst thing you can do is to use a single password to access multiple sites. Don’t do it. Ever.

Brian Krebs, an investigative reporter and security researcher with Krebs on Security who initially discovered the Adobe breach last month, said “The best advice is for people not to recycle the same password in multiple places,” Mr. Krebs said. “It’s prohibitively complex for hackers to crack passwords that are over 13 characters long; people have to think pass phrases instead of passwords.”

I realize you have a lot of passwords to remember…so do I. Easily a few hundred sites that contain a ‘user account’ that I access. And that doesn’t even include the ones I forgot I signed up for! So how do I go about this?

The big idea is: Think pass-phrase, not password.

That’s takes up to our next recommendation….

Password Syncing

I’m no salesman, but I love 1Password. It’s easily one of my favorite apps. There are alternatives, but this one is my favorite. They encrypt the master keychain that stores your passwords with 256 bit encryption. I use 1Password to access my accounts from my android/iphone, tablet, 2 mac computers and 3 different browsers. By syncing my keychain to dropbox, I have instant access from anywhere to my saved logins.

They secret of my security fortress is this one simple truth; I do not know most of my passwords.

What does this mean? First it means that I only need to know the main password to access my 1Password file. Once I enter this, I can retrieve the login information I need, to access a particular site. Secondly, it means that I can use the fantastic ‘password generator’ built into 1Password to generate 15-25 character passwords that would take MIT’s graduating class months to crack. 1Password generates incredibly random, difficult passwords that can be as secure as you like.

Here’s an example I generated for this article: Pbc6gsdMXfo/[A4LYzeM

Q: Do you know how secure this password is? A: very.

That took 3 seconds to generate and if I chose to use that for a site login (which I am not), I could save it as something recognizable, like ‘PostmanMojo – Blog Account’. Meaning the next time I access the login page, 1Password will detect where I am and ask me if I wish to load the un/pw combo into the login fields. Pure magic! Not really. But 1Password has taken the complexity out of having to remember all your passwords. And if I go 5 minutes without using it, the application and browser extension(s) auto-lock and must be authenticated to use again. I also use 1Password to store my home network credentials, software licenses, and other important information.

The big idea is, you do not need to know your own passwords.

Auditing 3rd Party Services

Remember that sweet startup that promised to be the next twitter? Yeah….they’re out business now. But fear not – your account lives on! And the API they used to access your Facebook, Google+ and LinkedIN account so you could have a ‘truly connected lifestyle? Yeah…that connection is still there too. And you should think of it like a bungie cord that holds open the door-of-access to your most loved accounts.

The boom of web 2.0 and social media has allowed us to be more connected, but make sure you audit the sites that have access at least once a quarter. For twitter, this is as simple as logging in and going to SETTINGS > APPS. Here you can see what has access to your account and easily revoke access.

The big idea is: Control what has access, or others will access.

Identity Protection

I’m a pretty paranoid guy. I have a family, a small but growing nest egg and a very respectable credit score. I’ve worked hard to repair the damage of my 20’s. And I like where I am at. All things being equal, I really don’t want to step backward because I made it easy for someone to go buy a TV at their local Wal-Mart by applying for credit with my social security. Or worse, an RV or something else in excess of $50,000.

So, I use Lifelock. I have been very happy with their service and for $10 a month I don’t even notice they’re there. I receive email letting me know if and when fraud is detected. The best part is – they guarantee their service with a (literal) million dollar guarantee.  When I go to apply for new credit, I have a very small inconvenience that I need to go through; I hop on the phone and verify with Lifelock I am who I say I am. Or, I can be proactive and let them know I’m headed down to Audi to pick up a sweet new R8.

Do you have to use this? No. But it does add another layer of protection for you as a consumer. I prefer multiple weapons in my arsenal and you may also.

In closing, maybe you are an IT admin tasked with the security of a few hundred email boxes and network logins. Or, maybe a single consumer looking to protect their identity and control access to your accounts. If you adopt any of the steps above, individually or as a grouped strategy, it will go light years to keeping you safe when the next breach occurs. And it will.

Optimize Your MSP Website

This is an oldie but goodie. I found this article in early 2013 by accident and I wanted to share it for the MSP and IT consultant community. I can relate to your problem because I ran a successful MSP before I sold it in 2008. Many of us do not have enough time in the day to take care of our clients along with our business. Sales and marketing is a system and if you do not master the system you are going to be stuck spinning in circles and wondering why nobody is calling except for your existing clients. You need to optimize your MSP website.

Doc Sheldon on December 4th, 2012 published an article about 5 Top SEO fallacies. In my opinion with 15 years in SEO/SEM management, Doc is on point. Some of his points seems simple, but most of us miss them and take them for granted. I want to give credit when credit is due.

You can read his article by clicking the link above, but I want to expand on his points from my experience.

  1. Meta descriptions
  2. Keyword density
  3. Sitemap.xml
  4. Social media
  5. Penalty

Google from my experience is only using meta descriptions for placement and they enhance your potential click-though. What I find works well is using the articles focus keyword in the description.

There has been a ton of discussion about keyword density. I would recommend if you are using WordPress or Joomla to get Yoast for WP and sh404SEF for Joomla. These plugins have a density checker. There is no true guideline but if you produce content that your reader’s read, then Google will notice.

The sitemap.xml file is important but it doesn’t effect your site ranking. I use the file to tell the search engines what directories not to scan. For Joomla or WordPress, the sitemap file can be automatically generated. I personally alway have this file because it makes the search engines work less which in turn has the potential for them to scan your site more frequently.

Social Media is just a channel. Doc has it right. Stop treating it differently. It is like Google, Bing, and Yahoo. These are channels for your business. Use social media wisely. You want to create a communication channel between your users and the content you publish.

I have in the past been penalized by Google. I was using methods that today are banned. I stay on the forefront of technology for my clients. Every time Google or other search engines make changes to their algorithm,  your site has the potential to move up and down in ranking. Don’t worry unless this is more than a 10% drop in listing, i.e. rank 3 to rank 18. You might have a problem.

Stay turned for more blog postings.

Original Blog Post by Doc Sheldon : 5 Top SEO fallacies

Trusted Email Consultant

How to become an Trusted Email Consultant and Gain Marketshare?

As an IT consultant, MSP, or VAR, you are always on the look out to secure more clients and keep your existing clients happy and profitable for you. I have been on your side with my own practice that I sold in 2008. I know your pain and challenges because I made the same mistakes. The one thing that I learned was you need to have face-time even if you remote to become a trusted advisor. Employees and Vendors change, trusted advisors do not. I still have a majority of my client base from my first company back in 1996. Over the years working (YES) with Microsoft Exchange 5.0 (ancient) I developed my core skill-set on messaging and DNS. I have been brought in to numerous fortune 2000 organization to fix their mail server issues.

Most IT consultants or MSP focus on a core competency, but because of the shift in the marketplace, everyone has had to expand the offering to garner more marketshare. Become a Trusted Email Consultant.

I have always pushed the boundaries of email. It takes years of experience and thousands of deployments, conversions, and troubleshooting to become an expert in mail services.

So How to you become an expert and a trust advisor in email services? Most of your know and are probably using Exchange, Google Apps, Zimbra, and or Kerio. These are all excellent platforms but each has their advantage and disadvantage.

What you should concentrate on is the customer experience. I posted a blog post last week about that. You know the customer networks and most of their needs. Maybe your thinking of Exchange or Google Apps. PostmanMojo utilizes the power of Kerio Connect with Advanced Customization to increase speed and delivery of email. Most Exchange providers concentrate on numbers. We focus on speed, delivery, and the Channel. We give you the best of both worlds; Exchange-like protocols and IMAP. You get both.

Most business expect a feature rich system with calendar sharing, global address list and seamless synchronizations between desktop and mobile devices and before PostmanMojo, Exchange or Google Apps was the way to go. Not anymore. Stop losing monthly revenue to large Exchange Hosting provider invading your protected customer.

So becoming a Trusted Email Consultant is about your people skills, not your certifications. PostmanMojo is here to support you.

Your customer is your customer.

If you have any questions about this article and would like to talk to us more about becoming a Trust Advisor on Email Services for your client, give us a call or email us at [email protected]

5 hard-earned lessons from a lifetime in IT

There was an article that was publish by Steven A. Lowe @ Infoworld on 10/29/2013 about the 10 hard-earned lessons from a lifetime in IT. I want to share with you some of my experiences over the years in marketing, managing, and leading teams of techs, developers, and marketing “folk”. I shortened up the list for easy reading.

The article discusses how young IT staff are ruling development and IT and since they are so eager and willing to succeed they end up not distinguishing between fantasy and reality. As a green IT consultant many many moon ago, I was clueless thought that I could just work on the computers and my bosses would have my back. I was a newbie.

1.  They’re called ‘fundamentals’ for a reason

Technology is in flux daily. For me I started in mid-1980 and knew almost nothing about computers. The reusable knowledge that I learned from the 80s has given me a backing for my knowledge today. Electronics are electronics. If you want to become better, I would suggest you start troubleshooting old tech. Greenscreens, AppleTalk, Token Ring etc. This core fundamentals about troubleshooting and networking are the same. It will make you think because there is no slick GUI to help.

2.  Marketing is not evil

It shouldn’t be… When you communicate value of your work to your clients, boss, co-workers, you are doing marketing. To increase my technology skill set, I want back to school and worked on my MBA with a focus in Marketing. Outsiders might not understand why, but my writing and presentation skills improved significantly. Also, I understand how marketing works and should work. When I am developing technology solutions, I try to assume the user role and what they can do with the technology. Most marketing people are not techie, so having the knowledge to cross-over helps my business and me succeed.

3.  Learn the differences between opportunity and distraction

Opportunities are everywhere. In-between my past employment I had an idea that brought my back into the technology channel space. I wanted to innovate and develop a solution or platform that could help other sell easier and keep them for being distracted. I was thinking about marketing. The problem that I noticed was that most channel partners spent an enormous amount of time administrating email servers. We hope to solve both the opportunity and distraction issue.

4.  Recognize patterns before they bite you

Many executives and you could be one of them, I know that I was, make decisions accidentally or for bizarre reasons. These decisions have nothing to do with the problem, the solution, logic, data, technology, or economics. Do not take is personally, but if you detect a consistent pattern of questionable choices, then get out of there quickly. At PostmanMojo we are based around data. Data is our lifeline. We can also make decision without data but 98% of our decisions are make based on data. We have a comprehensive system for managing all of our data to present us options for our decision making. To make this clear, the data does not make the decision, the people do.

5.  IT is more about people than you think

Many technology executive know this but IT staff still struggles to understand. The thrill of writing code and solving a problem is addictive, but short-lived. True enjoyment comes from making the life better for the people who use the software. Do yourself a favor and get over yourself. I like gadgets as much as the next person, but I like people even more.


The Five Characteristics of Successful Innovation

There is no consensus around what makes an idea innovative and what make an innovative idea valuable.

Evolving discussions about successful innovation reveal personal preference versus a logical argument. Whereas the main certain is should not an be on an agreement about innovation it should be focused on what type and level of innovation is most beneficial for the organization.

Some academic studies suggest the radical innovation offers sustainable competitive advantages but others suggest “mild” innovation is more effective – think iPhone 5 versus the original iPhone. This is because the iPhone 5 reduces market uncertainty since the educational and technology components have been proven. Apple innovated on an existing tested product.

When I manage and lead teams for innovation, I think about Henry Ford. There is a famous but wrong quote that states, “if I had asked people what they wanted, they would have said faster horses”. However, even if Ford did not verbalize his thoughts, history indicates that Henry Ford most certainly did think along those lines.

Creativity alone in not sufficient for innovation. True successful innovation requires the development, production, and implementation of an idea.

The key difference between creativity and innovation is execution.

Five key characteristics of Successful Innovation:

  1. An opportunistic mindset
  2. Formal education

  3. Proactivity and a high degree of persistence

  4. A healthy dose of prudence

  5. Social capital

The last thing I want to leave you with is: Ideas don’t make people successful – it’s the other way around

If you want to learn more, I recommend this site:


Marketing’s Mission: Create a Meaningful Different Experience

Everything you do in business builds your brand either positively or negatively. Your actions generate feelings, associations, and ideas in the minds of your customers. The challenge for all businesses is to make sure that those actions create a meaningful different experience that people want to repeat. The repeatability is key since people are predisposed and choosing a product / service that makes a meaningful difference will gain you mindshare. Research by Millward Brown finds that brands that create a meaningful different experience will command a 13% price premium.

For example, look at Apple versus Acer or Lenovo. Both products do the job/task at hand, but Apple command a much higher margin because they create a meaningful different experience.

Another example: Disneyland vs Knott’s Berry Farm in Southern California. Both provide an experience, but Disney captures more purse strings because they create meaningful experiences for children of the parent’s buying the tickets.

People are attracted to brands with meaning whether their experience of the meaning is tangible or emotionally driven.

What is marketing’s role? Getting the word out about the brand is first. Then concentrate on create a meaningful difference for your audience. This should not be a surprise but most markets forget this because they concentrate on either the product or value/benefit. We are all tired of feature/benefits, but it is a necessary evil in marketing.

At PostmanMojo, our platform is built around how to bring more value to the Channel. What is our meaningful experience? We are delivering a simple, easy to use platform for delivering the best email experience to your customer. Other big-boy providers can only dream because their limitation is the software they are selling i.e. Exchange or Google Apps. PostmanMojo does not have any limits. We built our platform from scratch so we can deliver an experience that you customer’s expect. All you need to do is provide them a meaning different experience providing them IT support.

So after you read through this post, ask yourself, do I provide a meaningful different experience to my customer. If you do not your competitor will.