The MGS Blog

Friday, January 14, 2022

You've got email MAT (case)

You've got email+malware+viruses+zombies+spam+fishing+adware.
Móin Alúine Teichneolaíocht (MAT) is the brainchild of two engineers who had worked in Digital’s Galway campus in the 1990s. While MAT's customers are risk adverse, conservative multinational banks and financial services operators, they value MAT's rapid innovation and reputation for adapting quickly to technological change. ‘Prime Broker', MAT's first product, broke new ground when it was launched, based on open standards and interoperability; Web 2.0 was designed into the heart of its architecture.

Unfortunately over the last 6 months MAT had suffered a run of bad luck:
  1. A small fire in the server room had destroyed hardware in the room including the router, firewall and wiring to the ISP.
  2. MAT's ISP experienced 2 outages or critical network failures that affected MAT's business communications including support SLA turnaround times on bugs.
  3. On no less than 6 occasions malicious bots had infected the mail server, outbound traffic became overwhelmingly bot generated and internet connectivity was reduced to a crawl. Worse, the bot traffic had red flagged MAT's IP and MX registrations, which were then 'blacklisted' on authoritative public watch listed servers. Consequently their IP and MX records were 'quarantined' by the gods of the Internet.
  4. A knock-on impact of the mail server problem was that malicious spyware and bots had infected some internal workstations. MAT suspected that certain file systems had been compromised (accessed and copied).
In January 2012 the engineering and IT teams hosted an off-site day where they reviewed the company’s performance from the perspective of skills, tools, technology and trends. Among the topics discussed was the IT infrastructure (internal and external facing) among which Email and Messaging services stood out.

Email is a basic necessity for business and it has been the communication lifeblood of MAT from day 1. Newer instant communication and messaging technology like SameTime and ‘Skype’ is also extensively used by the engineers (Product Development, Test, Support, Professional Services and IT). Everyone manages three or more personal email accounts in addition to their corporate (firstname.secondname@mat.com) identities.

One proposal under consideration is to shift from the internal email service to a fully external email service from Google or another 'cloud' provider. The CEO has also asked if cloud services can replace internal systems, systems that might be better provided by an external operator.

Also discussed at the off-site were the results of a recent external ISO9001:2008 quality audit that identified shortcomings in the company's business continuity and disaster recovery plan; specifically, how core infrastructural services (email in particular) are maintained and proofed against disaster. Business continuity and disaster recovery plans are necessary to ensure that we can restore "adequate alternative arrangements for systems which need to be operated in the event of a breakdown". Critical Infrastructure is defined as the tools & structures necessary to operate essential services or carry out core activities, for example; internet access, mail server, source code control system, and the telephone system.



So how much could you save with Google Apps for Business?
Google's corporate email service is a key feature in its recent paid service, Google Workspace (previously Google Apps for Business). See https://workspace.google.com/pricing.html.


The Google Workspace pricing model



MX Toolbox - Email Blacklist Checks and Diagnostics (www.mxtoolbox.com)

The MX Lookup Tool can test and list "MX records for a domain in priority order. The MX lookup is done directly against the domain's authoritative name server, so changes to MX Records should show up instantly. You can click Diagnostics, which will connect to the mail server, verify reverse DNS records, perform a simple Open Relay check and measure response time performance. You may also check each MX record (IP Address) against 147 DNS based blacklists . (Commonly called RBLs, DNSBLs)"