Password policy violation - Blank Sender
Problem reported by Jon Eastwood - November 17, 2014 at 2:27 AM
Resolved
I have enabled the new features of the password violation so that it emails users to tell them if their password needs updating and when they must update it by.
 
Several emails have already gone out to users but they all have blank sender info, where should it be gettign this info from so that i can update it to make sure its not blank as users have already emailed me asking if its real and not spam or a spoof email
 
They look like this:
 
 
 
Any ideas why?
 
 

23 Replies

Reply to Thread
3
John Marx Replied
I believe that SmarterMail sends out blank emails. I would like to propose a feature request item that allows us to set a master email that is used for administration that goes out on all emails. For example, website@domain.com or something similar that we can set. This would help fix the problem with not only SmarterMail but SmarterStats sending out emails in this manner.
0
Jon Eastwood Replied
I agree its a bit stupid! as most of my clients called asking was this real, was it spam or they simply thought it was junk and deleted! Should be allowed to create the text that's used so that it can be made to look more meaningful and less likely to be deleted/ignored.
1
Shaun Peet Replied
I was just about to start a new thread on this exact subject!
 
First off, this is a *GREAT* new feature but hopefully it's just a start.  This morning was the first time that our users started getting these emails and I've gotten no less than 30 people asking if it was legit or not because the email is extremely spammy-looking.  If we can't customize the email template (which hopefully is coming soon) can we at least see a default email with much more information in it?
 
Ideally, the email should have as a minimum what the password policy is and why the user's current password is violating it.  It should also have some clear instructions for the user on *how* to change their password - and even better with links and/or videos.
 
And as others have mentioned already, the fact that the email comes "from" nobody also makes people very suspicious (which they should be).
 
3
Employee Replied
Employee Post
We will change it so the user name is "System Administrator".  We will also let the user know to log into webmail to change the password and what the password policy is.
 
The notification messages can't be changed in the current version.  We are discussing having a template option in SmarterMail 14 for not just the password violation and expiration notifications, but all SmarterMail generated messages to users.  You would be able to set the sender address and user name as well.  I can't guarantee that will be in version 14 as we haven't locked down those features yet, but I will add a note to this feature request that we have had a number of people in the community asking for it.
0
Shaun Peet Replied
Thanks Byron.

Hopefully you can borrow the code being used by SmarterTrack since the email templating engine has been in there for quite some time and it works well :)

But can you clarify on your first paragraph - changing the user name and adding more information - is that coming in a minor version release of 13 or will we have to wait until 14?
0
Jon Eastwood Replied
Hi Byron, Thanks for the reply but I still think what you are suggesting will still look like spam and not legit - System Administrator is still to vague, we need to be able to set a username and email, can it not come from a domain admin email address for the users own domain?

Still think it needs a lot more thought / customisation?
0
Robert Emmett Replied
Employee Post
With SM 13.1, notification emails for password expirations and password policy violations now explain that the password can be changed by logging into webmail, show the sender as System Administrator, and explain which rules the user's current password is violating.
 
We are still considering having a customizable template for system email notifications.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Jon Eastwood Replied
thanks, the biggest problem is the email itself looks so much like spam/spoof that many of my users simply deleted it, which is why it really needs the ability to customise to make it look more real
0
M. Hussein Replied
That's right Jon
2
John Marx Replied
When the system shows as "System Administrator" what email address is this that is used? Is it:
 
1. The overall administrator that?
2. Is it the administrator for a domain?
3. Something else entirely?
 
(Proposed Idea) If not already I would like the option to have an option that defaults to the primary administrator for the domain but with the option for the domain account to set who they would want it to be. This way if John is the person that should get questions today and Jane the questions next month as John has left the organization it can be changed. Then if say John's account was deleted either revert back to the primary account or popup a notice stating that now that John has been deleted that someone new needs to be set and that so-and-so email has now been set as the contact until you change it in the settings.
1
Jon Eastwood Replied
BTW, I am a bit unsure this thread should be marked as 'resolved' as many of us still think it need more work/investigation?
1
Chris Danks Replied
I today upgraded to Smartermail 13.1
 
I go to manage > password policy compliance
send email
 
How do I put in the email templates like [EmailAddress] or [DomainName] so i can send an email that says your email mail@domain.com  blah blah blah, go to http://mail.DOMAIN to login and change your password
 
 
0
Robert Emmett Replied
Employee Post
Chris, at this time we don't have a customizable template for password compliancy notification emails. This is something the dev team is still working on at this time.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Chris Danks Replied
Thanks for the reply.

so at the moment is their nothing I can do to add this? as the email we sent looks spammy and everyone ignored it!
0
Jon Eastwood Replied
Upgraded to the latest version,
 
Compliance report now has less users on it so people are finally changing there passwords.
 
But I have several users tell me they have changed their password to match the requirements but they are still getting violation emails.
 
One user today got the following email:
 
The password for xxxx@xxxx.xom violates the password policy and must be changed.
 
Outbound messages will be blocked if the password has not been updated by 15/12/2014.
 
A prompt to set a new password will appear the next time you log into webmail.
 
Your current password violates the following password policy rules:
                * Must be at least 8 characters long.
                * Must contain at least one capital letter.
                * Must contain at least one symbol.
                * Must contain at least one number.
 
 
But I have checked the users password and even though this is not the EXACT password this is the same format as they have which you will see conforms to the requirements.
 
Tihhwi0456!
 
So why would a password as above still show up on the report and still get these emails?
 
 
0
Steve Reid Replied
Did you even read any of this thread?
0
Robert Emmett Replied
Employee Post
Can you verify that the symbol is one of the following: ` (grave accent) ~ ! @ # $ % ^ & * ( ) - _ = + [ { } ] \ | / ? (space) I have tested your sample password against several test accounts, and they are successfully removed from the password compliance report.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Jon Eastwood Replied
It is as exactly as above but different letters of the alphabet and numbers but the ! is correct
0
Jon Eastwood Replied
Robert- Please ignore me - I am really confused as now its not on the list? I am sorry and will let you know of there is any other issues
2
Robert Emmett Replied
Employee Post
The ability to customize system-generated password policy violation messages has been implemented and is available in SmarterMail 14, which is currently in BETA testing.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Jon Eastwood Replied
great news as my 6 month reminders have started going out and already getting users email asking me if these emails are spam
0
Chris Danks Replied
HI
 
I am using Smartermail 14 Enterprise Edition
 
if i go to manage > password policy compliance
select all
send email
 
I want to compose an email that says your email address: EMAILADDRESS has a weak password
 
how would I replace EMAILADDRESS  with the email address of the email account??
0
Shaun Peet Replied
I believe the status of this thread should be changed to Resolved.

Reply to Thread