Google and other providers have recently started branding web interfaces as unsafe if they don't meet certain security requirements, not simply because malicious content is detected coming from the site. These security requirements could cause your site to be flagged as insecure, even if it doesn't contain malicious content.
One of the security requirements is the use of an SSL certificate on the domain used to host the SmarterMail web interface. Google and other providers no longer consider authentication over plain HTTP to be a "best practice". As such, users may start seeing a bright red warning screen when navigating to SmarterMail from Chrome or other modern browsers. An example of this warning is below, though the actual text and/or reason for the warning may vary:
If an unsafe browser warning is seen on your SmarterMail site, you can navigate to the site below to determine why:
More information about the safe browsing requirements can be found at the link below:
Some additional steps that may alleviate this issue as well:
- Implement an SSL certificate for your web interface. For complete steps on this process, refer to the KB article, Configure SSL/TLS to Secure SmarterMail.
- In addition, you can force all webmail traffic to utilize that SSL certificate by following the steps in our KB article, Force Webmail Traffic Over HTTPS. This process involves configuring SmarterMail in IIS and enabling a setting within SmarterMail. When completed, this will force users who type in the standard "http://..." to a secured, HTTPS connection.
- Just to be safe, run a scan for malware infections and malicious pages on the SmarterMail web server.
- Finally, implement domain and user throttles to prevent spam generation from your server in the event of a compromised account. More information about this process can be found in the KB article, Set Up Throttling for Domains.
Remember: just because your web interface is flagged for "malicious content" doesn't mean your web server was compromised. Implementing an SSL connection using an SSL certificate and then forcing that HTTPS connection is probably all you need to restore your web interface.