Tech Bitch

GMX (Global Mail Exchange) is a major branch of United Internet AG, a stock-listed company in Germany in e-mail service provide. To be honest, I’d never heard of the company until I saw a double-page colour ad in a popular computer magazine touting ‘The Ultimate Choice for Webmail’. So I thought I’d explore…

GMX was founded in 1997. In Europe, GMX offers a free Web mail service called ‘GMX FreeMail’, which currently has about 10,000,000 active users in Germany, Austria and Switzerland, according to the company. That’s no small number! In November 2007, GMX launched an English language service called ‘GMX Mail’ (reviewed here) with its own data centre in the U.S. and a different range of features than in the German language version. Like the European version, the English version remains completely free of charge.

GMX provides solutions for home users, as well as small and mid-size companies. Because GMX Mail is Web-based, it’s accessible from any computer connected to the Internet (just like Hotmail, Gmail, Yahoo! Mail and others). More importantly, its features and convenience rival those of traditional client-based software that require installation on your computer - and it’s completely free! Of course, without an Internet connection you won’t be able to read, send or receive any messages - unlike offline mail clients such as Outlook which download all messages onto your computer.

GMX Mail offers a number of time-saving mail management tools. It’s also really pretty (looks a lot like MSN Live Hotmail,), and the interface is simple and uncluttered (are you listening Google?). A focus of the new service is security - the company claims that it draws on many years of e-mail expertise and offers sophisticated spam and virus protection for up to 98% fewer spam e-mails.

GMX’s virus protection is based on McAfee and Symantec scan engines, helping to locate viruses, worms, and Trojans - even in compressed file formats. GMX mailboxes are protected from spam with seven anti-spam modules, resulting in a good clearout of junk mail. Also important is uptime - GMX guarantees optimum performance with data centres located in Europe and the U.S. I’ve only been using the service for a few days so can’t really vouch for spam credentials, but in that short space of time I’ve had very little junk delivered - much less than Gmail in fact.

GMX Mail provides 5GB of free e-mail storage (maximum 50MB per attachment), and 1GB of additional free file storage for photos, MP3s and other files. This fares very well against the leading mail clients. E-mail names are available for the domains @gmx.com, @gmx.co.uk or @gmx.us, and changing e-mail names after registering is even possible. It also supports all the popular mail protocols (POP3, IMAP and SMTP), allowing you to import up to 10 e-mail addresses to your new mailbox.

The ad-free (e-mails actually have a GMX ad link placed at the bottom of the message) and non-cluttered interface is intuitive to navigate, though some may find the constant opening of new windows a little irksome. Easy formatting of e-mails and organisation is achieved by drag and drop, and a proprietary ‘mail collector’ allows collection of mails from third-party accounts in a single mailbox. There’s also an address book for online contact management, and it’s compatible with Windows, Linux and Mac OS X using Internet Explorer or Firefox.

GMX Mail is flexible and easy to use. Even seemingly complicated tasks like switching e-mail accounts is a breeze. Thanks to the GMX Mail Collector, all messages from your existing accounts will be collected and sorted into separate folders in your GMX mailbox. If you’ve tried all the other free e-mail services but still aren’t happy, it certainly won’t hurt to give GMX Mail a spin. [6.5]

Today, pretty much everyone has a mobile phone and there are even those who have two. While some of us are still using traditional mobile handsets to make calls and send text messages, there is a growing percentage of the population that is using more advanced functionality, such as e-mail and payment services.

To all intents and purposes, mobile devices are a far cry from the simple handsets that took off so dramatically during the 1990s, moving from becoming a business tool to something that everyone had and quickly grew to depend on. We now manage our lives - both professional and personal - not only using our computers but increasingly using mobile devices.

When it comes to computers and the Internet, we’ve had more than twenty years to learn about the need to consider security, and in many cases, experience has taught us much about what to look out for. Whether it’s a virus or a phishing scam that has caught us out, we’ve come to realise that our use of technology can make us a target for those who want to make use of our personal machines to either spread their evil malware or attempt to profit from our misfortune.

We saw a similar scenario with mobile phones, albeit not with the volume that we’ve seen on PCs: mobile devices can carry sensitive information as easily as PCs and while malware for mobile platforms has not been on the same scale as for computers, threats have been seen, and as mobile networks are used for more and more purposes, it’s probable that the volume of malware will continue to grow. Therefore, it should be no real surprise a recent survey demonstrated that more than one third of us question the general safety of mobile devices and services.

So what does this really mean for you - for the individual making use of the functionality that your mobile device can offer? In the first instance, you’re by no means immune to the threat of malicious code and more than one in ten (14%) mobile users have already been exposed to mobile virus incidents, whether this is personally or knowing of someone who has been infected. In the old days of simplistic handsets on voice networks, this would be an inconvenience, but today, with mobile messaging and Internet use growing, more information is send and stored using our mobile phones, which - quite simply - means that there is more at risk.

It’s interesting to note that this incident rate, while seemingly small compared to the PC world, is actually eating into users’ confidence, and 80% of mobile users cite virus infection as a legitimate concern. Furthermore, irritation levels are set to soar as mobile spam continues to grow: more than a third (38.6%) of us receives spam on our mobile devices at least once per month. These two points alone make it clear that mobile threats are out there and slowly gaining ground, but become even more serious when it is highlighted that 86% of us are concerned about security risks such as fraudulent billing issues or information theft.

The challenge is how we can respond to such issues, especially as we bought into the whole concept of mobile devices based on them being a phone, with no technical expertise required to operate it. Regardless of that, as handset manufacturers have created more advanced hardware in-line with the services introduced by the network operators, we’ve all got a little bit of technological genius in our pockets and we need to know how to deal with that.

Security software for mobile devices has a lot in common with the programmes we have installed on our PCs at home and at work - it has to be advanced enough to deal with the range of threats we face now and in the future and it has to be kept updated. But where do we get it? We don’t walk into the mobile phone shop on the high street and see boxes of software lined up next to handsets and hands-free kits. With these challenges in mind, it’s worrying, yet not altogether surprising, to learn that 79% of us are knowingly using unprotected devices.

Neither is it shocking to discover that 59% of global mobile phone users feel that mobile operators should be responsible for this and 56% of us think that security features should be pre-installed on the handset … after all, we’ve got used to Internet Service Providers highlighting the value of their security.

Only time will tell if the same approach is taken by network operators but in the meantime, it’s clear that we need to use our mobile devices with some awareness of how much more than a phone they really are and use some common sense to avoid becoming a victim. We know that replying to spam on our PCs will only confirm that our email address is valid and in use, so the same approach should apply on mobile devices.

Furthermore, we know that an e-mail offering us money if we reply with our bank details is not really what it claims to be. Above all, we have learned not to launch attachments and download files in e-mails and we have to take the same cautious approach with messages to our mobile devices.

In the world of information security, a little caution really can go a long way and while there is no substitute for sound security technology, being aware of the threats and knowing what to look out for can help us to deal with the risks we face as we continue to get the most out of the miniature computers call our phones.

Thanks to Greg Day for getting this off his chest

Adding another trick to their toolkit, spammers are now abusing the ‘out of office’ feature of Web-based e-mail services to relay their junk messages into the inboxes of unsuspecting Internet users. I can’t believe it has taken so long. Anti-virus boffins have recently seen several instances where spammers set up Web-based e-mail accounts and configure auto responders with spammy messages. The miscreants then sent e-mail with fake ‘from’ addresses - the spam targets - to their newly created Web-mail accounts. The ‘from’ addresses subsequently receive the spammy ‘out of office’ notices.

This may sound like a convoluted way to send spam, but spammers do it to trick spam filters. An automatic reply from a well-known Web-based e-mail service will look legitimate to many spam filtering tools. Unlike spam sent by botnets, the auto reply spam will have a legitimate sender and will be signed with the correct signatures used to sign e-mail messages, such as DKIM, DomainKey or Sender ID.

One spammer seen using this technique is advertising an adult Web site - no surprises here! The auto-responder spam does not look like a typical out of office reply. The message subject does always contain ‘Re:’ because that’s added by the Web mail service, but the spammer controls the rest of the subject line and the message body text. In the examples a popular anti-virus manufacturer could only determine that the mail is an auto responder by carefully looking at the e-mail headers.

I suspect the spammer has a program that automatically creates accounts and sets the responder text, all with no manual work required. This gives the spammer the capability to have lots of Web-mail accounts, all used to spam lots of people. All is not lost: the spam should be blocked by a decent anti-spam product through a combination of header and message content checks.