Sometimes our technicians will ask for you to create a ticket in the control panel rather than emailing a request. Or, if you are on the phone we will ask for your login and password and cannot proceed without them. This policy is for the security of your account. The following instances are only some of the possible threats that authentication helps to prevent.
- "Spoofing" is an issue for everyone. Spammers frequently use it to cover their tracks, but attackers of all types can easily spoof your email address and request changes that can jeopardize your account's security or functionality.
- Email accounts are also routinely hijacked via phishing attacks, users with the same password across multiple accounts, infected computers transmitting credentials to a remote attacker, and other mechanisms.
- Employees can also leave an organization, but still have access to their old email addresses (or, could "spoof" them), and may make changes that are unauthorized by your company.
For these reasons we may need to authenticate your requests if you're making changes that impact your infrastructure. For instance:
- Changing your mail server's IP/hostname (this could re-direct your email to an attacker's server)
- Changing or canceling a service (this could incur charges, or impact your mail flow)
- Whitelisting or blacklisting addresses (These could be used to block legitimate email, or allow through an attacker's messages)
- Requesting reports of mail transferred through our service (this could be used to gain information into your users' activity)
While we can complete most requests without authentication, sometimes we will need the login and password to assist us to look out for your company's security interests, and we appreciate your help.
If you're not sure about whether your request needs authentication or not, feel free to give us a call, email or chat any time and we'll be happy to help!