Dear Clients,
As part of our commitment to provide the best infrastructure for your services, we are notifying you of the following changes affecting all Linux shared hosting accounts. Please read the following details carefully as action may be required on your end:
Maintenance Type:
Security Changes - Disable Plaintext Authentication
Effective Date:
July 1st, 2016
Reason for Change:
Plaintext authentication (sending passwords to the server in plain text) poses a serious security concern for accounts on our shared services. There is an elevated risk for passwords to be compromised, which can lead to infiltration of your email and web hosting account(s) as passwords sent via this method are not protected with encryption. If someone were to intercept the password, it could potentially be used for nefarious purposes.
Effective Service Change:
Our team will be taking proactive measures to prevent the possibility of compromised passwords. To do this we will be disabling plaintext authentication on all shared and reseller servers.
** Action Required **
In order to prevent any service interruption when plaintext authentication is disabled, you will need to ensure that all email clients connecting to the server are utilizing TLS encryption for passwords by the effective date listed above. Please be sure to review the HostIcon article linked below for further details on switching to TLS authentication.
=-=-=
http://www.hosticon.com/client/knowledgebase/74/Disabling-of-Plaintext-Authentication-for-E-mail.html
=-=-=
**Alternatives to Using the Server Hostname**
1) Use the server hostname (eg. server.dizinc.com) along with secure settings: This is the standard secure method of connecting to the server.
2) Use 'mail.domain.com' along with secure settings: This will work functionally, but will throw an error / warning letting you know that the domain being used does not match the one attached to the server's SSL (server hostname). If you are okay with you and your clients seeing this warning when connecting to mail, then this option will work for you.
3) Install an SSL on 'mail.yourdomain.com', and use this domain along with secure settings: This will allow you to continue using 'mail.yourdomain.com' instead of the server's hostname. The cost of this solution includes purchasing an SSL and dedicated IP. Alternatively you could install the SSL on your domain, instead of the 'mail.' subdomain, and clients can use 'yourdomain.com' without the 'mail.' subdomain along with secure settings. Either of these methods will allow you to use your domain instead of the server's hostname without seeing any warning, as the mail client will connect using your own SSL instead of the server SSL.
4) Install a wildcard SSL on 'yourdomain.com' and connect using 'mail.yourdomain.com' along with secure settings: This will allow you to install the SSL on your own domain, and have the subdomain 'mail.' covered as well. Wildcard SSLs are more expensive than standard SSLs, but are more versatile. This will allow you to cover your domain and use your preferred mail settings as opposed to option 3 where you will need to choose whether to use your domain OR the mail subdomain.
**If You are Already Using Secure Authentication **
No changes are necessary on your end.
Clients Affected:
All shared and reseller clients.
Estimated Downtime:
We understand the importance of keeping your sites and services online, and our team is taking necessary preparatory steps to mitigate service interruptions and ensure our clients are ready for this change. In order to prevent any service interruption when this change takes effect, you will need to ensure that all email clients are utilizing TLS authentication per the instructions provided above.
Thank you so much for taking the time to review this notice. If you have any questions or concerns about this scheduled change, please don't hesitate to contact our staff for more details.
