We Are Taking Steps to Secure Your Website and Protect Your Email

By default, your WordPress-based site sends email directly from the web server without any validation or credentials. But due to increasing email security, most mail servers now accept only mail which has been sent through an authentic email server. Relaying mail through a valid web server with a username and password will ensure the “deliverability” of your emails.

Also, should someone gain unauthorized access to your site, they could use your website to send spam mail, which could get your domain blacklisted and could potentially block your organization’s important email from being delivered to clients, colleagues, and others.

As a continued effort to protect your website and your business communication, we are disabling this older, unsecure method of sending email directly from your web server and will be relaying all mail through your organization’s mail server.

What We Need from Your Firm

As we disable the sending of mail from your web server, we will “relay” all future mail from your website (contact form responses and other notifications) to your mail server along with a username and password for an SMTP account on your mail server, and your mail server will send an authenticated email message.

To do this, we will need your IT agent to create an email account on your firm’s server, then provide us with the SMTP credentials for this account.

To relay notification emails from your website, we simply need the following information:

SMTP Server Address:
SMTP Username:
SMTP Password:
SMTP Port:
Encryption: (TLS / SSL / None)

IMPORTANT NOTE: To allow connections to Google G-Suite and Gmail accounts, you will need to enable connections from non-OAuth external systems (such as your website). To do this, you will need to “Enable Less Secure Apps”. When logged into this account, you can enable this type of connection for this account only, by visiting this page.

https://www.google.com/settings/security/lesssecureapps

The term “Less secure apps” refers to applications that send your credentials directly to Gmail (rather than the user individually logging directly into the gmail account). This method, though referred to as less secure is substantially more secure than the older configuration, which offers essentially no security at all.

Resulting in a More Secure Web Site and Email System

These authenticated messages are less likely to be considered spam, because they are coming directly from your email, just like the rest of your business email. Eliminating the threat of your site sending unauthorized mail which may be considered spam prevents your legitimate mail from being blocked by email spam filters.

We consider this as priority and would like to move to secure your sites and the servers with the above information as soon as possible.

Thank you for your cooperation.