Understanding Email & Collaboration

Collaboration is one of the buzzwords doing rounds in tech conferences and forums of late. Almost everyone agrees collaboration is needed, but not many have thought of what will it really achieve for their organisation, or whether to do it at all. When one says “collaboration”, an average 45-50 year old pictures a group of team members sitting in a meeting room, having a conversation with an objective to achieve something.

The oxford dictionary defines collaboration as “The action of working with someone to produce something.” This definition doesn’t really do justice to the curiosity that surrounds this topic.
At the outset, let us, for a moment, agree that collaboration is not just about adopting a new technology, it’s about behavior. Effective collaboration” requires a major focus on culture, the deployment and use of technology and the adoption of certain processes

Teamwork is the foundation of any business. In the realm of business practices, collaboration is when diverse teams work together inside and outside an organisation towards a common goal, while employing technology for effective interactions.
Technology can bring teams together and that they can share virtual and physical space, hence they don’t need to be in the same physical location.
For example, the product, sales and finance teams of an organisation working with their channel partner towards preparing a proposal for a prospective client.

While technology can enable the teams to schedule this meeting, have a video call between these teams sitting in different offices and work on a common slide show or a spreadsheet, the organization needs to have a culture that encourages such interactions and has processes to monitor and regulate the information exchange.

In a way, we have literally been collaborating for a long time. When we’re emailing, essentially, we’re collaborating with our colleagues, customers, partners or vendors.
Email is the de-facto standard when it comes to collaboration tools. We use email all the time to request our colleagues to send something to us, do a task, share important information or update the status on a task. However, with the complexities of business practices ever increasing, traditional email needs to be reinforced with certain collaboration tools for effective interactions, ones which save time and effort and make the whole interaction process fun.

Let us look at 5 important collaboration tools that organizations can adopt based on their needs and thus improve their productivity.

  1. Collaborative Inbox
    This is useful for technical support or customer service teams which deal with hundreds or thousands of customers.
    Your support staff will receive your customers’ messages on an address support@your-company.com, and they can do any of the following from the group’s dashboard:
    • Assign responsibility for a topic to a member of the group.
    • Assign tags to customer queries. Example: “sales enquiry”, “feature request”, “service issue”, “upgrade request”, etc.
    • Escalate and track the ticket associated with the query to other teams/professionals.
    • Filter topics according to tag, resolution status, or assignee.
    • Mark a topic as resolved.
  2. Email Delegation
    Mailbox delegation lets some another person in your organisation access and send emails on one’s behalf.
    The owner of a mailbox can delegate a person ‘Restricted Access’ of his mailbox.
    For example, a delegate can view emails only from a particular list of senders or having a specific subject line.
    The access can be limited to only reading and replying to emails, while restricting deletion and forwarding the emails.
    Email sent by a delegate can display the account owner’s name along with a tag indicating that it has been sent by a delegate on behalf of the owner.
  3. Calendar Sharing
    Calendar Sharing allows for users to invite people inside their organisation to see their calendar and, if proper access is granted, to even add or edit events.
    Users who share their calendars can specify how much detail the recipients can see and/or modify. Calendar sharing is done only between people of an organisation.
    Calendar Sharing should be used if :
    • You want to share your calendar with a set of people, like your team members or your partners.
    • You want others to schedule events on your behalf.
    Besides sharing of calendars, people in organizations can see free or busy information of other people and can schedule events accordingly.
  4. Document collaboration
    Document collaboration tools allow team members to view, edit and work simultaneously on a document without sending emailing attachments to each other all day. This requires your documents to be on the cloud. This way, you can access your files on any device. You won’t panic if your laptop goes down! Once you create a document it’s easy to share it with others via email or a shareable link. You can also secure the document by restricting edit permissions to certain people and mandate a 2nd factor authentication like OTP via SMS/Email for certain users. You can work on a document with your teammates simultaneously over the cloud using a standard web browser and see who is editing what in real time.
    Users can save their documents in the cloud storage drive and organize them in folders and sub folders. Other features like searching through your cloud drive for files, viewing all files shared by & with you are standard features of the document collaboration tool.
  5. Group chat
    Group chats have been gaining popularity. No one likes to be in long email exchanges with many people. It’s just too cumbersome to go through a long email thread just to figure out if you have been addressed to perform some task or handle some responsibility.
    Group chat tools take away the fatigue of attending to long group conversations. You can be alerted when someone addresses you or sends you a message. People can also share documents and media through group chat. Moreover, people in organisations can create chat rooms on the fly, invite others, and assign permissions to who can send what to whom.
    With audio and video group chat across devices, teams can communicate better in real time, even share presentations with clients or vendors, share their screen and conduct online demos.

There are many more business email collaboration tools that organizations worldwide are using to help their employees team up better.
In India, though, owing to poor internet speeds and internet bandwidth issues, many of these tools may not be effectively deployed.
The five collaborative tools mentioned here, however, have become critical to ensuring the setting up of a modern, connected workplace.
So when choosing your business email solutions provider, do check if these tools are a part of what’s being offered to you.

Secure, Cloud based Enterprise Email Solution for Businesses and Professionals from the popular Rediffmail service

Demystifying Spear Phishing

Spear phishing is the new kid on the block which has been giving sleepless nights to email security folks. Spear Phishing is a specialized and more targeted type of phishing attack. Traditional phishing attacks are one-to-many types, which are usually conducted by sending malicious emails to as many people as possible. Such emails appear to come from trusted sources like your bank, or some other online utility service and they contain links to deceptive sites which make victims reveal their passwords, sensitive account information, confidential pins, etc. Sometimes the phishing message try to lure the victims into opening infected attachments which once opened can seize control over victim’s device and harvest sensitive information stored on the device.

The bait – malicious URL or attachment

The modus operandi of Phishing attacks is to cast a wide net. Phishers seem to spread their enticements all over and don’t care what kind of fish they catch – as long as the victims take the bait, they can infiltrate and cause the damage. In contrast to the mass email approach of Phishing, Spear Phishing is a targeted attack or rather one-on-one, where the Phisher creates a fake narrative or impersonates a trusted person and establishes a conversation with the victim. Only later does the Spear Phisher request confidential credentials or sends a malicious URL/attachment. Though the end goals of Phishing and Spear Phishing are the same, the tactics employed by the two vary.

Social Engineering & Research

Spear Phishers do a lot of research about the intended victim before crafting their first message. They study the social media profiles like Linkedin, Facebook, etc. of the victim and try to build a profile around the victims work and general life. The chosen victims are ones who have access to some sensitive information about their organization like intellectual property, bank passwords, etc. The Phisher sends an email to the victim which seems to come from a colleague or business associate. The first few interactions do not contain any link or attachments, hence are difficult to be detected by anti-spam and anti-virus filters. After a few interactions, the Phisher either sends a link to the victim that can infect his machine with a spyware or sometimes even drives the victim to share some IP or transfer money to his account, citing an extraordinary situation.

Real life examples

  • The business impact of Spear Phishing attacks can be devastating. In 2014, Sony Pictures faced a huge reputation damage when private email were exchanged between executives revealing embarrassing comments about famous people. The studio lost control of complete, unreleased movies, which fell into the hands of digital pirates. The company had to incur a cost of around $8 million to settle lawsuits with employees who were forced to protect their identities from the theft.
  • In 2015-16, the Russian cyber espionage group Fancy Bear allegedly committed one of the more famous spear phishing campaigns and infiltrated the Democratic National Convention in USA to steal emails. The Russians had gained access not only to email systems but also to backup servers, VOIP calls, and chats. Between repairing and replacing equipment and hiring experts to manage the fallout, the expense was over a million dollars.

Conventional Anti Spam filters derive signatures, recurring patterns & phishing URLs by using information from previously identified threats. This arrangement was successful in fighting mass spam emails – which threatened to make email unusable. However, email security based on signature and recurring patterns is completely ineffective in identifying the ‘one-off targeted Spear Phishing attacks’. The first few emails sent by Spear Phishers do not contain any attachments or links, thus go undetected by spam filters. The Spear Phishers intention is to build a trust with the victim. Phishers usually send emails from legitimate email addresses having good reputation and spoof the display name. Victims get deceived and take the received emails at face value. They do not bother to check the actual email address of the sender which may reveal the hoax. Since Spear Phishing emails spoof the display name and not the actual email address, they are not filtered by DMARC, which relies on policies enforced by senders with respect to their domain names.

Considering the risks of opening and reacting to Spear Phishing emails it is important to educate your users to be vigilant. Here are some tips to that can help protect your users from Spear Phishing:

  1. Be judicious while posting your personal information on social media.
    Hackers use social engineering techniques as a first step to gather information about victims.
  2. Do not hesitate to check with the sender if you are not sure about the authenticity of an email.
    Impersonation by manipulating the display name of a sender is a common ploy used by hackers. To counter the familiarity exploit, your users should not hesitate to check the authenticity of the email with the sender. This is even more so decisive when the email seems to come from someone familiar and makes some request that seems out of the ordinary.
  3. Check before you click.
    Hackers hide malicious URLs in emails behind URLs that look genuine. Educate your users to hover over the hyperlink to see the destination URL first and if not familair then do not click.

The above behavior based approach is easier said than done.  Sooner or later, someone will click on something that will expose your systems to a breach. Using the right endpoint protection, one that assists in doing this behavior analysis helps. The Rediffmail Enterprise integrated Spear Guard filter uses artificial intelligence consisting of machine learning and predictive heuristic rules to identify and block Spear Phishing attacks even in their initial stages and also saves you from the inconvenience of dealing with multiple vendors to protect your email  infrastructure.




Secure, Cloud based Enterprise Email Solution for Businesses and Professionals from the popular Rediffmail service

Top 8 things to choosing your Business Email service


Email is the backbone of any business and managing it well has become mission critical for the company. Gone are the days when SMEs fret over their changing email needs and availability of the email solutions that just fit your growing organisational needs. Large organisations no longer considered that on-premise hosted email solutions is the only option for confidentiality, control and better management of mails, and they do realize that it is just a  ‘white elephant solution’. Today with the right cloud based email solutions, businesses Small, Medium or Large  can focus more on their core business than spend time on their email solutions.

Here are the top 8 things that SMEs and large corporate must consider before choosing a business solution:

  • 1. Cloud based email solution provider Cloud based email services have become increasingly popular over the past few years and we have come across several entities using them successfully for their business. The advantages provided by having hosted email solutions stand to benefit small-medium enterprises the most. There are no hard decisions involved since the amount of investments is very minimal and absolutely no hassle of deploying resources to manage these services. The costing model is also simple and straight forward which would help businesses manage their cash flow better and focus on their core activity. To conclude, Cloud based Email stands a good bet for small to medium enterprises to adopt with little risk.
  • 2. High availability Ask any business leader what he feels is an acceptable amount of email downtime, and he will most likely respond with, “None!” But if you share with him the additional investment required to further ensure that high bar of email availability, he’ll likely revise that answer. Certain industries like financial services, where downtime translates very clearly into lost profits, are typically more likely to prioritize uptime. In addition, uptime can’t be measured by the availability of the email server alone. Email is as good as down if the antivirus filtering hangs and prevents delivery or a mobile email service fails and employees don’t get emails on their smartphones.
  • 3. Assess your mail box requirements Get an idea of the total number of mailbox needed currently and in near future. Also consider the email storage requirements. Mailbox sizes have been steadily increasing over the years, with 36% falling between 500 MB and 999 MB but still not at the rate employees would like — nearly 80% of companies regularly receive complaints that their employees’ mailbox sizes are too small. Cloud-based providers typically offer much larger storage quotas at a much more attractive price than organizations can do for themselves.
    For a SMEs 2 GB (That is about 100,000 emails of average email size 50KB) would be good to start with but for medium size organisations 5 GB would be a better option. For larger enterprises 25 GB recommended as it completely shields from storage growth requirements.
  • 4. Multiple the point of access Look for a business email solution that allows multiple points of access. With Internet access on multiple devices becoming a norm, it is imperative that your mail is accessible from any device. This keeps your employees, be it in the office or out in the field always in touch with their office emails 24×7.
    Web-mail client: Use this from anywhere as long as you have a browser. Web clients for email access have evolved significantly and incorporate much more than basic features. Mobile: For popular platforms such as Android, Windows, iOS and Blackberry, via applications that is usually free to download. Desktop clients: Access your business email using desktop installed clients like Outlook and Thunderbird or on mobile devices such as Blackberry and tablets like the Apple iPad. Features enabling such a access are POP (Post Office Protocol), SMTP (Simple Mail Transfer Protocol) and IMAP (Internet Message Access Protocol) on a secured connection via SSL encryption. Also look for device synchronization. You take an action on one device and it is synchronized across all for e.g. you add a calendar event on PC, you can also see it and even edit it on mobile. Also resume from where you left on another device.
  • 5. Powerful admin controls For SMEs an easy to use control panel that allows managing the email service of your company is needed – Adding email IDs of new employees; deleting the IDs of the ones who have left. When an employee leaves the company, you can withdraw the email id assigned to him so that the emails remain with you. Also make sure you can remotely manage the security of your company data by restricting access and controlling the incoming & outgoing mails. For larger corporate, you may need your email administrators to set password policy, send newsletters to employees, assign privileges, create user groups and use many more such useful tools to manage the service efficiently. Also as an administrator of your office mail you need a continuous report of how your employees are using the email service. This will help you to control the usage and costs.
  • 6. Security Since security is an inherent requirement of any business email, we provide a secure login to the mail service using ‘https’, where ‘s’ stands for secured. This ensures that no unauthorized entity can intercept your information without your consent. Look for the email solution provider’s guarantee on virus protection against unwanted spam and malicious viruses.
  • 7. Archiving Storing a copy of emails from important email accounts into an archival mailbox prevents data loss is important for Large enterprises. Providing archiving often incurs added cost in providing email for each employee. Not all employees carry the same archiving requirements, but some companies tend to think of archiving as an all-or-nothing decision for their workforce.
  • 8. Support options Make sure your business email provider allows multiple support options via email and customer support & technical experts helpline including advanced support with escalation matrix and SLA.

Rediffmail Enterprise is an Award winning cloud based email solution provider for Small, Medium and Large size customers that delivers high availability, high security and responsive customer support.

Secure, Cloud based Enterprise Email Solution for Businesses and Professionals from the popular Rediffmail service

Are you using a mobile-ready business email?


Long ago telephone was a means of communication to talk to someone if they happened to be at home. In today’s world mobile phones are not only used for multiple activities apart from the traditional phone call but they have become a 24×7 necessity.

This hand held device has completely changed the way we communicate enabling us to send photographs, videos, audio recordings, instant messages to friend and family across the globe.

Mobile technology, from mobile email to social networking & mobile wallets has transformed the way people interact with each other in their personal life as well as at work, within organisations.

They have become such an integral part of modern life today as they grant people a constant connectedness to the world.

On an average people spend 2 to 3 hours per day of personal time socialising online, however for the 8 to 10 hours we spend at work we find ourselves using “email” as a means of communication most of our time. Email just “works” due to it’s simplicity and mass appeal. With the advent of mobile phones or rather smart phones email is becoming a more powerful tool especially when you are on the go.

It all started with companies providing mobile access to web-mail but device compatibility and subscription charges were a big hindrance back in the year 2008 in India. The email service on mobile kept changing over all these years & still does to improvise and serve us better communication features on the go.

There was a time when one would have to sit in front of a desktop to do his/her work related research or send a photo or video as an attachment through email to someone living abroad. In today’s day & age, smartphones provide the facility of attaching any content – photos, videos, audio recordings etc. through emails & send them even when at lunch.

Now people send work related emails while getting ready for work itself or when they are on a holiday. Today mobile email has become an integral part of businesses, not only for big corporates but also small & medium enterprises to remote access to emails anytime anywhere. Some of the benefits of mobile email to such businesses include – Greater responsiveness to clients, partners or customers, Improved work life balance for employees. Other benefits include finding new business opportunities on the go as well as work more closely with employers, suppliers, customers and other resources at all times.

If used for the right reasons and in a balanced way, mobile phones & email usage on mobile can reap maximum benefits to any individual using them on the go.

Today organisations are on the rise that allow users to work via mail from anywhere and from any device of their choice. With more and more use of multiple devices per user, your email needed to be completely synced across devices, along with your key contacts and calender appointments.

Just on a mobile device, user can now configure his default mobile email client or access mobile webmail or even download the email app to access email, the options are plenty.

With multiple access points, restriction and management of access points is an important feature that admin requires over the cloud to remotely provide, change and even deactivate or remote wipe user accounts as required. Admin can even provide addition layer of security using the users mobile via 2FA feature.

Rediffmail Enterprise helps Small, Medium & Large enterprises to manage their business email over the cloud based on various needs of the organisation, including their mail mobility needs.

Business email spam & virus problems?

According to recent statistics, around 90-95% of email traffic around the world is spam. The disruptive impact of spam and other email abuse has resulted in two types of approaches to deal with the menace.

  1. The first approach focuses on detecting and filtering problem messages. This is done by techniques that attempt to identify bad mails using pattern detection and based on other facts about the contents in the email.
  2. A complementary, but quite different approach, seeks a basis for trusting a message rather than for mistrusting it. This is done by profiling and identifying the sender and validating the sender’s authenticity.

Rediffmail uses a combination of both the techniques to filter out unwanted mails and keeps the users mailbox free from spam. The Rediffmail spam control system is like a funnel, which filters out unwanted messages at various stages and delivers only the good messages to the user’s ,mailbox. Here is a list of the different modules in the Rediffmail spam control system:

IP based filtering 

This is the first level of filtering. At this stage, the reputation of the sender’s IP is established, based on which messages are accepted, rejected or deferred. Generally messages are rejected which originate from IPs that are known to send spam, malware or belong to machines that have been compromised or are open relays. Message are deferred which originate from IPs that tend to send Bulk mail in large numbers or from IPs that send unsolicited mails that have not been requested by the recipients. Rediffmail uses a combination of internal as well as external sources to generate the IP reputation database.

Domain Signatures / RDNS and Fake NDR filters. 

At this stage, the spam filter tries to establish the reputation of the sender by validating the sender’s SPF, DK, DKIM and RDNS records. Mails from senders with incorrect signatures or with non-existent RDNS records are filtered at this stage. Spammers who send mails by faking sender ids result in lot of Non Delivery Reports (NDRs). Though the NDRs are not really spam messages, but they can be a cause of nuisance for users who receive a lot of such messages. Rediffmail uses a home grown technique to identify and block such fake NDRs and not let them reach the users mailbox.

Content based filtering 

At this stage, the spam filter uses techniques which try to finger print messages and try to classify messages based on the patterns in the content of the email. Finger printing of messages is done by examining patterns in messages, rather than just the content and comparing them against the corpus of bad and good patterns that have been built over a period of years of learning. The filter at this stage also considers recurrence of patterns over short time spans to identify unsolicited bulk messages. One of the techniques used to filter out bad messages is to examine the nature of URLs in the content. Rediffmail uses a combination of internal as well as external sources to build a database of bad URLs. The corpus of bad patterns and URLs is also generated based on feedback from other users who report messages as spam. At the end of this stage, messages are classified as containing malware, phishing mails, other scams like lottery scams, etc.

Reputation based filtering 

This is the final stage of filtering in the spam control system. At this stage, the reputation of the sender is established with respect to the recipient, based on the actions taken by uses on the emails that they send and receive. Messages from senders having a bad are filtered out and messages from senders having a good reputation are accepted and delivered to the user’s mailbox. This technique to do so has been built and grown in house. Apart from this Rediffmail has a dedicated team which works on daily Spam control issues, such as detecting False Positives, monitoring the classification of messages, monitoring the reputation of IPs, etc. Over and above the above spam filtering funnel, the administrator of domains can control the SPAM filter or individuals as well as for the entire domain. Administrators can enable/ disable spam filters as per the requirements and also enforce restrictions on incoming & outgoing mails with respect to senders, recipients, attachments, etc.


So do you have all these in your built-in Anti-Spam & Anti-virus system in your current email service? If not you may be in for some serious trouble.

Rediffmail Enterprise is a CIO choice award-winning business email service for small, medium & large enterprises with spam & virus protection of global standards. A representative of Messaging anti abuse working group (MAAWG, an international organization responsible for addressing messaging abuse holistically by knowledge sharing, industry collaboration and public policy)  who has contributed to address issues relating to SPAM originating from India. Rediffmail Enterprise’s multi-layered SPAM filtering mechanisms help filter out up to 99.9% of SPAM messages and known viruses trying to reach user’s inbox.

Are your Business email users TFA secured?

In today’s email age, the biggest challenge that most companies face is data security. Therefore, it remains the top priority across all organizations.


At Rediffmail Enterprise, we have made some modifications to the security features that make your business email more secure. The unauthorized access to email accounts is the major concern raised by most IT administrators of organizations today. This breach is usually caused when users access their email accounts on public Wi-Fi platforms or set the same password for more than of their email addresses, social networking accounts, e-commerce site profiles, other online profiles and so on.

Our team performed a thorough analysis of the data based on the issues faced by the administrators and rolled out the Two Factor Authentication (TFA) feature within the current interface to address the security concerns. TFA is a technology to ensure that only the genuine owner of the account is allowed to access it. When TFA is enabled for a user, the system sends a four digit pass-code to the user’s registered mobile number. The user can only access the mailbox if both the password and pass-code are verified. The TFA also ensures that only the verified user can make security changes to the account like changing the Password and using add Auto-Forward feature.

How to enable two factor authentication for my domain?

As an administrator, you can enable TFA for the entire domain or selected users by clicking on Domain level management within the admin panel and further clicking on ‘Feature Access Restriction”.

What happens if user have not specified his mobile number?

The user must add mobile number to the account for enabling the TFA feature as it needs a registered mobile number to send the pass-code. If user has not specified his mobile number then TFA will not work for him

Does TFA works for international mobile numbers?

A pass-code would be sent to user’s mobile even if the user is based out of India. Activating this feature will surely assist to keep your business email more secure. We are also continuously looking to enhance our current email solutions with more and more advanced features.