Updates to your email server settings

What you need to do now

Make sure your settings are up to date by checking them against the details below.

The main difference (based on historical data) is that the incomming and outgoing mail settings now need to be authenticated with a password, rather than ‘challenge response’. You may also need to change the default outgoing SMTP port to 587 (rather than it’s default).

Your details should match up with either the IMAP or POP3 settings, depending on which connection you use. We always recommend the IMAP rather than POP3, so your emails are backed up to the cloud as well as your device.

If your details do not match after the legacy authentication method is disabled, you might not be able to authenticate and access your mailbox.

If this happens, please check that your settings match those listed in this support article. And of course, let me know if you need help.

Our standard and premium mailboxes can be loaded onto your device or through your mail client either with a POP3 connection or an IMAP connection.

By using an IMAP connection, you can have multiple clients simultaneously connected to the same mailbox. For example, you can have email on your phone, your tablet, and your computer, and when you delete a message from your phone, it will also be deleted on your other devices, for this reason we recommend using IMAP over POP3.

The way your device or mail client is designed may be different than how other programs or devices work, with different names for the same steps.

Your device or program should have detailed information on how to add and set up mailboxes onto the system, but there are general pieces of information you need to complete the process.

When selecting the account type, select IMAP.
Your User Name is your full email address.
Your Password is your mailbox password.

Notice: In August 2021, they announced that we are disabling legacy authentication on our mail servers and you should check your settings. This change does not mean you need to change your IMAP/SMTP server, only that you review the authentication method used.

As of Sept 2021, if you’re using an Apple laptop/desktop device (rather than iPhones which seem unaffected), due to some sort of glitch in the way the system has been updated, if your emails suddenly stopped to sync despite all the settings being correct as below, it’s likely you’ll need to:

  1. Backup your emails locally (just in case with IMAP. You MUST do this if using POP3).
  2. Remove/delete your email account from your email program.
  3. Restart your email program.
  4. Add a new account (using the latest email settings for the same account you had before). You’re likely to need to click through a few ‘Advanced’ options to change the port number and address, etc.
  5. Wait for your local account to sync with the cloud imap version, which may take a couple of hours depending on how many emails you have stored.
  6. If this looks to have worked, but all your email sub-directories are still empty after the syncing progress bar seems to have finished, you may need to start from Step 2 again.

If you use IMAP:

User Name: bob@thisismydomain.com
Password: password123

Outgoing Mail Server: mta.extendcp.co.uk
Outgoing Mail Server Port: 587
Outgoing Mail Server SSL: STARTTLS
Outgoing Authentication Type: Password

Note:
 Your mail server can be set to mail.yourdomain.com or mailXX.extendcp.co.uk (mailXXbeing the server your package is assigned too (this can be found in your control panel).

Incoming IMAP Server: imap.extendcp.co.uk
Incoming IMAP Server Port: 993
Incoming IMAP SSL: SSL/TLS
Incoming IMAP Authentication Type: Password

If you use POP3:

User Name: bob@thisismydomain.com
Password: password123

Outgoing Mail Server: mta.extendcp.co.uk
Outgoing Mail Server Port: 587
Outgoing Mail Server SSL: STARTTLS
Outgoing Authentication Type: Password

Note:
 Your mail server can be set to mail.yourdomain.com or mailXX.extendcp.co.uk (mailXXbeing the server your package is assigned too (this can be found in your control panel).

Incoming POP3 Server: pop3.extendcp.co.uk
Incoming POP3 Server Port: 995
Incoming POP3 SSL: SSL/TLS
Incoming POP3 Authentication Type: Password

If using an iPhone

If you are using an iPhone, you will need to click through a couple of the ‘Advanced Settings’ options, to be able to view and make these changes.

.htaccess housekeeping

As some general protection for WordPress sites hosted with me, or with HeartInternet, adding the following code to the top of your .htaccess file should help reduce the chances of your wordpress site being hacked.

# Update PHP to version 7.3
AddHandler application/x-httpd-php73 .php

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

Regular Backups

One of my clients had their website hacked yesterday, this was through their WordPress login, and seems to have occurred as a result of some vulnerabilities on their own computer, likely releasing their username and password. No other sites on that server so far seem affected.

The client hadn’t made any recent backups of their WordPress database, but had years of content on their website.

The hackers had put some sort of automated program to add three sections of JavaScript on every page, post, and image description. This accounted for nearly 750 instances of spam content that had to be carefully removed.

They’d also added themselves as a new user under the email wordpressadmin@test.com

Hackers had then changed the site URL within WordPress to automatically bounce users through a bunch of affiliate pages on alternative websites, also meaning that you can no longer log in to the WordPress console.

Fortunately though, they left the main content of the website intact (just with the extra spam content). I also still had full access to the server data itself, as do all my clients.

After editing the .sql database directly to remove the redirect, I was then able to log back in again to the WordPress console, generate new passwords for all users, and remove the extra spam user that had been added.

After realising how many instances there were throughout the website of the spam content, I felt it was going to be easier to again modifying the SQL database file as plain text, to remove all instances of the JavaScript addition, and restore the site to its previous state (using the ‘find and replace feature in plain text notepad editors).

This could’ve also been done via the WordPress console using the ‘tools/export site’, and then importing the site back again after are removing all existing content. But that would’ve meant removing all existing content temporarily, and I’d rather do the comparatively quicker change of just updating the database file directly.

I have subsequently also made a collection of backups in different forms for the client.

This problem the first appeared as just the site taking an age to load, so it seems as though we caught it early.

But please, make regular backups in multiple locations of all of your key data, whatever that is.

If you don’t want to lose it because of a hardware or software glitch, or a hack like this one, having a recent backup really is the best option.

Changes to your email

If you’re using your domain name to host your emails with us (rather than using Gmail, or similar, for example), as of September 2019, any mail client sending via SMTP through the mail server associated with your domain name, should use port 587 instead of ports 25 or 465.

Details on how to change this will vary on your mail client, but we’ve detailed some of these further down this article.

It is also advisable to use STARTTLS for your encryption method.

Outlook

  1. Select File
  2. Select Account Settings
  3. Select Account Settings from the dropdown
  4. Select your email account from the lists in the Email tab and select Change
  5. Select More Settings
  6. Select Advanced
  7. Change the Outgoing server (SMTP) option to 587
  8. Change the encryption types on both IMAP and SMTP to STARTTLS
  9. Select Ok
  10. Select Next
  11. Once tests have completed select Close and then Finish

Windows Mail

  1. Start Windows Mail, click the Tools menu at the top of the window and then click Accounts.
  2. Select your account under Mail, and then click on the Properties button.
  3. Go to the Advanced tab, under Outgoing server (SMTP), change port 25 to 587.
  4. Click the OK button to save the changes.

Outlook Express

  1. Start Outlook Express, and then select Accounts from the Tools menu at the top of the window.
  2. Double click on your email account.
  3. Under the Advanced tab, change the Outgoing server (SMTP) port 25 to 587.

Thunderbird

  1. Select Tools
  2. Select Outgoing Server (SMTP)
  3. Select the server for this account then Edit
  4. Change the port to 587
  5. Change the Connection Security option to STARTTLS
  6. Change the Authentication Method option to Normal Password
  7. Enter your full email address as the User Name
  8. Select OK
  9. Select OK

Mac Mail

  1. Select Preferences
  2. Select Accounts
  3. Select the Outgoing Mail Server (SMTP) drop down menu, then Edit SMTP Server List
  4. Select the SMTP server for this account
  5. Change the Port to 587
  6. Select OK

iPhone

  1. Go to Settings
  2. Select Passwords & Accounts
  3. Select your email account
  4. Select the Account
  5. Under OUTGOING MAIL SERVER select SMTP
  6. Select the server
  7. Update the Server Port to use 587
  8. Select Done
  9. Select < Account then Done

Android Mail

  1. Open the Email App
  2. Select Settings
  3. Select Account Settings
  4. Select the account you wish to change
  5. Scroll down to More Settings
  6. Select Outgoing Settings
  7. Change the port to 587 and the Security Settings to STARTTLS
  8. Select Done

Designing for Accessibility

accessibility-posters-set.pdf

Some really great information, developed by a friend, and now with Home Office recommendations.

These posters cover the following access needs:

  • Autism
  • Deafness and hard of hearing
  • Dyslexia
  • Physical or motor disabilities
  • Visually impaired – low vision users
  • Visually impaired – screenreader users
  • Anxiety

You can access the full suite of documents in a number of languages, through the following link:  https://github.com/UKHomeOffice/posters/tree/master/accessibility/dos-donts