To ensure the security of our email platform, we will periodically require password resets for mailboxes with weak or compromised passwords. When this happens, we reach out to the impacted end-users on your behalf and notify you before we do so.
- How will the forced password reset work?
- What are the requirements?
- What notices will be sent?
- Customizing the notices
- Testing your customizations
How do forced password reset work?
Impacted users will be placed in a “password reset state” over 30 days. Within this 30-day state, three email notifications will be sent to affected users to encourage a password change that meets our requirements.
If users do not change their passwords within the 30 days, their email service will be suspended. The suspension will impact their ability to send an email via webmail or through a mail client; they will still be able to receive mail.
When logging in to webmail, customers will be redirected to the password reset page. This will encourage the customer to reset the password as they will not be able to access anything until they do so.
What are the password requirements?
To ensure our overall mail security, all mailboxes are required to have a current password meeting the following requirements:
- minimum of ten characters
- at least one number
- at least one capital letter
- at least one symbol or special character
What notices are sent to end-users?
There will be three email notices sent out; you will have full control over the three email notifications that are sent to users within the 30-days.
| Notice | Content |
|
Initial 30-Day notice |
The first email that will be sent to affected users advising them to update their passwords. |
|
14-Day reminder |
The second email, reminding users to change their passwords. |
| Email Service Suspension Notice | The last email, confirming that the email service has been suspended. |
Customizing the notices
You can customize all aspects of the emails, such as the sender address, subject line, and the content of all three of the emails. Within the three emails, you can add your own HTML/CSS rules to reflect your brand. Please do not use any javascript as it may cause issues with your emails.
When customizing your emails, you may find it helpful to pull from our white-label content. This white-label content is different than the content of the default end-user emails sent from the MAC.
IMPORTANT: If you do not make any customizations, the emails will be sent with default email content and configurations. The default email content will be translated into the language set for the individual end-user mailbox
Customizing in the MAC
Under basic settings, there is a field called Unique password reset URL. Resellers with password portals can enter their unique URL in this field, which will be pulled into the default copy of the reset notices that are sent.
When customizing your emails in the MAC, branding will not be pulled into these emails. By default, these emails will be sent as plain text, but HTML tags to customize the look and feel of these messages can be added.
If you opt to customize the content of your end-user emails, the content you will provide will be sent to all users, regardless of their language.
- From email address
- Subject line
- Email 1 content - Initial password reset email
- Email 2 content - Suspension reminder: 2 weeks before the account is suspended
-
Email 3 content - account suspended
Testing your customizations
Once you have made your customizations, you can test the emails. Once you click on the Send test emails button, enter the email address where you would like the test emails to be sent to for your review.
Was this article helpful? If not please submit a request here