Tuesday, 13 November 2018
There is a new email scam to watch out for. Over the last few weeks you may have received an email that tells you that your account has been hacked, that malware has been placed on your machine to capture data and that you’ve been recorded watching porn.

Then comes the bitcoin extortion with varying amounts. To prevent this webcam video from being made public on your social networks or shared with your contacts.

It is, of course, a classic sextortion scam. There is no malware and no video, they are just aiming to install an element of fear in the hope that you'll pay anyway. The clever part here is that the hackers have used publicly available breach data to make the message look genuine by including a real-life old password from a previous data breach.

Many of these passwords appear to date from the large scale LinkedIn breach of 2012 which goes to show you that this compromised data has a long shelf life on the dark web. However, using data that's at least six years old does mean there's less chance of these details still being in use and consequently less chance of you falling for the scam.

Researchers at the Cisco Talos threat intelligence group have today released the results of their analysis of these attacks. One campaign began on August 30, and a second campaign began on October 5, both are still active. The researchers find that more than half of them originate from just five countries.

Vietnam: 15.9%
Russia 15.7%
India 8.5%
Indonesia 4.9%
Kazakhstan 4.7%

Over 200,000 email messages have been sent as part of these spam campaigns, however, the number of unique recipients is fairly low. Talos has found only 15,826 distinct victim email addresses.

Talos has also identified 58,034 unique Bitcoin wallet addresses associated with these spam campaigns. Only 78 of this 58 thousand Bitcoin wallets have positive balances, which add up to a combined value of $143,429.38. This proves that at least some people are paying up.

Some variants of the messages have used phone numbers rather than passwords to try to convince you that this is a legitimate hack. Other variations include threatening to disclose supposed evidence of cheating on a partner, or offering to sell evidence of a partner cheating on you. This is not a legitimate threat and you should not attempt to make any payment.
An example of the sextortion scam email

You can read more about these scams and how they work on the Talos blog.

If you are using an old password, it is advised to check your password on Troy Hunt's password tool: Have I been pwned.
Tuesday, 30 October 2018
Owning a domain name is not just finding the right domain and ensuring the domain is renewed each year. It is a long-term commitment to protecting it from expiration and common poor practices like unauthorized transfers and hijacking. This post will go over some tips for keeping your domain safe and ensuring you are following all the requirement set by ICANN. It is also worth checking out the good practices for managing domain registrations and keeping them safe from harm as recommended by ICANN.

Keep domain contact information up-to-date and accurate

When registering a domain name the registrant is required to provide contact details to the registrar.
This information is then published in the WHOIS database, allowing registrants to be contacted for domain-associated technical or operational matters, or security concerns etc.

No matter if the registrant has their contact information displayed or hidden in Whois (due to active Whois privacy protection or for GDPR reasons), registrants should make sure that the information is accurate and up-to-date at all times.

Otherwise, registrants will not be able to get important notifications about their domain names regarding expiration, transfer or Whois contact update verification.

Also, if a domain has been compromised, the registrant would not be contacted by security researchers.

Potential business partners who want to establish a contact with the registrant, if a company, will not be able to get in touch with the registrant either.

According to the Whois Data Reminder policy of ICANN, accredited registrars are required to send annual email reminders to registrants regarding the accuracy of their contact information.

This email requires that registrants review their contact information and make corrections if necessary.

Ignoring this email may lead to really unpleasant consequences for the registrant including:
  • leaving their domain to expire, this may result in them having to spend lots of time, effort and expense to recover it, or it may not be recoverable at all;
  • missing notifications about unauthorized changes to a domain name registration and allowing bad actors to gain access to an account and hijack a domain name;

If a registrant’s contact information is not kept up-to-date or if the registrant does not respond to domain accuracy inquiries by their registrar, the given domain could be suspended or even cancelled as per ICANN’s Whois Accuracy Policy.

To prevent this from happening, a registrant should update their contact information promptly in the event of a change to the name, postal address, email, phone number, etc.

Each domain TLD has its own transfer rules

Each domain registrant has the right to transfer a domain name to another registrar or registrant, as outlined in the ICANN’s Transfer Policy.

To do that, they should keep in mind a few important ICANN rules, as follows:
  • A domain name cannot be transferred to a new registrar/registrant within 60 days of a change to the registrant or administrative contact information. This is why a registrant may consider completing the transfer process prior to making a change;
  • Usually, a domain name may not be transferred within the first 60 days of the initial registration of a domain name, or within 60 days of a transfer;
  • A domain transfer can only be initiated by the registered name holder or the administrative contact for the domain name. This aims to prevent unauthorized transfers of a registrant’s domain name. 

This is also the reason it’s important to keep domain contact information up-to-date.

Best practices for resolving a domain transfer issue

If a domain registrant experiences problems making a transfer, they could consider the following tips and suggestions on what might be the reason for the issue and how to resolve it.
1. There are a few instances when a registrar cannot transfer a domain name, such as:

  • The domain name is subject to a 60-day change-of-registrant lock, as explained earlier;
  • The transfer request has been initiated within 60 days of the initial registration or a previous transfer;
  • The domain is locked with the current registrar and in ‘Registrar Lock’ or ‘Client Transfer Prohibited’ status;
  • The domain is the subject of an ongoing Uniform Domain Name Dispute Resolution Policy (UDRP), Transfer Dispute Resolution Policy (TDRP) or Uniform Rapid Suspension (URS) proceeding;
  • The domain is subject to a court order;
2. Depending on the registration agreement a registrant has signed with their registrar, the latter may deny a transfer due to the following reasons:
  • evidence of fraud report;
  • the person who initiates the transfer is not actually listed as the registrant of record;
  • the registrant has an outstanding payment for a previous registration period;
While ICANN regulates domain transfers via their policies, it is not a registrar and does not engage in the transfer process itself.

For that reason, when having issues transferring a domain name the registrant should always contact their registrar for assistance.

If the issue persists, then the registrant can submit a formal Transfer Complaint with ICANN.

How to protect a domain name from cyber crime

Whether used for business or personal purposes, a domain name is a valuable asset, which should be managed with utmost care.

Here are some practices to help registrants prevent their domains from being hijacked or transferred against their will, as per ICANN’s recommendations:

1. Use an email address not associated with the domain name itself

When providing an email address for the Whois record at signup the registrant should use an email address that is not associated with the domain name they register.

For instance, if their domain name is example.com, it is best to use an address that is not user@example.com.

By maintaining a different email address for the Whois record the registrant will be able to prove ownership in any eventual cases of hijackers having gained control of their domain name.

They will be able to provide that email address as evidence to the registrar that they are the registered holder of the domain name in question before it was altered by unauthorized access to their account.

2. Create a strong password and enable 2FA

Domain owners bear full responsibility for the security of their domain name.
They should create a secure password for their domain name account and use it for that account exclusively.

At Thexyz you can enable two-factor authentication or YubiKey authentication to further secure an account.

Also, they should not share the login details with anyone, including their web designer.

3. Keep a domain name with a transfer lock on

Putting a transfer lock on a domain name is another safety measure a registrant can take against unauthorized transfers or hijacking.

Each registrar has adopted its own way of implementing the transfer lock option.

For instance, our customers can lock/unlock their domains themselves with a clock from the Account Portal, while some registrars will do that for the registrant per request.

4. Beware of incorrect registrant information (for organizations)

As per ICANN’s rules, if a legal entity is listed in the Registrant Organization field of the Whois record then that legal entity is considered the registrant of the domain name.

However, it’s common practice for organizations to have an employee register their domain name and not get the corresponding fields filled in correctly.

The employee may leave the Registrant Organization blank and would include their own name in the registrant name field which automatically turns them into the actual owner of the company’s domain.

This would allow a disgruntled employee to claim rights to the domain and attempt to transfer it away to claim ownership.

This is why organizations should make sure that their legal name is listed in the Registrant Organization field, and that a role-/department-based name is listed in the Registrant Name field.

5. Be careful about domain management roles (for organizations)

Organizations should not list website designers or any other third parties as the registrant(s) of their domain name.

If an organization decides to outsource the management of its domains to a third party it should still be listed as the registrant of the domain.

Otherwise, the third party may decide to transfer the domains away to a different registrar and deprive the organization, its customers, and business partners of use of the domain(s).

If a third party is listed as the domain’s administrative, technical or billing contact for the domain, the organization should take measures to establish a contractual relationship with the third party following a legal consultation.

According to ICANN, it is good practice to include provisions in the contract that concern the assignment of domain management tasks per the organization’s instructions, including transfer requests, domain renewals, name server records update, contact data or domain status update, etc.
Also, the organization should add provisions regarding the operational measures that the administrative and technical contacts should implement to protect their domain name(s) from DDoS attacks against the domain’s name servers or the unauthorized modification or addition of zone records, etc.

Those measures could include filing reports with the corresponding registrar or with law enforcement in the appropriate jurisdictions.

Finally, the agreement should also define the sanctions for situations in which the third party listed as administrative or technical contact violate their domain administration obligations.

What to do in the event of unauthorized domain transfer

If a domain has been transferred to a new registrar/registrant, the registrant should contact their registrar immediately.

If no actions are taken on time the given domain name may be transferred again and again, making it much harder to retrieve it.

The registrar should act in compliance with the ICANN’s Transfer Dispute Resolution Policy, which governs the transfer of domains and is designed to protect the registrant in such situations.

If the registrar is unable or unwilling to assist, then the registrant can submit an Unauthorized Transfer Complaint with ICANN, who will review the situation and assist in recovering your domain, should there be grounds for that.

Good domain management practices allow domain owners to have their online presence uninterrupted and prevent them from losing their domain names due to expiration or hijacking.
Following good practices is essential for companies, since this could help maintain a more secure business environment as well as a safer experience for their customers.

Companies are highly recommended by ICANN to periodically review their domain registrations and include domain name and overall DNS management within their risk management programs.

Here is a list of all ICANN resources that can help you learn more about good domain management practices:

About the Author

I'm Perry Toone, a British Software Developer with keen expertise in spam and fraud prevention.  You'll regularly find me talking about email privacy and best practices via my podcast.
Monday, 10 September 2018

Just last week, Verisign – the global leader in domain name and Internet security services, released its latest domain name industry report, which offers an up-to-date insight into the global TLD market trends.

The report covers the second quarter of 2018 and gives valuable information about the TLD performance on the domain market.

Check out the main domain name industry highlights from the report and see which types of domains are most popular at Thexyz.

What is the Verisign domain industry report?

The latest industry report from Verisign shows that the first half of 2018 closed with about 339.8 million domain name registrations across all TLD extensions worldwide.

This figure marks a 2% increase of domain registrations compared to the first quarter of 2018, which means that approximately 6 million more domain names were registered over a period of just 3 months!

This is quite a remarkable figure, bearing in mind that the number of domain registrations in the previous quarter period grew by only 1.4 million (0.4%) as compared to the fourth quarter of 2017.
In comparison to the figures from a year ago, domain name registrations mark a 2.4% spike, which translates into an increase by almost 8 million domain names.

In their latest report, Verisign presents a breakdown of the domain registrations by TLD, which gives a good idea of the most popular TLDs on the market:

As of June 30, 2018, the most popular gTLDs on the market are .COM, .NET, .ORG and .INFO as their base (a total of 165.4 million) represents 49% of all registrations worldwide.

.COM keeps being the front runner with the impressive 135.8 million registrations, which have grown by 5% since June 2017.

The other three gTLDs show a drop in registrations compared to last year, with .NET reaching a 7% decrease in numbers.
The total number of country-code (ccTLD) domain name registrations amounts to 149.7 million, which represents around 44% of all TLD registrations, as of June 30 2018.

This is an increase of approximately 5.5 million domain name registrations, or 3.8 percent, compared to the second quarter of 2017.

According to the Verisign’s report, the most popular ccTLD, as of June 30, 2018, is .CN with the stunning 22.7 million registrations, followed by .TK (a free ccTLD), .DE (Germany’s TLD), .UK
 and .RU.

The remainder of the Top 10 chart of ccTLDs is completed by the Netherlands’ .NL TLD, Brazil’s .BR TLD, the European Union’s .EU TLD, France’s .FR TLD and Italy’s .IT TLD.

The total reported amount of nTLDs at the end of the first half of 2018 was 21.8 million, a decrease of approximately 2.5 million domain name registrations, or 10.4 percent, compared to June 30, 2017.
According to the report, the most popular nTLDs are .TOP, .LOAN and .XYZ, followed by .CLUB and .ONLINE.

The report includes a chart, which shows that nTLD registrations represent 6.4% of all TLD registrations:

For more TLD stats, check out the latest issue of the Domain Name Industry Report.

What are the most popular TLD's at Thexyz?

Following up with the report of Verisign, we’ve made our own research into the TLD trends across Thexyz.

As of June 30, 2018, we’ve observed a 5% increase in the number of domain registrations compared to the volumes from a year ago.

  • gTLDs and ccTLDs have preserved steady increase rates year over year.
  • In contrast to the global nTLD trend, however, we’ve seen an increase in the number of new generic TLD registrations as well.
  • This is largely due to the increased number of nTLDs on our platform and also the various promo campaigns we’ve been running for some of the most attractive ones.
  • And of course, thanks to your continued support.
In the chart below, you can see the distribution of domain registrations in regards to TLD types as of June 30, 2018:

gTLDs still have a dominating presence in the chart and will most probably continue to do so for a long time in tune with the global trend.

It seems that regardless of the growing significance of the local factor (ccTLDs) and the increasing popularity of keyword based domains (nTLDs), .COM, .NET and .ORG will continue to be a top choice for the majority of new registrations across our platform and the market in general for years to come.

The chart listed below lists the most popular TLDs across our platform:

As in the Verisign report, the top 10 chart on our platform features the most popular gTLDs – .COM, .NET, .ORG and .INFO.

As for ccTLDs, the chart is a reflection of the markets where the majority of our customers operate in, namely the United Kingdom, Australia, United States, Canada and New Zealand.

It’s interesting to note that .CO – albeit a ccTLD, has entered into our top 10 chart thanks to its growing popularity as an alternative to .COM.

Even with all of the new domain extensions, catchy .COM alternatives and a variety of country-specific TLDs on the market today, .COM remains on top when it comes to domain industry trends.

Although .COM isn’t always the top choice for startups and small businesses today, it is still an important decision-taking factor. So it will likely remain on top thanks to it its universal recognition and long-standing history online.
Friday, 7 September 2018

In recent years, Swoole has taken over as the new best programming solution thanks to its scalability and the performance boosting capabilities it offers as a PHP extension.
Swoole represents an event-driven network communication framework for asynchronous and parallel PHP requests, which is aimed at scaling up the performance of web applications.
Based on the C language exclusively, Swoole allows PHP developers to write scalable applications for: Internet, mobile communication, cloud computing, online gaming, without the need to have an in-depth knowledge of non-blocking I/O programming.
Learn more about the Swoole framework and about how you can make use of it on our web hosting platform.

What is the Swoole framework about?

Swoole was introduced with one basic idea in mind - to provide efficiency to PHP programmers and give them more time to focus their efforts on more innovative products.
Swoole boasts built-in async, multi-threadеd I/O (input/output) modules, which distinguish it from the other async programming frameworks such as Nginx and Node.js.
This allows programmers to create network servers and to perform database and filesystem operations for the PHP language.
PHP developers can use either sync or async API to write the applications.
Here is a glimpse of the advantages of the Swoole framework:
  • 100% C-compiled, with extremely powerful performance;
  • Simple and easy to use, development-efficient;
  • Event-driven, non-blocking asynchronous processing;
  • Supports millions of concurrent TCP connections;
  • Supports asynchronous/synchronous/coroutine;
  • Supports multiprocessing/multi-threading;
  • CPU affinity/daemon process;
And here is a list of the key Swoole components, which make Swoole truly efficient for application development:
  • IPv4 / IPv6 / Unixsocket network support;
  • Async TCP/UDP server and client;
  • SSL / TLS support;
  • Async HTTP/ WebSocket client;
  • Database connection pooling;
  • Async MySQL client;
  • Async Redis client;
  • Fast Serializer / Unserializer;
  • Milliseconds task scheduler;
With this wide array of components, Swoole can be utilized by a number of applications for mobile communication, cloud computing, microservices, mobile games, and live chat systems, to name a few, which are normally within the capacity of C++ or Java developers.
Currently, Swoole is adopted by some of the greatest retail platforms like Alibaba and Baidu.

How does the Swoole framework work?

Swoole runs in CLI mode, which distinguishes it from the common PHP model.


Here are the key differences between Swoole and the traditional PHP model:
  • Swoole supports more server-side protocols;
  • Swoole supports long-live connections for websocket/TCP/UDP server;
  • Swoole creates additional worker processes so as to make use of all available CPU cores;
  • Swoole can manage and re-use the status in memory.

How to make use of Swoole on our platform?

The Swoole extension has been readily installed on our web hosting platform and you can enable it with a click for your projects.
In the PHP settings section of the Web Hosting Control Panel, just scroll down to the Swoole setting at the bottom of the table and click on the pertaining checkbox.

Note: The Swoole extension is currently supported by the PHP 7 version only, so make sure to switch to any of the supported PHP 7 releases first.


Once you have enabled Swoole for your hosting account, you will need to create an instance for your project from the Supervisor section.

In the Supervisor section, just click on the Create Instance button and then specify the path to the script you want to use Swoole for:


In our example, we are using a websocket server script:

Once the instance has been added, you will need to copy the port that has been generated for the instance:

and paste it into the script file as displayed below:

That’s it! Now you will be able to run a websocket server by using the Swoole network framework on at Thexyz. 
Thursday, 23 August 2018
Thexyz Webmail Distinguished with the Great User Experience 2018 Title for Email Management Software by a Trusted Business Software Directory

We’re all incredibly proud of what we accomplished at Thexyz in 2018, and our latest honor gives us even more reason to celebrate.


Thexyz has earned the prestigious 2018 Great User Experience Award from FinancesOnline, a popular B2B software review platform. This recognition, is awarded to products that provide outstanding solutions for B2B companies across a number of categories, including the leaders in their best email management software.

With an overall review score of 8 out of 10, and a user satisfaction score of 100% at the time of this writing, Thexyz has been honored in FinancesOnline’s annual Great User Experience Award. The FinancesOnline review team identified various Thexyz Webmail features that provides great benefits to businesses, among which include:

  • Thexyz Webmail's functionality combined with a simple and intuitive interface
  • The collaborative nature of Thexyz Webmail application
  • The capacity to block spam
  • Email sync apps and services
  • Thexyz’s focus on privacy
  • The large number of native applications and devices that integrate with Thexyz
We’re very pleased to have a shiny new award to put on the mantle, but more importantly, the 2018 Great User Experience Award is another confirmation that our email communication product is providing the best value to businesses.

Please visit FinancesOnline.com to post your own review of Thexyz, and thanks for your support through another amazing year.
Thursday, 5 July 2018

Beginning July 1st, Chrome 68 will start
labeling all websites without SSL as Not Secure.
Don’t let your website be one of them.

Chrome before update


Secure HTTPS


Non-Secure HTTP
Chrome after update

Secure | https://www.exa...

Not secure | example.com

Add SSL to your website today to avoid losing visitor confidence and sales.
Plus, with SSL you get all these benefits too:

  • More secure user experience
  • Protect user privacy
  • Increased conversions
  • Boost search rankings
  • Increased user trust
  • Show you care about users’ data

Monday, 11 June 2018

This is a post on why I disabled Google Analytics and the benefits of NOT using Google Analytics.


In keeping with the trend to get rid of Google services in favor of better services that do a better job of protecting peoples personal information. And with the recent GDPR changes, we examined our data sharing polices to simplify and improve privacy for our users. Although privacy has always been a keen focus here at Thexyz, there is always more that can be done. After all the changes, there was really just one Google service left to kill. Google Analytics.

I have been reading a lot of blogs over the past few months on disabling Google Analytics. As a Webmaster myself, I also found myself adding the GA javascript code with or without a request to do so. This way when I did get a request for traffic stats, I was able to provide heaps of data.

The problem with Google Analytics data

Google was quick to point out that Google Analytics is GDPR compliant. Due to browser fingerprinting I am not sure this is actually the case and recently blogged about this. Much of the data collected by Google Analytics is redundant and obsolete. It has become so complicated to use that most users, Google Analytics is useless.

The argument for Google Analytics

There is some good data to be found, especially for high traffic sites like thexyz.com (ranked in top 100,000 most popular websites). This data is helpful for:

  • Finding what posts are most popular
  • Bounce rates although this is not much use
  • Looking for trends (if you can find them)
  • Probably something else but too hard to find

The benefits of removing Google Analytics

I was quite surprised by some of the benefits of removing Google Analytics, such as:

  • Much faster page loads time 
  • Increase in SEO due to page speed improvements
  • Increased privacy for websites visitors
  • Better experience for website visitors
  • Lower GDPR non-compliance risks
  • Simplify your privacy policy
  • Removes externally hosted JavaScript
  • Combines external CSS
  • Shave at least a second off your load time
When looking at this data it made the decision much easier. Google Analytics was causing more harm than good. I also did a page speed test with Pingdom before and after removing Google Analytics to highlight the negative effects of Google Analytics.

Page speed with Google Analytics

  • Performance grade: C/74
  • Load time: 1.51 s
  • Page size: 804.3 kB
  • Requests: 51 

 Link to results here.

Page speed without Google Analytics

  • Performance grade: A/98
  • Load time: 721 ms
  • Page size: 788.6 kB
  • Requests: 46

 Link to results here.


It is amazing how simply removing a few lines of code from your website can have such a positive effect. From increasing speed, to privacy, to better search engine rankings. The choice to remove Google Analytics is clear. If you still need analytical data from your website why not check Piwik by Matomo.

About the Author

I'm Perry Toone, a British Software Developer with keen expertise in spam and fraud prevention.  You'll regularly find me talking about email privacy and best practices via my podcast.
Tuesday, 5 June 2018

You might think that by enabling "Private browsing" you have everything in place for a private browsing experience, well due to a process know as "Fingerprinting," a website can potentially identify a large amount of information about a user, even when using Private browsing mode. Due to how browsers are designed to work, there is not much that can be done to fully protect your privacy. Here is a list of 7 popular browsers in order of the most private. 

1. Tor

Number one on the list is Tor, which uses a series of volunteer servers to send traffic through virtual tunnels rather than making a direct connection. Because of this, it does make browsing on Tor slower than any other browser and probably not a good choice for everyday browsing unless you really need to cover your tracks.


    2. Brave

    Next up is Brave, a good choice for everyday browsing with a greater level of privacy. The great thing about Brave is it will block tracking and advertising scripts by default. On some websites that can shave seconds of page loading times and subsequently increase the amount of time you get to spend on other things than waiting for a website to load. If you pay for data, it will also save you money by using Brave.While it is good for privacy it has received some concerns that it is not as secure as some others on the list.

    3. Opera

    A nice lightweight browser that also includes a built in ad-blocker and VPN.

    4. Internet Explorer and Edge

    Microsoft has made big steps towards greater privacy with recent compliance with GDPR and greater user controls towards privacy settings. They have also now turned off by default a highly intrusive web tracking technology called WebRTC.

    5. Firefox

    Although it is possible to disable WebRTC in Firefox, it is turned on by default. Another problem with WebRTC is that it can leak your actual IP even when using a VPN.

    6. Safari 

    Safari is a bit too integrated with the Apple ecosystem with over sharing of data many people would not be comfortable with. Apple has made some great steps towards greater privacy with GDPR compliance. 


    7. Chrome

    Last on this list due to the fact Chome is tightly integrated with Google's data collection tactics and also has WebRTC enabled by default. 

    Wednesday, 23 May 2018

    The internet landscape is changing, and companies around the world are implementing stricter practices to protect your personal information from unauthorized disclosure and to be more transparent on what is done with your personal information and how you can control how your information is used and distributed.  We have always followed best practices in collecting and handling your personal information and will continue to make this a priority when you do business with us.

    Below is a summary of our new Terms of Service and your rights in requesting, correcting, and deleting the personal information we have collected from you.

    Thexyz has unilaterally chosen to adhere to the guidelines of data protection set forth by the European Union in the General Data Protection Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, we have adapted the following notice mirroring guidelines from the UK Information Commissioners Office (ICO) and other industry best practices.

    The right to be informed Learn more

    Our Terms of service is clearly visible on every page of our website. A user account cannot be created, and an order cannot be placed, without the checking the box to confirm to our agreement in the Terms of Service. This page also includes a link to our Privacy Policy and any other important terms and service agreements.

    The right of access/right to rectification Learn more

    Thexyz client portal gives you access to login and view you personal information (profile data). This same client portal also provides you with access to update your personal information including name, email address, postal address and phone number as well as any custom fields you define. Previously, under the DPA, there was a small fee for this service. This will no longer be allowed under the GDPR and DPA 2018.

    The right to erasure (also known as the 'right to be forgotten') Learn more

    If we receive a request for erasure, we can perform a deletion of the customer record using our new Delete Client functionality . Using this feature removes all data relating to a given member including, but not limited to, personal information in the member's profile, service and invoice history, activity log entries, support ticket and email history.

    The right to data portability Learn more

    Data portability means the right to receive personal data in a machine-readable format and to request for such data to be transferred directly from one controller to another. This right only applies where the processing is based on consent or for the performance of contract; and; when processing is carried out by automated means. There is no right to charge fees for this service.

    New functionality added to our control panel allows you to generate a customizable export of data relating to your account. This allows you to generate an export in JSON format containing the data entity.

    Wednesday, 9 May 2018

    In the latest episode of 'Perry on Privacy,' Perry was asked if by using Google Analytics will an organization be GDPR compliant?

    There seems to be some confusion here, as many people are under the impression that if Google is becoming GDPR compliant, then if I use Google, I must be compliant too. That is not the case. I also have some concerns about contradictions and interpretations of Google's latest statement found here.

    I also recommend disabling Google Analytics and checking out Matomo, not only will this reduce GDPR compliance risk, it will speed up your website, improve rankings and increase the privacy of your website visitors.

    Check out my latest Podcast: Is Google Analytics compliant with GDPR? Feel free to leave me a question. Thank you,

    About the Author

    I'm Perry Toone, a British Software Developer with keen expertise in spam and fraud prevention.  You'll regularly find me talking about email privacy and best practices via my podcast.
    Thursday, 3 May 2018
    Today is world password and a great day to introduce to a new podcast I have launched called "Perry on Privacy." I am constantly surprised at how easy it can be to hack someones password, servers, social accounts, bank etc. When I am in need of advice, insight and general direction when it comes to passwords, I turn to the world leader on passwords and developer of the Have I Been Pwned tool, "Troy Hunt."

    Here is Troy's stance on Password Managers, from the post: Password managers don't have to be perfect, they just have to be better than not having one which you can read here.

    Our brain is a very bad password manager. It's incapable of storing more than a couple of genuinely random strings of reasonable length (apologies if you're a savant and I've unfairly characterised you in with the rest of our weak human brains). That leads to compromises. If you're one of these people who says "I've got a formula that always gives me unique passwords that are strong", no you don't, they probably aren't and no they're not. You're making concessions on what we empirically know is best practice and you're kidding yourself into thinking you aren't. I've had this debate many times before and there's dozens of comments raging backwards and forwards about this in my post on how the only secure password is the one you can't remember.

    And "compromises" is really where the discussion needs to be because what we should be talking about is how option A compares with option B. In this case, how does putting genuinely strong, unique passwords in a password manager which may have a security risk compare with putting weak passwords in your brain? You're comparing a low chance of something going wrong and resulting in an impact across the breadth of your accounts with a high chance of something going wrong and impacting a smaller number of accounts. Except that last bit probably isn't accurate because we know that the "put it in my brain and hope for the best" strategy usually results in the one weak password being reused all over the place (I've got a couple of billion records of proof on that too, by the way).

    I really like the work Tavis is doing in finding these bugs because quite simply, it makes the software better. We all should want one of the smartest blokes in the industry hammering away at password managers and then operating under the banner of Google's Project Zero the disclose vulns responsibly. But it's going to make headlines too and holy cow, don't journos love a good headline! So our challenge now is we need to take that headline, filter out all the bullshit and reach some sort of educated conclusion as to how bad it is. Then we need to compare it to the other bad thing which is not using a password manager at all. So far, we're yet to see a vulnerability with a major password manager worthy of chucking the things out altogether and trusting our brains instead.

    Let me give you a great example of the sorts of discussion we should be having: I've had many people share The Personal Internet Address & Password Log Book with me whilst loudly gnashing their teeth at the gall of so many passwords being stored in such a weak fashion.

    But let's actually use some common sense for a bit: We all know people for whom LastPass, 1Password and all the other ones pose insurmountable usability barriers. They might be elderly or technically illiterate or just not bought in enough to the whole password manager value proposition to make it happen. They're doing the memory thing and failing badly at it, but then you give them the password book. They write down sites and passwords because hey, it's a pen and paper this is something they understand well. Then they put their unencrypted, plain text passwords in a drawer. Their "threat actors" are anyone who can access that drawer and right off the bat, that's a significantly smaller number of people than what can take a shot at logging onto online services using the usual poorly thought-out passwords people have. See how different the discussion becomes when you look at a security practice like this compared to alternatives rather than in isolation?

    The UK gov's National Cyber Security Centre put out a piece on password managers earlier this year. They rhetorically ask the question "should I use a password manager?" and reach a very simple conclusion:
    Yes. Password managers are a good thing.

    And then, as if it was written just to illustrate the point of this blog post, one bright spark chimes in with a comment and suggests that password managers are a bad idea because "there is no such thing as 100% security". Of course there isn't! But there doesn't have to be to justify using a password manager, it just has to be better than not using one.

    Password managers are a good thing. Even when issues like the LastPass one above are found, they're still far superior to our frail human brains when it comes to your overall security posture. Until such time as that changes and either they're worse due to a flaw that actually causes some serious damage or we create something better again, this is where the game is at. Less sensationalism, more pragmatism.

    This post was written by Troy Hunt. You can find his website here or follow Troy on Twitter @troyhunt
    Sunday, 22 April 2018
    Earlier today we helped some Gmail users examine some spam messages that appeared to be sent from the Canadian telecommunication company Telus. Upon examining the headers of the emails it shows that these emails are not actually being sent through Telus servers. Instead they are being spoofed. This kind of spammy behavior is on the rise and should be dealt with by enabled DMARC on the domain.

    Image by Reddit user: computerstuffs

    Domains hosted on Thexyz Webmail are protected from this kind of abuse with a strong DMARC policy, along with DKIM and SPF records.

    We reached out to Telus via Twitter to inform them of the widespread abuse and what they need to do to fix the issue. Telus have been quick to react and should be implementing a DMARC policy as we recommended. There has been quite a bit of discussion on this through our support team and on Reddit.

    All email providers have a role to play in reducing spam and here at Thexyz, we are happy to offer our assistance and expertise. You can check out the Gmail Help Forum topic here.

    Tuesday, 10 April 2018
    Being able to track real-time traffic consumption gives you peace of mind and a accurate idea of your overall server usage.

    It helps you plan your resource utilization more adequately so as to prevent any eventual spikes that could disrupt your server’s performance.

    For clients at Thexyz who have a dedicated server, you can now rely on a much-improved, comprehensive daily traffic data tool that has been integrated into Thexyz Server Control Panel.

    To find the tool, go to the Statistics section in your Hepsia Control Panel.

    For now, it is only available in the default version of the Control Panel. We’ll soon add it to the beta version as well.

     The statistics themselves are presented on a daily basis in an easy-to-read format.

     It features a visual chart, which gives you а clear comparative illustration of your incoming/outgoing server traffic.

    Using the floating menu in the top-right corner, you’ll be able to select the period for which you want to get traffic usage information:


    How to read the server traffic statistics?

    The traffic statistics interface will keep you up to date with your bidirectional traffic flow, as follows:
    Incoming traffic – this includes all operations that require a connection to your server:
    • all types of API requests;
    • SSH connections;
    • incoming emails with attachments included (if any);
    • inbound FTP connections, etc.;
    Outgoing traffic – this includes all outbound server connections:
    • outgoing emails with attachments included (if any);
    • calls to third-party APIs;
    • outbound FTP connections;
    • any media streaming or DNS services that you may be providing, etc.;
    NOTE: The entire server traffic is counted by the network switch. This means that we only count the total amount of incoming/outgoing traffic without knowing which services in particular have generated it.
    Wednesday, 4 April 2018

    Enjoy unbelievable discounts on your preferred TLDs, all month long! Simply search for a domain and enter the coupon code at checkout for price adjustment. 
    Top Level Domain Promo Price Valid Until Coupon Code
    .TOP $1.95 30th April, 2018 THIRDWAVE
    .PW $1.95 30th April, 2018 THIRDWAVE
    .XYZ $1.95 30th April, 2018 THIRDWAVE
    .ASIA $4.95 30th April, 2018 INERTIA
    .PINK $4.95 30th April, 2018 INERTIA
    .RED $4.95 30th April, 2018 INERTIA
    .CITY $4.95 30th April, 2018 INERTIA
    .EMAIL $4.95 30th April, 2018 INERTIA
    .ME $4.95 30th April, 2018 INERTIA
    .MOBI $4.95 30th April, 2018 INERTIA
    .INFO $4.95 30th April, 2018 INERTIA
    .PRO $4.95 30th April, 2018 INERTIA
    Monday, 2 April 2018

    The .IE restriction policy has been opened up and now you can register Ireland-targeted domains without the hassle. 


    You no longer need to explain why you want a particular name when registering a .ie domain. Anyone with a connection to Ireland can register any available .IE domain on a first-come first-served basis.

    Showing evidence of connection to Ireland is simple and requires as little as proof of your identity and one document for the vast majority, which means you can finally get the name you’ve been thinking of!

    Why register an .IE domain?


    The .IE domain extension will instantly put an Irish ‘halo’ on your online presence.
    Here’s a list of some of the key benefits the .IE extension will bring to your Ireland-targeted site:

    Guaranteed Irish connection – you’ll be perceived of as being Irish, which will help you expand your online presence in Ireland;
    Guaranteed trust – with an .IE domain, you will instill confidence in your visitors. Тhanks to the thorough  .IE domain registration procedure, your customers will know that you’re legitimately connected to Ireland;

    Guaranteed security – there are much less .IE domain-connected instances of cybercrime than with .COM, for example;

    Higher search engine rankings – with an .IE domain, your site will appear higher in local search results, since search engines have confirmed that they favour ccTLD based sites;

    Brand protection – figures show that thousands of .COM domain name disputes are filed each year, while the .IE ccTLD-connected claims are just a few;

    Much higher availability – your preferred domain name is much more likely to be available under .IE than under any other overcrowded namespace;

    Find your .ie domain today with Thexyz!
    Thursday, 1 March 2018

    Enjoy unbelievable discounts on your preferred TLDs, all month long! Simply search for a domain and enter the coupon code at checkout for price adjustment. 
    Top Level Domain Promo Price Valid Until Coupon Code
    .LINK $1.95 31st March, 2018 T4WBX5Y17J
    .CLICK $1.95 31st March, 2018 T4WBX5Y17J
    .XYZ $1.95 31st March, 2018 T4WBX5Y17J
    .PW $1.95 31st March, 2018 T4WBX5Y17J
    .TOP $1.95 31st March, 2018 T4WBX5Y17J
    .SPACE $1.95 31st March, 2018 T4WBX5Y17J
    .ASIA $4.95 31st March, 2018 65WPTT1BAJ
    .BLUE $4.95 31st March, 2018 65WPTT1BAJ
    .ME $4.95 31st March, 2018 65WPTT1BAJ
    .MOBI $4.95 31st March, 2018 65WPTT1BAJ
    .PET $4.95 31st March, 2018 65WPTT1BAJ
    .PRO $4.95 31st March, 2018 65WPTT1BAJ

    Subscribe by email

    Enter your email address:

    Subscribe to more feeds

    Trending Posts

    Blog Archive


    News (65) Web Hosting (48) security (25) Email (19) webmail (19) Advertising (15) Thexyz Cloud (14) Tutorials (13) Video (4) resellers (2)