Setting Up Your Web Mail

Posted: June 26, 2010

If you are a staff member or a regular volunteer, you may set up an email account with Patty's approval-- for official ERC business only. Contact Bettee, who now has an ERC Web Mail account, so we can set up your account and issue you a password... and if you have any problems after following the How-To below, just contact me and I will help. ATT's goofy setup with Yahoo often blocks my ERC webmaster emails, so you may want to visit the Bulletin Board and register, or see Bettee if you would rather do it that way.

If you decide to use the Bulletin Board, then once you are registered and logged in, you will have access to Private messages, and I can use that system to get a password to you.

Once you have your user name and have gotten a temporary password from me, you can-- and should-- change your password once you get logged in the first time. Keep a copy of your password--- once you change it, even I cannot find out what is is to help you if you forget it; I can only issue a new password for you. The next step is to go here: http://empirerecovery.org/staff/. This link should open in a new window or tab for you, so you can have access to these instructions while logging in.

You will then see a log in screen like the one below. Enter your assigned email username in the appropriate box. If your username is xxxxercop, for instance, that is exactly what you enter as shown-- do not enter xxxxercop@empirerecovery.org as you must do when using Outlook or another regular email program. I have done some extra programming for this log in box so that you don't have to do so much repetitive typing... no applause necessary.

Next, enter your password. Notice the multiple choice button next to the words "Login To". This button gives you the choice of logging in on a common web interface, or logging in on a secure encrypted connection. To expedite getting the ERC email system finally up and running (after only two years) you can use the common web interface "Webmail" for now. Click the "login" button.

You will be routed to a page showing a window like the one below. You have several options here, but the only ones we will go into right now are your three choices of web mail programs.

Horde web mail is highly configurable and also the hardest to learn to use. Roundcube has a learning curve not as steep as Horde; Squirrel Mail is the easiest. My advice is to use Squirrel if you are unfamiliar with web mail. At any rate, after you decide on which of the three that you like best, you can click the link below the program you want to use titled "Enable Autoload"... this will take you to the webmail program you prefer more quickly, saving one log-in step.... and the next time you log in, you won't see these choices-- you will automatically go straight to the program of your choice.

All those options you see at the bottom of the image above are for managing the use of your emai acount. A couple of them are very useful, but most require some skill to use, and if you do not have that skill you are better off just ignoring them.

Click on the icons for each tool below to see what it is used for, and how to use it:

 

Have fun using your new account, and if you find anything you can't figure out, just email me from your new ERC WebMail account!

Deceit and Legal Scams on the WWW

I was going to add this information-- an exposé so to speak-- to the bottom of this tutorial until a board member phoned me who was a little alarmed until I explained things to him.... so the how-to on setting up your Secure web mail will be below this little rant of mine. If you are internet savvy you can go ahead and skip this section and read the tutorial on setting up secure web mail Here.

Secure communication over the internet was begun when Netscape developed The Secure Sockets Layer protocol (SSL) in 1994. SSL was and still is a part of the Open Source movement; this movement, not Microsoft, made the internet we use today a reality. Open source is too large a subject for this article, but you need to understand that SSL is Open Source and completely free to use by anyone.

It was Microsoft among others who dreamed up the scheme to use free software technology systems and make a tidy profit off them. Firefox and others have also jumped on the bandwagon. As an aside, you may be interested to know that Microsoft uses Unix/Linux servers to keep their website on the web-- updates and all-- because their own windows servers proved to be inadequate to protect from hackers.

If you are the curious type (Good for you!!) you can even download and look at the Open Source SSL software Here that is used by your bank, the National Security Agency and others-- absolutely for free.

Various corporations and groups like Verisign© and Thawte© sell SSL certificates for up to $1,499.00 per year-- using basically the same software technology that you can get for free if you use the link above. They are able to do this because of a serious flaw in the way most companies and organizations are run these days: top management is for the most part computer-illiterate. Even companies that have web developers with Masters degrees in computer science (McS) are suckered into buying these certificates. Why? Because the person in charge of purchasing is seldom the guy with the internet degree, who knows what he is doing.

Take a moment to look at some of the images below, and ask yourself: if you were in charge of purchasing an SSL certificate, wouldn't you be spooked into ignoring the advice of the web developer with the degree? Most people are indeed intimidated into falling for these psychologically designed warnings and will fall prey to the scam, wasting their company's money our of fear. The big certificate sellers rely on this happening.

Here's the core of what is going on:

Computer manufacturers, web browser promoters and software sellers like Microsoft "get together", in layman's terms, and simply agree to "rig" the system for their own profit. Microsoft's Internet Explorer, Mozilla and Firefox-- indeed most web browsers make a profit from issuing those warnings shown below. It is frankly big money. How else do you think the free web browser you may use can afford to stay in business? Now you know.

Now don't get me wrong here-- I am not anti-business at all; I am solidly behind our American free enterprise system. But that does not mean that business people are all little angels-- many are simply imps.

Here is what SSL does:

Even before you sign on, you will be at a secure link. Look at your address bar-- if you see "https" you are on a secure connection. If you see only "http", you are not on a secure connection. When you enter your username and password, that informatio is instantly encrypted using either 128-bit or 256-bit encryption. Thus, your name and password are sent from your own PC to the server that hosts your website, fully encrypted. if you are not on a secure connection, anybody with a little savvy can intercept and see your username and your password.

What does an encrypted message look like?

Glad you asked. Here is a snippet from one of my encrypted emails to my network engineer:

rQj2y6Q0HTLoOV/8anEMWtYCFJo0YDm3oOW31RpYxxdJRBK1MFG3kOp8CNVvJRd3 t+YLPsGrHr/1De7BwDxzdIe4j59P0GCFfOR4v+4Lch3/BEkOZ6xGgtAS1+HatPcb Mi7tVS6+RHGJk6i9GhmDE03U0Og0EMIbqC9TRkNRrvQoxhi6955MatvdNiXwW0jK xTothAAkPn/wYSIJPvuvAN4scUyJ/E9u+tZrgZ6ACMX6UZM0m9/hHzDUVaM3kO+d QvWAU4nNbZLlj/iaDfNLET6s5O1ZlftmhpJcwSM9uzEwD5XPGMOwCssw4nGU =RiUi

Got a friend who says he's a hacker? Give them the above code and let him try to decipher it-- I can guarantee you he cannot. Those letters, by the way, are not really letters of the alphabet-- they translate to hexadecimal.

Another point: your emails will not look like the code sample above. The encyption method we are speaking of here encrypts the information when you send it, and the receiving website server "decrypts" that info automatically, so what you see is plain readable text. It is encrypted only in transmission.

So what is a "Trusted Certificate"?

The term simply means that if you buy an exorbitantly priced SSL certificate, that they have checked to see that you are indeed the owner or technical manager of the domain, such as empirerecovery.org. You pay the big bucks, and included in the software they send you is some code that identifies them as being one of the outfits that pay web browser promoters to refrain from showing any scary warnings. You can be a porn site operator or even a "phisher" and still get a "trusted" seal from any of the big SSL sellers, who stay in business purely on account of PC user ignorance.

So why the warnings if the ERC has SSL encryption?

Sitebilder, the network that hosts (keeps empirerecovery.org on the internet), purchases cPanel for all clients as a free of charge client interface. cPanel is the industry leader for turning standalone servers into fully automated point-and-click hosting platforms. The people at cPanel understand fully what I have explained above-- they are professionals-- and so they use a self-signed certificate. They are not dumb enough to pay $1500.00 yearly when they can get the same thing absolutely free. So when you use their secure connection, you get the warnings because there is no code inserted into the software to tell your browser "it's okay, these guys have paid through the nose so don't display any warnings." It's as simple as that.

Now, if the ERC were an organization that needed to issue email accounts for the general public and wanted to keep from spooking people, they would benefit from a purchased SSL cert. However, at present, only ERC staff and board members may use the ERC mail system-- and so it becomes my job to explain things and to attempt to allay your fears. If the ERC should ever decide to open email or other channels of communication to the public or to other agencies, I can get SSL trusted certificates at cost commercially for $49.00 a year-- the same encryption sold by others for $1500 +... but since that is not really needed for staff-only email use, that $49.00 is saved and put to better use. SSL is meant to insure one thing, and one thing only: secure and private communication, and the SSL self-signed system now in use is every bit as secure as a commercial one.

I hope this explanation settles any of your doubts. You can always email me using the link at the very bottom of this page if you have any concens not addressed here. Now you should feel better about settng up your secure web mail.

Secure Encrypted Connections

If you want a secure encrypted connection, that's great! The insecure, common web interface will only be available for use for a couple of weeks or so, while folks get used to things, and then all email accounts must use the Secure Encrypted connection.

I will not get into the rather greedy reasons for what comes next here, it will suffice to say that if the following warning messages you may run into are there solely because of profit and greed-- with nothing at all to do with security. If you really want more insight into this then go to the webmaster's cellar and click the FAQ link "I get email security warnings", and although I have spent 57 hours of programming on the ERC website this past 8 days I may expound on this subject at the bottom of the tutorial... if not too sleepy.

You may see something like the warning below if you choose to log in to Secure Web mail... but these things only show up the first time you log in, if you follow the instructions. You may see something different, but it will be basically the same. I use Linux exclusively and consider Microsoft Windows pure gaudy junk with an overblown price tag. There are many browsers out there, and I can't show you all the possible examples or I would make you dizzy-- but again, all the warnings are basically the same.

Using Secure Web mail puts everything you do, from entering your user name and password, to reading and sending email, and right up to the time you log out, into a secure 128-bit SSL (Secure Socket Layer) connection.... exactly what your bank uses to keep things private and secure.

Okay, let's go. Again, to allay your possible fears, if you see "https://empirerecovery.org/staff/" in your address bar, you are in a secure connection. The "s" after "http" confirms that. The name "secure.sitebilder.com" is the hosting company (mine) that keeps the ERC site on the internet. The term "invalid security certificate" is a blatant lie,and it means that the ERC uses Open Source SSL and does not pay $750.00 to $1500.00 a year for a commercial certificate.... which certificate is obtained for free from the Open Source community of Unix/Linux and resold for 100% profit. So unless you are paranoid, let's go on.

Click the link that says "Or you can add an exception" or whatever applies in your case. Just "Okay" it. This literal crap is aimed at computer illiterates-- probably 95% of computer users today.

As stated earlier, if you see "empirerecovery.org" in your address bar, you know where you are. Click the "Add Exception" button or whatever you may see in your browser to approve things.

And yet more of an effort to scare folks into spending the exorbitant sums mentioned above. Click "Add Exception".

Ad Nauseum. Click "Get Certificate" or your system may say "View Certificate". Nothing "Legitimate" about this warning. Click to confirm the security exception. Show 'em you are not a dummy.

You should be logged in at your secure web mail connection now, but if you use Microsoft Windows you may or may not have another warning to smack down... Congratulations!