Our System Status is a real-time view of the performance and uptime of our email apps and services. If you're a customer, please bookmark this page and check back if you experience an email disruption.
Saturday Nov 22, 2014
History (4 weeks)
Alerts & Maintenance
"Poodle" Vulnerability for API Consumers
We would like to update you about an upcoming change that will be taking place related to the access of our API product over SSLv3. This change will only impact you if you consume our API on a regular basis through the hostname api.emailsrvr.com over SSL.
What is impacted?:
On Friday the 7th of November, we will be disabling SSL on the api.emailsrvr.com resource. This will be a permanent change.
Why is this taking place?:
Like many other providers, we are taking the necessary steps to protect your data in transit to our system after the “Poodle” vulnerability was discovered. While your privacy is paramount, we also wanted to ensure that your normal functionality was not impacted during this transition, and as such have taken the steps to still allow access to the API through a temporary medium while your systems are being updated to no longer access via SSLv3.
What do we need to change?:
Most clients will not need any actual change on your part. The poodle vulnerability itself attempted to force the HTTPS connection down to use SSLv3 specifically so that the connection could be exploited. By us actively updating our back end infrastructure to not allow the SSLv3 connections, one of the newer more secure connections will be utilized over HTTPS outside of SSLv3 with no direct modification of your part. If your connect stops working after this change, your program/tool likely is set to only use SSLv3. While this will need to be changed long term, we have a solution in the meantime to not impact your business needs.
So how do I continue to access the API on SSL until I can update my systems?:
We have setup in place a resource that will allow you to access the API as needed for additional time over SSL. You can access that new resource in the same manner as normal by simply altering the normal api.emailsrvr.com hostname to the temporary one we have created at sslv3.api.emailsrvr.com. This resource will remain active and in place with SSLv3 enabled until Friday the 21st of November, at which point we will disable this insecure route as well. Come the 21st, we expect all HTTPS connections to no longer be leveraging SSLv3, and this temporary hostname will be decommissioned.
Additionally, customers utilizing the SOAP API will have the following temporary resources available until the 21st:
You can also access these new resources by simply altering your URI to use the new temporary hostnames. (EX: https://sslv3.admin.webmail.us/mailaccounts/mailaccounts.wsdl).
Thank you for your understanding as we work together to make your data secure and safe in transit to our systems. If you have any questions or concerns you may update this ticket or reach out to our support directly who will get your questions to the appropriate parties on our end.