A lot of questions are floating around SMS regulations in India with a lot of vaguish answers. It’s time these questions get addressed and we take it on us.

An independent authority of the telecommunications sector in India, TRAI is a regulation of broadcasting and cable TV services, also a recommendatory body for licensing in telecom and broadcasting. The Telecom Regulatory Authority of India also regulates bulk SMS and keeps updating senders from time to time on the rules for:

• Transactional SMS
• Promotional SMS
• DND Scrubbing
• Sending Time
• Termination Charges
• Sender Name
• Penalty and more

If you’re sending any of these texts to your customers, you need to read ahead…

In India, there are 2 types of outbound SMS that a business can send –

 TRANSACTIONAL SMS – For important updates and alerts.

With Transactional SMS one can send informative, generic, critical data or information. All SMS content needs to be transactional and should not contain any promotional content on this route.

“IM-DSTORE The refund of your order XYZ has been processed and will reflect in your account within 24 hours. Thank you for choosing us!”

Some characteristics of Transactional SMS:

PROMOTIONAL SMS – Send marketing messages to opt-in users.

Used to send promotional information on goods and services, with promotional messages one can promote brands, update information and provide offer details.

“DM-123456 The spring sale is on! Buy 1 get 1 valid only for till midnight.”

Some characteristics of Promotional SMS:

So, what is a SENDER ID?

For Transactional SMS, the sender ID is in the format XY-ZZZZZZ having nine alphanumeric characters. You can choose the last six alphabetic characters that represent your brand name.

• First alpha character being code of Access provider
• The second alpha character being the code of service area
• The third alphanumeric character will be a dash (-)
• The last six alpha characters will be the identifier of the company or organization sending transactional SMS

For sending the Promotional messages, a company can use an alphanumeric identifier in the format XY-RZZZZZ, wherein:

• X stands for code allotted to Access provider
• Y stands for the service area
• R is any digit from 0 to 7
• ZZZZZ indicates 5 digit unique identification code allotted to the company by the Access Provider

TRAI REGULATIONS & RESTRICTIONS

Text messaging in India comes with a few regulations and restrictions. No matter whichever industry you are into you must comply with the guidelines before sending bulk SMS.

The primary rule to remember is that you can only send marketing messages to recipients who have opted-in to receive these messages.

Let’s understand these rules in detail:

• Sending Promotional messages from Transactional routes

Now, this is something that marketers know isn’t right but most of them still do – send marketing content from the transactional route.

All SMS content sent from the transactional route needs to be transactional and should not contain any promotional content. Doing so is an unethical practice, violates the TRAI regulations and can result in a heavy penalty.

• Opt-in and Opt-out

Ask your users for their permission for sending any updates and information regarding your services. Mention clearly in the message that if they want to opt out, they can, by texting your keyword followed by STOP to your shared short code or long number.

• Opt-in Promotion

If the mobile numbers you send SMS to are your registered users and if you have an opt-in clause accepted by them then you may send them occasional promotional messages even if the user is on DND through transactional route.

Also, the validity of an opt-in is 180 days from the date subscriber sends in the opt-in START message. To stay opted-in, the subscriber will need to renew their preferences once every 6 months.

• Commercial Communication

This is the type of message, voice or SMS transmitted for the purpose of informing, soliciting or promoting any commercial transaction in relation to products, investment or services.

• Unsolicited Commercial Communication (UCC)

Any commercial communication which a subscriber opts not to receive except:

1. Transactional message
2. A message transmitted on the directions of government or authorized agencies authorized

• Fully Blocked

Subscribers who have registered with the national DND registry to not receive any marketing SMS belong to the fully blocked category.

• Partially Blocked

Registered with the NDNC registry to not receive marketing SMS, except from any one or more of the below categories belong to a partially blocked category.

Mobile subscribers can register with NDNC opting in to receive Promotional messages in one or more of the following categories:

1. Finance
2. Real Estate
3. Education
4. Health
5. Consumer goods and automobiles
6. Communication
7. Tourism and Leisure

• National Do Not Call (NDNC)

Over 23 crore mobile numbers are enlisted with the NCPR (National Customer Preference Register) earlier NDNC, to curb unsolicited commercial communication.

Telecom subscribers who do not wish to receive any promotional messages or calls can register to DND and the registration will be effective within 7 days of placing the request with the service provider.

If you are trying to send messages on any of these enlisted numbers,

First of all, it will be blocked

Secondly, you are violating the TRAI rule

But not all SMS will be blocked

The Do Not Call List can only stop sales messages. You may continue to receive:

1. Political SMS
2. Charitable SMS
3. Debt collection SMS
4. Informational SMS
5. Survey SMS
6. Personal SMS

Also, you may still get promotional texts from companies with whom you’ve recently done business; likewise, if you’ve given written permission to a company to text you.

Customers can file a complaint against unwanted texts

Despite being on the NDNC list, if you still receive marketing SMS it is considered illegal and TRAI encourages to file a complaint against companies following illegal practices.

In case of a DND complaint, the marketer would be required to produce the opt-in details for a user. Failing to do so can attract a penalty from INR 25,000 to INR 2,75,000.

There are some rumours circulating about the registry, but they are as we said, only rumours.

• The government is not releasing cell phone numbers to telemarketers

• There isn’t a deadline for registering a cell phone number on the DNC List

• There is only one DNC List, and it’s operated by the TRAI
• The DNC List accepts registrations from both cell phones and landlines

We hope the above gives you a clear picture of how TRAI regulations for sending bulk SMS in India works. For any more clarifications, feel free to write back to us.

The post TRAI’s SMS Regulations appeared first on SYSMIC.

G Suite will be removing the setting to “Enforce access to less secure apps for all users” from the Google Admin console starting October 30, 2019. This setting will disappear from your Admin console by the end of year. Removing this setting will help keep your users’ accounts secure, as access to less secure apps (LSAs) can inadvertently make Google accounts vulnerable to hijackers.

What does this mean for my organization?

If the “Enforce access to less secure apps for all users” setting is selected for your domain when this change takes place, we’ll automatically select “Allow users to manage their access to less secure apps” instead. You’ll no longer have the option to enforce access to LSAs at the domain level.

Following this change, if you “Allow users to manage their access to less secure apps,” users will still have the option to access LSAs, provided the “Less secure app access” setting is enabled at the individual user account level. To minimize disruption in domains where we’ve automatically changed the setting from “Enforce access” to “Allow users to manage their access,” this account-level setting will be on by default at the time of the change for all active users of LSAs.

If a user has previously opted to let LSAs access their account, but no LSAs have connected to their account in some time, we’ll turn this account-level setting off for them. They can manually reenable this setting at any time at myaccount.google.com/lesssecureapps (provided their admin allows them to do so).

Whenever possible, users should connect to their account via OAuth. Visit the Help Center to learn more about managing OAuth-based access to connected apps.

What do I need to do?

No action is required on your part, but we recommend the following:

• If you currently enforce access to LSAs in your domain, change your setting to disable access or allow users to manage their access as soon as possible, as LSAs can make Google accounts vulnerable to hijackers.
• Encourage your users to use OAuth-based protocols (like OAuth-based IMAP) to give non-Google apps access to their Google accounts, including their email, calendar, and contacts.
• Review our list of alternatives to less secure apps.
• Prepare your users and internal help desks for the change.
• Update any user guides you’ve previously published to recommend the use of OAuth or to instruct users on how to turn on LSAs.

Get help

If you have additional questions or need assistance, please contact Google support.

The post G Suite Limiting Access To Less Secure Apps  appeared first on SYSMIC.

In this post we offer the best email marketing practices you must follow to keep your emails out of the spam folder.

1. Be Compliant with CAN-SPAM

The CAN-SPAM Act, a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them and spells out tough penalties for violations.

The law makes no exception for business-to-business email. That means all email – for example, a message to former customers announcing a new product line – must comply with the law.

Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $16,000, so non-compliance can be costly. But following the law isn’t complicated. Here’s a rundown of CAN-SPAM’s main requirements:

– Don’t use false or misleading header information. Your “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.

– Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message. Here is a good subject line spam checker that you can use to test different Subject lines and see if the Subject has any impact on your deliverability.

– Identify the message as an ad. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.

– Tell recipients where you’re located. Your message must include your valid physical postal address.

– Tell recipients how to opt-out of receiving future email from you. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting emails from you in the future.

– Honor opt-out requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipient’s opt-out request within 10 business days.

– Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.

However, if you’re sending only transactional emails or relationship content, then you are exempt from these rules. But you must still not include false or misleading routing information.

2. Use Permission Based Marketing

Get permission from your recipients to send them marketing emails. Put a subscription form on your website or landing page and ask visitors to subscribe to your mailing list.

Take a step further and ask them to confirm their subscription in order to avoid spam and bot subscriptions.

3. Avoid Spam Traps

Spam traps are email addresses that are set up by ISPs and anti-spam organizations with the purpose to determine spammers. As such email addresses are not used by a human, so there is no way how they could be subscribed to anyone’s mailing list. Thus, any message sent to a spam trap address is considered spam.

To avoid spam trap emails in your list, do not buy lists from email brokers and do not harvest email addresses on the Internet. Use a confirmed opt-in process on your site or landing page.

4. Ask Recipients to Whitelist You

Take a step further at the point of subscription and ask subscribers to add your sending email address to their whitelists or safe sender lists. You can show the whitelisting instructions directly on the “Thank You” page and then repeat them in your first newsletter.

5. Remove Your IP from Blacklists

If your sending IP address is on a blacklist, it becomes extremely difficult to deliver emails to the subscribers’ Inboxes. Use G-Lock Apps IP reputation monitor to check if your email server’s IP address is blacklisted or not. You can enable email notifications so that you are notified when the system detects a blacklisting issue.

If you see that you are on a blacklist, you will need to visit the website that has added you to their blacklist and search for the removal instructions.

Below are good guides you’ll want to check to learn how to find out if your sending IP is blacklisted by Gmail, Hotmail or Yahoo and how to request the removal:

How to Remove Your IP Address from Gmail’s Blacklist
How to Remove Your IP Address from the Hotmail/Outlook’s Blacklist
How to Remove Your IP Address from the Yahoo!’s Blacklist

6. Make Sure Your Authentication Records are Setup Properly

Many ISPs look at your authentication records to decide whether to deliver your email to the Inbox or filter it as a spam message. So, you will want to make sure your email server supports these protocols (DKIM, SPF, and Sender ID) and that they are properly implemented. Here you can read the complete guide about email authentication.

G-Lock Apps automatically checks your authentication (DKIM and SPF) so you will see if you have an authentication issue or not in your testing report.

The things we’ve just covered will ensure that everything is ok with the technical part of your email marketing program. But the way you design your email message does matter as well. So, continue with the list below to make sure that your email newsletter does not look like a spam email.

7. Avoid Spam Trigger and Phishing Phrases

Spam filters do not like commercial advertisements and pure promotions. It doesn’t mean that you can’t use so-called trigger words, but you should use the words that are common to promotion emails sparingly.

Phishing emails are sent with the purpose to steal the recipient’s identity by making them click on a fraudulent link. Commonly phishing emails look like legitimate emails sent from a service you trust, for example, your bank or a website you visit. Thus, try to not use phrases that are common to phishing attacks in your emails.

8. Send a Text Version Together with HTML

Sending only an HTML part is a common cause why email often lands in the spam folder. Makes sure your email is sent in the MIME (HTML + plain text) format.

Not only is this a good practice for passing through a spam filter, it also plays in your favor in the case where the recipient cannot view HTML emails.

9. Keep a Good Text to Image Ratio

If you want to send images, here are some tips to consider:

– do not send a single image;
– include several lines of text for each image;
– optimize your images the best you can;
– use correct HTML for email.

10. Avoid Certain Attachment Types

Files of the .jpg, .gif, .png, .zip, and .pdf extensions are generally safe to be sent as attachments provided you include some content in the email as well. But executable files such as .exe or .swf should not be sent at all. Larga attachments may also cause your email to be filtered as spam.

So, if you need to send a large attachment or an attachment of a type that usually can be considered spam or trigger virus scanners, it’s recommended that you upload the file to the website and send the download link in the email. You can use a service such as DropBox.com to upload the file, or you can upload the file to your company’s website if you are worried about the data security.

The post 10 Tips to Avoid the Spam Folder appeared first on SYSMIC.

The password associated with your email account can be used to access the webmail interface, as well as configure your account with a desktop mail client. You can change this password from the webmail interface at any time. Here’s how
you can do so –

1. Login to the webmail interface.
2. At the top of the page, click on 3 parallel sign icon besides OX symbol.
3. Click on Settings.
4. On the settings page, click on the Change password tab

5.Enter your existing password and a new password of your choice.

If you do not have access to the webmail account, you can reset the password from the Email Dashboard. Please refer the following link for the instructions: Reset Password From Dashboard.

Password policy

To ensure the safety of your email account, it is mandatory that you follow certain policies while setting your password. The system will not accept any password that does not abide by the following rules –

1. The password must contain at least 8 characters (and can be up to 32 characters long).
2. The password can not contain the email prefix or the domain name in their exact form. For instance, if your email address werejohn@yourdomain.com, then your password can not contain the words john or yourdomain.
3. The password must contain at least one alphabet (a-z in upper or lowercase), and at least one numeral (0-9).

Best practices for setting a password

Make sure you create a unique password to help keep someone from breaking in to your account. Here are a few tips for creating your password, and keeping it safe:

• Never tell anyone your password.
• Never write down your password. Even though your password will look random to others, think of a way to remember it so that you don’t have to write it down.
• Change your password periodically.
• Don’t choose a dictionary word as your password. Be creative.
• Make sure you abide by the password policy – let your password be a combination of diverse characters such as punctuation marks. capital and lowercase letters and numbers. A variety of characters makes it harder for anyone to guess the password.

The post How to change password on Business and Enterprise email account / OX appeared first on SYSMIC.

Securing your WP Site is not always a job left to those who are expert system administrators. With some new tools, combined with a friendly hosting, you can do that by yourself and have a secured site without any outside assistance. Today I’m going to show you how to do just that with the least amount of plugins possible. Following my own advice of “the less plugins the better”, in today’s article I’m going to use just one !

On your Hosting

The first step to have a very secured site comes directly from your hosting account. If your site is not secured by a certificate, now it’s the time. Securing your site with a certificate is easy enough and everyone should be able to do it from cPanel & Plesk based services without outside intervention.

Before proceeding to enable https inside WordPress we need to load the certificate into our domain. This is fully automatic on cPanel through a button and some newer cPanel installations comes with automated Let’s Encrypt certificates so as soon as your account is created you’ll have a certificate loaded into your domain.

If you’re using Plesk, you can create a Let’s Encrypt certificate from the main menu. You should also include the “www” and mail certificate. This will increase the security of your site by not allowing to load unsecure content and it’s the most recommended first step to secure your site..

Changing Permissions on Important Files

The single second most important security rule is to limit file access to Read Only on the following files: wp-config.php, wp-settings.php and index.php on the WordPress root folder.

This can be easily done on cPanel & Plesk and the vast majority of Control Panels by changing the permissions like this:

The only one that should have “write access” on those specific files should be the owner. No other group should have any other permissions applied as those files will be read by WordPress alone. This will effectively reduce the security risk of your site by not exposing any kind of access to the outside world.

If by any chance your site gets hacked or has a malicious worm, this is how it’s going to look like.

A bad file permission or outdated theme could inflict serious harm to your WordPress installation by allowing injection of malicious code into your site. This is a classic example. Notice the @include surrounded by /*f2e34*/ ? That code is actually a “worm” that was injected by bad file permissions into a WP site. This kinds of codes could potentially create a backdoor for anyone to access your site and inject advertising, steal information and any kind of bad behavior. This is why manually changing permissions on those important files is so essential.

On your WordPress

Now let’s tweak our WordPress site to improve the security even more.

6.Different Types of SSL Certificates.

The most common way to setup an SSL certificate is on your own primary IP address. This is known as a Dedicated SSL Certificate. It will only apply to your domain and web server. Not everybody has enough money to purchase a dedicated hosting plan, but lucky for all of us, there are other solutions available.

Generally there are three different types of SSL certificates you could use. Some service providers may offer a free certificate as a limited-time trial offer but these certs are by no means any more secure than a standard HTTP connection and they expire quickly.

• Dedicated SSL – This is the most secure and evidently the most expensive solution. An HTTPS connection is only verified for your root domain targeted via a designated IP address.
• Shared SSL – Web hosts which offer shared hosting will sometimes have multiple domain names pointing to the same IP address. In this case it’s much easier for the host to manage one single SSL on each server spanning an array of different websites.
• Wildcard SSL – These can be similar to a dedicated or shared SSL certificate based on server configuration. Wildcard SSL certs will target multiple subdomains for your website. This is a viable solution if you split up different functions of your website e.g. shop.domain.com, checkout.domain.com, etc.

If you are just getting started I highly recommend using a shared SSL setup. It’s unlikely you will be able to afford a dedicated web host/IP address right away. And even if you can, the costs of a dedicated SSL certificate are atrocious. But it’s absolutely something you should look into if possible.

However, since this guide is targeted for beginners I think a shared certificate is more than enough to get started on.

How ssl Certificatess Works ?

The post How to install FREE SSL Certificate from CPanel appeared first on SYSMIC.

The introduction of GST is the boldest and single largest tax reform since the opening up of economy. It aims at providing a cohesive tax approach across India. For online businesses especially for eCommerce, it is a welcome step as passing of GST tends to rationalize seamless integration of goods and services across the country.

GST ensures absolute clarity with regards to applicability of direct taxes on transactions undertaken by online businesses. It is the first step which devices clear laws for eCommerce, thereby providing a stable environment favorable for growth and development.

Following are the key impacts and recommendations for an online business on account of GST:

Impact on Online Businesses

GST not only revamps the current paradigm of indirect taxes but also improves tax compliances.

Ease of Starting-up

GST brings in the uniformity through centralized registration which makes it easier for online businesses to get started. This centralized system replaces the old and rigid process of VAT registration issued by Sales Tax Department.

Higher Exemptions

Earlier businesses with turnover of more than Rs. five lakh needed VAT registration. GST increases this bar to Rs. 10 Lakh, thereby bringing respite for new businesses.

Simple Taxation

GST aims to minimize the hitches in the double tax system. It simplifies the process by integrating all taxes into a Uniform GST.

Reduction in logistic costs

GST eliminates border taxes which is levied upon movement of goods from one state to another. Hence the costs inculcated in the logistics movement will come down. Seamless interstate flow of goods will further accelerate the demand for logistic services. GST reduces the cost competitiveness as players are directly brought under a single tax regime.

Compliances Under GST for eCommerce

GST brings absolute clarity with regard to applicability of taxes on transactions undertaken by eCommerce companies.

Setting up of SPV

The success of GST is highly dependable on a robust IT system. Therefore, GSTN, which is a special purpose vehicle (SPV) has been set up. It aims to provide a common portal for registration, return filing and e-payment facilities.

Tax Collection at Source

GST devices that any payment made to a supplier would be subject to tax collected at source. Also it becomes mandatory for an eCommerce company to pay tax on the price it has purchased the good from the supplier, in case it decides to sell a product on discount.

Definition of eCommerce

eCommerce has been defined absolutely under the GST Act.

‘Electronic commerce’ shall mean the supply or receipt of goods or services, or transmitting of funds or data, over an electronic network, primarily the internet, by using any of the applications that rely on the internet, like but not limited to e-mail, instant messaging, shopping carts, Web services, Universal Description, Discovery and Integration (UDDI), File Transfer Protocol (FTP), and Electronic Data Interchange (EDI), whether or not the payment is conducted online and whether or not the ultimate delivery of the goods or services is done by the operator.’

It would be interesting times ahead with considerable changes GST brings into the tax system. Stay tuned with SYSMIC Knowledge Base platform for updates and insights.

The post Impact of GST on Online Businesses appeared first on SYSMIC.

The post What is SSL Certificate ? appeared first on SYSMIC.

The Transport Layer Security protocol aims primarily to provide privacy and data integrity between two communicating computer applications. When secured by TLS, connections between a client (e.g., a web browser) and a server (e.g., wikipedia.org) have one or more of the following properties:

• The connection is private (or secure) because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are generated uniquely for each connection and are based on a shared secret negotiated at the start of the session (see TLS handshake protocol). The server and client negotiate the details of which encryption algorithm and cryptographic keys to use before the first byte of data is transmitted (see Algorithm below). The negotiation of a shared secret is both secure (the negotiated secret is unavailable to eavesdroppers and cannot be obtained, even by an attacker who places themselves in the middle of the connection) and reliable (no attacker can modify the communications during the negotiation without being detected).
• The identity of the communicating parties can be authenticated using public-key cryptography. This authentication can be made optional, but is generally required for at least one of the parties (typically the server).
• The connection ensures integrity because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.

The post SSL Certificates InfoGraphics appeared first on SYSMIC.

An SSL Certificate is a digital certificate issued for a domain by a central authority called the Certificate Authority. To be issued an SSL Certificate, you must purchase an SSL Certificate and then go through a verification process conducted by the Certificate Authority.

2. Why should I buy an SSL Certificate?

An SSL Certificate does 2 things: a. Encrypt the information sent from your user’s browser to your website b. Authenticate your website’s identity.
By doing these 2 things, an SSL Certificate protects your customers and in turn increases their trust in your online business. This is especially important if your website requires users to login using passwords or enter sensitive information such as credit card details.

3. Do SSL Certificates work in all browsers?

SSL Certificates are compatible with all major browsers.

4. Can I upgrade my SSL Certificates?

Unfortunately, we don’t support upgrades/downgrades at the moment. If required you can purchase a new certificate and install it on the same web server as the old certificate

5. Do I need technical expertise to set up an SSL Certificate on my website?

While it isn’t difficult to install an SSL Certificate, it does involve following a series of steps. Our team will assist you in completely in installing the SSL certificate on your domain

6.Different Types of SSL Certificates.

The most common way to setup an SSL certificate is on your own primary IP address. This is known as a Dedicated SSL Certificate. It will only apply to your domain and web server. Not everybody has enough money to purchase a dedicated hosting plan, but lucky for all of us, there are other solutions available.

Generally there are three different types of SSL certificates you could use. Some service providers may offer a free certificate as a limited-time trial offer but these certs are by no means any more secure than a standard HTTP connection and they expire quickly.

• Dedicated SSL – This is the most secure and evidently the most expensive solution. An HTTPS connection is only verified for your root domain targeted via a designated IP address.
• Shared SSL – Web hosts which offer shared hosting will sometimes have multiple domain names pointing to the same IP address. In this case it’s much easier for the host to manage one single SSL on each server spanning an array of different websites.
• Wildcard SSL – These can be similar to a dedicated or shared SSL certificate based on server configuration. Wildcard SSL certs will target multiple subdomains for your website. This is a viable solution if you split up different functions of your website e.g. shop.domain.com, checkout.domain.com, etc.

If you are just getting started I highly recommend using a shared SSL setup. It’s unlikely you will be able to afford a dedicated web host/IP address right away. And even if you can, the costs of a dedicated SSL certificate are atrocious. But it’s absolutely something you should look into if possible.

However, since this guide is targeted for beginners I think a shared certificate is more than enough to get started on.

How ssl Certificatess Works ?

The post How SSL Certificates Works ? appeared first on SYSMIC.

The post How to create a new MySQL Database in Cpanel appeared first on SYSMIC.