We’re happy to announce that Gossamer Threads successfully completed an SSAE 16 (US) audit, as well as its Canadian and international counterparts, the CSAE 3416 and ISAE 3402. Often used by companies offering cloud hosting and software as a service, these audits represent an assurance to our clients that we’re meeting the standards and workflow we advertise.

What is SSAE 16?

SSAE 16 stands for Statement on Standards for Attestation Engagements No. 16 and is accountant-speak for the examination of an organization’s systems, processes, and controls, and the issuance of an industry-standard report. The audit guidelines are set out by the American Institute of Certified Public Accountants, and must be performed by a third party certified accountant or accounting firm. The third party looks at the information we give our clients with regards to security and control systems, and gives an opinion about the quality and accuracy of the information being claimed.

Because we like to do things properly, we chose to go with a “Type 2″ audit, which means we were monitored during a specific time period (September 2012 to February 2013) instead of just one specific date (Type 1).

What’s on the audit?

Since criteria for SOC1 reports are not defined by default, we worked with the CPA firm Auditwerx to identify categories and standards important to our field. We settled on information technology, application development, hosting, and our transaction processing systems as key criteria.

The auditor performed a physical inspection of our office and data center, interviewed our senior staff, and documented their work with numerous photos of our facilities and screenshots of our websites and workflow documents. Our data center as well as our company and human resource policies have been examined with a focus on security as well as proper environment for the servers.

The result: The auditor confirmed that our stated controls and processes are fully in place and designed effectively.

What does that mean for you?

Many of our clients use our platforms and applications for business-critical purposes and need to be sure that their information is secure. With the audit focusing on security and proper server storage, our clients can rest assured that we are holding to the standards we advertise in security, personnel, and server infrastructure. Their valuable data will be kept at the highest levels of integrity when working us.

With Gossamer Threads, you know that the label and the service are the same. Interested in working with an up-front hosting company? Let’s talk.

We’ve been working with WordPress for years, from adding tagging functionality before it became a standard WP feature, to optimizing it for clients, to powering this very blog. It’s a great platform to develop for, and we’re always looking for new ways to customize it, giving new WordPress functionality to our clients and the WP community at large. Here are a couple of new, custom plugins we’ve developed for WordPress!

Wordy for WordPress

We’ve worked with Wordy, a unique copy editing service, for a while. Given how much of their business comes from bloggers, Wordy wanted to give their clients a simple and efficient way to have their posts read over. We developed a plugin which integrates into the back-end of a WordPress installation, allowing bloggers to submit their posts to Wordy and receive corrections without having to leave their installation (leaving them with more time to start drafting their next post!).

Submitting a sample blog post to Wordy through WordPress.

After providing your Wordy account information upon installation, the plugin authenticates your credentials against your account when you submit a post for review. The cost of the editing job is provided, as well as an estimated delivery time of the editing job. The revisions will be automatically saved as a draft in your WordPress installation, allowing you to review and publish newly edited versions of your posts quickly and easily, and an on-board messaging system lets you discuss revisions with your Wordy editor. Take a tour of the plugin and download it!

GTmetrix for WordPress

After launching our GTmetrix tool, we were happy to see it find a warm reception in the web development world, and were keen to find more avenues in which to offer GTmetrix’s web optimization insights. Our work with WordPress seemed like a great fit, so we built a plugin which integrates GTmetrix’s functionality into the CMS.

After installation and logging into your GTmetrix account, you can configure the plugin to meet your WordPress site’s specific needs. If your site has a region-specific target audience, you can choose a location from which speed tests will be performed, allowing you to tailor your optimizations to improve your visitors’ specific web experience. Choose whether or not the performance of off-site ads will be included in GTmetrix’s evaluations, and create labels for regularly tested pages to save time.

Reviewing past speed tests.

Scheduling GTmetrix tests with the plugin is a snap, and by browsing through archived test results in WordPress, or viewing GTmetrix’s graphs, you’ll be able to clearly track the impact of your optimization efforts. E-mail alerts can also be configured, letting you know if one of your scheduled tests falls below a specified GTmetrix grade. Learn more about the plugin and download it!

Charting load times.

Getting The Most Out Of WordPress

Interested in giving your site’s WordPress installation a boost? Check out our WordPress Optimization Guide. In addition to checking your installation’s performance with our GTmetrix tool, you can walkthrough installing and implementing some additional plugins which will help to speed up your site and reduce traffic.

Ready to take your WordPress installation’s growth to the next level? Gossamer Threads’ Enterprise WordPress Hosting offers tailored hardware configurations and expert support staff, ensuring that your site has the foundation it needs to grow.

Part of being a hosting provider is dealing with everybody’s least favourite part of the internet: spam. Unlike most folks, we have to deal not only with incoming spam, but also outgoing spam which our servers may be sending. It’s important to handle spam complaints quickly, not only for the general good of the net, but because one server’s spamming may result in multiple servers being added to spam blocklists, affecting other hosting customers. Here’s how we keep an eye out for spam…

Monitoring Spam

There are several different ways in which we monitor and track the e-mail that originates from our network.

• Reputation: Service providers such as Senderscore and Microsoft publish IP reputation reports, based on the ratio of spam to legitimate e-mail they observe coming from specific addresses. We track and graph those scores for both individual machines and aggregated across our entire network, so that it becomes apparent if our reputation is becoming affected for any reason.


Tracking Spam Scores.

• Realtime Black Lists: RBLs are lists of known spam-heavy servers that are published online by various anti-spam groups. Getting published on a major RBL will quickly result in any e-mail you send being marked as spam. If you allow spammers to remain on your network, most RBLs will have no problem adding an entire hosting provider to their blacklist. As such, it’s important that we keep tabs on RBLs and take action as required immediately. Thankfully, we’ve only ever had to terminate service for one client due to spamming.
• Feedback Loops: Larger e-mail providers (like AOL and Hotmail) allow internet providers to subscribe to feedback loops for their IP space. This means that if a user clicks on “Report spam” in their webmail for an e-mail which came from us, we’ll receive notification about it and can investigate further.

Since IP addresses aren’t specific to a single server, we also make sure to track all of these statistics even if an IP is moved from one customer to another. This way we can make sure that a new customer isn’t allocated a tainted IP that has had spam issues in the past.

Logging and investigating spam complaints.

Managing Spam Compaints

Here are the three most common types of spam complaints we receive.

• Hacked account: A customer’s e-mail account has been compromised (by malware, unsecure wifi, or another security problem) and is now being used to send out spam. In these cases, we’ll immediately change the password and remove all e-mails from the outgoing mail queue. We’ll then follow up with the customer to advice them to run a fresh virus scan, enable encryption and make any other changes that may prevent this from happening again.
• Website forms: This is usually caused by “refer a friend” style forms which allow a user to enter an e-mail address or comment to a page without having CAPTCHAs or login requirements to deter spammers. Usually, rectifying this requires involvement from the customer as it requires site development, so we’ll clean out what we can and then contact the customer.
• Malware: Occasionally we see a website that’s been compromised due to outdated or buggy applications, in which hackers have uploaded a script to send spam. In these cases, we immediately start forensic examinations to track down which script gave the hackers access, and isolate what files they may have changed or uploaded. Once we feel comfortable that we’ve found everything, we’ll move the suspect files into a secure location, and then start restoring known clean files from backups. Customer involvement is also important in making sure that the initial attack vector is closed by upgrading or removing the scripts that were used to gain access.

Additionally, we have some customers who send messages to mailing lists but are being flagged for spam complaints. In these cases, we work with the customer to make sure that all e-mail addresses are double opt-in and have proper unsubscribe links and headers. If the customer isn’t interested in being a good netizen and making sure users actually want to receive their e-mail, we will remove them from our network.

Keeping Our Network Spam Free For Our Customers

We’re committed to helping our customers develop and build their online presences and reputations. Making sure spam doesn’t get in the way of that development is just one of the ways we do that. Read more about the other advantages that come with hosting with us.