Email Delivery Changes on VIP

Following our earlier communication this month, we’re taking additional steps to fortify the reliability and security of email delivery from the VIP platform. This initiative underscores our commitment to providing a stable and trustworthy platform for all our users.

Key Updates

  • Mandatory Email Authentication Records: For domains mapped to VIP application environments, SPF, DMARC, and DKIM records are required. Email messages originating from domains that are mapped to VIP application environments but that do not have valid DKIM records will not be signed by our SMTP servers after 1 February 2024. 
  • Policy for Unmapped Domains: Emails from domains not mapped to VIP app environments will face a stricter policy. Starting in March 2024, our SMTP servers will reject such emails. However, to ease this transition, we’re implementing a one-month grace period.
    During this time, emails from unmapped domains won’t be blocked outright but will have their headers rewritten to be sent from donotreply@wpvip.com.

Action Required

  • Verify and Update Domains: Before an application can send email using  WordPress VIP mail servers, its domain name must be mapped to VIP. Please verify that the domain is listed on the Domains & TLS page in the VIP Dashboard. Soon, emails sent from unmapped domains will be rejected.
  • DNS Setting Updates: As mentioned in our previous post, please ensure that your domains include the DNS records specified. This update is crucial to maintain uninterrupted email services.

We appreciate your prompt attention to these changes. Our goal is to ensure a seamless transition and continued excellence in service delivery.

If you have further questions about this change or how it affects your domains, you can open a ticket with VIP Support.

Reminder: DNSSEC implementation for convenience domain

On January 2, 2024 we announced that WordPress VIP will implement DNS Security Extensions (DNSSEC) for the go-vip.net domain on February 2, 2024. 

This post does not contain any changes from the original post, it serves as a reminder.

No action is required on your part.

If your domain points to a go-vip.net domain via an ALIAS, ANAME, or CNAME, DNS record, or if you access an unlaunched site at the go-vip.net domain, you will benefit from this enhancement. Our team has worked diligently to ensure a smooth transition for all applications, and we anticipate no downtime or complications.

What is DNSSEC?

DNSSEC is an advanced security protocol designed to protect Internet users from a range of cyber threats. It adds a layer of security to the Domain Name System (DNS), which is responsible for converting domain names (like go-vip.net) into IP addresses.

DNSSEC validates DNS responses with cryptographic proof, ensuring the resolution process is secure. Protecting your site from threats such as DNS spoofing and cache poisoning, techniques that allow attackers to redirect your visitors to a fraudulent site.

We have not experienced such attacks on the go-vip.net domain, but security is a top concern, and we want to prevent this possibility.

If you have further questions about this change or how it affects your domains, you can open a ticket with VIP Support.

Notice: Scheduled Maintenance for VIP Go API

We will be upgrading the primary database server that powers the VIP Go API. This upgrade is scheduled to begin at 4 AM UTC on Thursday, November 30, 2023, and last no more than 1 hour. During the maintenance window, we’ll be promoting a new primary API database.

No downtime is expected as a result of this maintenance. Sites will continue to serve requests, and most editorial and publishing activity can continue as normal. The following services will be impacted for up to 15 minutes in total during the maintenance window:

  • VIP File System Writes: WordPress users will be unable to upload media files during the maintenance window. Additionally, any services that programmatically upload files to the VIP File System will return errors during the upgrade.
  • Data Sync operations will be unavailable during the upgrade. Attempts to start a new data sync will result in an error message.
  • Domain mapping: Customers will be unable to map a new domain to their VIP Go environments during the upgrade.

No action is required, but if you have any questions, please open a support ticket and we’ll be happy to assist.

HTTP/2 and curl Security Updates

VIP has completed work to mitigate two unrelated, recently disclosed security vulnerabilities.

VIP constantly maintains the security of our infrastructure. We don’t announce that every mitigation has been completed, but these issues were widespread, significant, and well known, so we wanted to be clear that you are protected on VIP.

HTTP/2 Protocol

On October 10, 2023 CloudflareGoogleAmazon, and others posted about a newly discovered and actively exploited vulnerability in the HTTP/2 protocol that lets attackers launch very large scale attacks with very few resources. Nearly every web server in the world, including those at VIP, use this protocol and were susceptible.

Soon after the disclosure, a patch was created that will be included in the next version of the affected software. We have deployed this patch to all of our web servers ahead of the general release. This deployment was complete within hours of the vulnerability being announced.

Please note that this vulnerability could only be used to trigger a denial of service issue – it cannot be used to steal or modify user data, access your systems, etc. VIP has no evidence that sites were affected via this method.

curl

On October 3, 2023, the founder and lead developer of curl and libcurl, a low-level library used in many applications, announced a significant vulnerability and that a fix would be available in a new version to be released on October 11, 2023.

We were prepared for rapid deployment of that new version across our infrastructure and completed that within hours as well. Your site is now protected against this issue.

Summary

The VIP team mitigated both of these highly impactful security incidents as part of our ongoing promise to assure your sites are secure, reliable, and lightning fast. We have not seen any malicious activity related to these issues at this time.

Your site is protected from both of these incidents, and no further action is necessary on your part.

Notice: Scheduled Maintenance for Notifications management on the VIP Dashboard

Update, 28 September – This maintenance has been completed.

We will perform maintenance on a service that powers Notifications management for the VIP Dashboard. The maintenance window for this upgrade will begin at 9 AM UTC on 28 September 2023, and is expected to last no more than 2 hours (we will post updates on this post).

Listing, viewing, adding, updating, and removing both notifications and destinations will be unavailable during the maintenance.

Notifications will continue to be delivered. No application downtime is expected as a result of this maintenance. Sites will continue to serve requests, and editorial and publishing activity can continue as normal.

If you have any questions about this maintenance, please open a support ticket and we’ll be happy to assist.

You can learn more about this feature in the Notifications announcement post or our documentation about Notifications.

Notice: Scheduled Maintenance for part of the VIP Dashboard

UPDATES

We will perform maintenance on a service that powers various features for the VIP Dashboard. The maintenance window for this upgrade will begin at 9 AM UTC on 22 June 2023, and is expected to last no more than 4 hours (please see the updates on the same post)

No application downtime is expected as a result of this maintenance. Sites will continue to serve requests, and editorial and publishing activity can continue as normal.

The following services will be impacted during the maintenance window:

  • The Plugins panel: The list of plugins shown would be stale for the period of the maintenance, e.g. recently added plugins will not show, recently removed plugins will remain until maintenance is completed.
  • Network Sites panel: the list of network sites will be stale, e.g. recently added network sites will not show, recently removed network sites will remain until maintenance is completed. This will not affect you if you do not use WordPress multisite.
  • WordPress multisite network site launch tool: the tools for launching a network site will not be available during the period of maintenance. This will not affect you if you do not use WordPress multisite.
  • Media Backup export: you will be unable to restrict the files to a particular network site when generating the backup to download.This will not affect you if you do not use WordPress multisite.
  • Database Backup export: you will be unable to restrict the database tables to just those tables associated with a particular network site when generating the backup to download.This will not affect you if you do not use WordPress multisite.
  • Launch status: the launched status (typically shown at the top of the left sidebar) will not show for multisite applications.

If you have any questions, please open a support ticket and we’ll be happy to assist.

Notice: Scheduled Maintenance for Media Backups & Imports

We will perform maintenance on the service that powers the Media Backups and Imports features across the WordPress VIP Platform. The maintenance window for this upgrade will begin at 9 AM UTC on May 22, 2023, and is expected to last no more than 2 hours.

No application downtime is expected as a result of this maintenance. Sites will continue to serve requests, and most editorial and publishing activity can continue as normal. The following services will be impacted during the maintenance window:

  • Media Backups: Customers will not be able to request Media Backups from the VIP Dashboard
  • Media Imports: Customers will not be able to import new media via the VIP CLI

No action is required, but if you have any questions, please open a support ticket and we’ll be happy to assist.