Thank you customers!

Posted by Posted on by

Dear customers and well-wishers:

We have turned the corner. We fought back over a week of repeated criminal DDoS attacks designed to disrupt the services we offer our customers. Our services are now back to normal, although there are still several customers with hiccups that we are working hard to fix. We are stronger, but we continue to remain very vigilant.

But first, we want to thank you – our customers. The overwhelming support we had from all of you during this crisis was absolutely humbling. Many of you suffered large disruptions to your businesses. Many of you who host your sites with us were down. Email did not work for many of you. Like us, you couldn’t reach your customers. You had an emergency of your own, your own crisis. Despite all this, the vast majority of you understood the extreme circumstances, believed in our sole intent and desire to get you up and running again, and put your faith in us. The many messages of support and encouragement we received from you stiffened our resolve to deny the criminals what they sought. 

You were there when we needed you most. We thank you deeply.

The attacks were intermittent over six days and there were several of them. We had started to mitigate them even around the second or third attack, although we chose not to make this public at that time. We knew that such attacks are often cover for other attacks intended to infiltrate networks and steal or compromise data. We watched for them. None were detected and no data was ever breached. A demand for a ransom followed each attack. We refused to pay. We never will.

During and since the attacks, we erected several and multiple defenses in our infrastructure. We continue to work with multiple vendor solutions, including our own, to build safeguards and layers of defense. For all the obvious reasons, we will not discuss these methods publicly. We live in a world where such attacks will likely get more frequent. Just as we get more sophisticated, so will future attackers. But you can rest assured that we will spare nothing to protect Zoho and you from them.

We owe huge thanks to our own teams. This was during the biggest festival of India – Diwali – but for seven days all hands were on deck, round the clock. Product managers took on customer support. Software engineers and architects joined network and infrastructure engineers, so we make better decisions. Caterers wrote code. (OK, so that last part is an exaggeration!). Our internal communication channels were impeccable. Externally, we did our best to bring you timely and honest updates. Our CEO Sridhar was running amuck on Twitter, taking customer questions, providing updates, even troubleshooting technical issues for them on the fly! It will take a much bigger storm to halt him. We are hugely fortunate to have an abundance of talent and resolve in our people.

We have certainly come out stronger at the end of this tunnel. Our infrastructure, our people, and our processes are much more hardened. Our services are back to normal and we will do everything to keep them that way. We will continue to work with the many of you who still have service issues that need resolution. Please continue to use the support lines and Twitter (@zoho) to reach out to us. We will be on them.

We thank you once again for your patience and support at a time when it really counted. We’ll do everything to repay your trust and make sure you will continue to stay with us. And we will do it the way we know best – by building the best products to serve you.

Customer Spotlight: The Lead Exchange Finds Reliability and Ease-of-Use Switching to Zoho CRM

Posted by Posted on by

lead exchangeThe Lead Exchange, powered by Insurance Express, is one of the largest homeowner’s insurance writers in Florida, working with agents across the state. As director of agency sales Garrett Mitchell explained, “We help agents place insurance business when they might not otherwise be able to. Our network includes over 200 partner agents, who refer us business on a daily basis, and up to 40 companies across the state.”

When a customer enters an agent’s office to inquire about home owner’s insurance, The Lead Exchange serves as a third party avenue to assist those independent agents in getting winning outcomes. “We beat the rates, we capture the business, and we split the commission with the partner that referred us,” Mitchell said. “That’s the backbone of our business.”

Several months ago, The Lead Exchange realized it was paying the price for working with a slow CRM with poor-quality updates. Because their CRM was outdated and unreliable, information was falling through the cracks, customers were not being followed up with, and customer service was suffering. Mitchell knew it was time for a change. Read more

Zoho services under criminal attack

Posted by Posted on by

UPDATE: 0800 pacific time, Nov 12

All Zoho services are now functioning  normally. We have performed many upgrades and are monitoring carefully. We’ll make a detailed statement soon.

UPDATE: 1605 pacific time, Nov 10

Finally we have made progress with Mail! Mail should be clearing now and reaching you. The protections we put in place to mitigate DDoS attacks had the side-effect of affecting mail delivery. We have identified these and cleared them so things should be working now.

Please tweet us @zoho, or call support, if you’re still not receiving mail. Your business runs on Mail and we can completely understand how stuck you must have felt. Thank you immensely for your patience and understanding.

UPDATE: 0915 pacific time, Nov 10

We continue to be on very high alert, watching all services very closely. The last several hours have been focused on performance issues and bottlenecks that many of you customers have reported over the last several hours.

UPDATE: 0615 pacific time, Nov 10

Due to the emergency rerouting – designed to mitigate the attacks – some links still have issues. As a result, you will see some slowness and delays on mail delivery. We’re working on this and will keep you posted.

UPDATE: 1815 pacific time, Nov 9

The attacks continue and we are managing to stay afloat. We are not assuming that the worst is over yet and customers should not either. Stay with us.

UPDATE: 1545 pacific time, Nov 9

Almost all services have been up all day, today. Services are all much slower than usual, although we can see some improvement over the last few hours. Incoming mail is extremely slow.  Many customers have pointed this out and we’re deeply sorry that it’s directly affecting your businesses. Our team is working specifically on this issue right now.

Please read the other post in this blog, Answers to frequent questions, to get answers to specific issues. We will continue to update that as well.

UPDATE: 1034 pacific time, Nov 9

Most services are up, not all. Service continues to be slow. Working on it.

UPDATE: 0847 pacific time, Nov 9

Here is what is happening with our infrastructure. We had several pending updates that were designed to mitigate DDoS attacks. Those updates were scheduled to go live in the next 2-3 weeks. We have had to squeeze them in over the last weekend. That has created a bit of instability in our systems, given the emergency nature of the upgrades themselves.

So while we have taken successful counter-measures against DDoS, we are now working on strengthening our systems. We have traffic rerouted through our secondary data center and that introduces more hops that adds latency (delay) as well. We are working on all these issues right now. Thank you for your patience.

UPDATE: 0650 pacific time, Nov 9

Due to relentless attacks we have taken emergency counter measures. Part of this is to reroute traffic and data, through additional network hops to filter out the attack. This added complexity is making service access unstable and slow for customers. We are working on it as we speak.

UPDATE: 2015 pacific time, Nov 8

Services are up and we are mitigating the attack. We fully expect them to keep coming though and disruptions may yet occur.

UPDATE: 1705 pacific time, Nov 8

Zoho services were targeted again on November 8 at 1705 hours pacific time (0115 GMT). Services were down for about 33 minutes and came back up. Many are not reliably up yet. Our teams have been working nonstop over the last 72 hours with various counter measures. We are still at it and are prepared for tough days ahead. We expect more attacks and more service disruption as we get into the work week. Please stand with us at this time.

Zoho under distributed denial-of-service-attack:  Nov 6

Dear Customers and Well-wishers,

Zoho was subject to a criminal attack to our networks called a distributed denial-of-service attack (DDoS). This started at 8:15am pacific time on November 4, 2015 and has continued intermittently. The obvious intent is to make Zoho and all of our services unavailable to customers by flooding our servers with bogus requests from multiple sites. The attack was accompanied by threats and a blackmail attempt at extortion to prevent ongoing attacks.

This attack is focused on denying access since it targets the network connections to our servers. All your data are sound and secure, but unfortunately you cannot access it reliably. This is like a crowd of people standing around the entrance to your bank, preventing your entry. Your money is in there and safe, you just can’t get at it until we have them all moved.

Companies like us, that have offered services accessed through the internet for many years, carefully prepare for and expect these attacks. But the attacks are getting worse and more sophisticated. In fact, there have been other attacks this very week. Secure email providers like ProtonMail and Runbox have been hit. Many major banks and businesses with online customers have seen these attacks in the last year.

We’re working round the clock, with service providers, experts, and others to continuously improve our defenses. We are also contacting law enforcement. There is no single silver bullet to fix these issues and we have to work at it diligently and with the right experts behind us. We expect that these attacks will continue, but we also expect to prevail.

In the meantime, things will be rough for you, and you have our deepest apologies. The most unfortunate part is that we cannot tell you exactly when everything will be back to normal. We simply cannot know. We regretfully ask for your patience in advance, knowing fully well that you rely on us to run your business and to serve your own customers. We are deeply sorry for your trouble.

Please stand by us as we fight this attack. We cannot give in to criminals and embolden them to perpetuate other attacks. Thank you again for placing your trust in us.

Our status page shows available services at any time and we will communicate through this blog and through Twitter (@zoho).

Answers to frequent questions

Posted by Posted on by

For the most recent updates, see

1. I am unable to reliably access Zoho services this week. What is happening? 

We’re facing a criminal cyber-attack called a DDoS (Distributed Denial of Service) aimed at denying access to genuine users of our services. This started on Nov 4, 2015. Updates are available at and we’re also posting on our @Zoho Twitter handle.

2. How are you planning to mitigate this attack?

Our network and infrastructure teams have been working – non-stop – on mitigating these attacks since they started. We have received and handled many of them already. We are also working with other experts to erect various defenses, using multiple approaches. 

3. When will services be fully restored?

Unfortunately, this kind of attack makes this unknowable. These are criminals using the internet to extort companies and deny service to their paying customers. If past experience of other companies is any guide, such attacks can last from hours to days. Rest assured that we are doing our best and working with all the right people to mitigate these attacks and will keep you posted.

4. Is my data safe?

Yes, all your data will remain safe and sound. You may not be able to access your data reliably, given the unpredictability of the multiple attack sequences, but you will not lose any data.

5. Do I need to change my password?

No, you do not need to change your existing password. However, you may experience disruption in accessing services.

6. Will I get all emails sent to me? Will emails get lost?

You will not lose messages sent to you. Email messages may be held up in various hops on the internet as they make their way to our servers. They will remain there until they can reach our servers. Delivery will be automatically retried, usually for several days. 

7. I’m not able to get mail on my phone. Why is POP and IMAP email not working?

POP and IMAP traffic has been blocked as of now, as it poses attack and performance risk. So you may not be able to receive mail on your smartphone. We are working through alternatives to address this. In the meantime, Zoho webmail will work (whenever our services are not under immediate attack). You can also install the Zoho Mail app on your smartphone from any app store. That will continue to work. Incoming mail is hugely delayed, so this will impact your use.

8. I am unable to receive incoming mail that’s critical to my business. What’s being done?

Incoming mail continues to be delayed. Messages may often arrive out-of-turn. As we mentioned elsewhere, rerouting traffic to mitigate attacks has added various network hops and this has slowed things down. Services have been a lot slower and mail is really delayed. We are currently investigating the mail delay issues.

9. As a Zoho user, is there anything I can do to help?

Although, we’re doing everything we can to fight this attack, access to Zoho services might be intermittent. Your patience, support, and intolerance for criminal intent will be greatly appreciated during this period. 

10. Zoho hosts our website and we depend on you for our business. Why were these down? 

The attacker had used our own customer sites to launch the attack (so they can gain legitimately gain access to our servers), so we had to shut them down. These are now being restored.

11. What should customers hosting websites with Zoho expect?

Many customers have asked about this same issue. If your website is hosted with Zoho Sites, please follow these steps to ensure that your website is accessible:

  1. Login to your domain manager, forward the root domain ( to using the domain forwarding option
  2. If you’ve already added an A Record that is pointing to, remove it
  3. Make sure you’ve added a CNAME Record with host name www, pointing to
  4. Login to your site builder and set (domain name with www) as the primary domain

Note: The term domain forwarding is also commonly known as URL forwarding, web forwarding, URL redirect etc. The changes made in your domain manager should take effect in a couple of hours, depending on your domain provider. If you still need help contact

12. My mail still does not work. Could my MX record be off?

You may know that your domain (eg, has something called an MX record that points to an email server configured to process email for your domain. We have noticed that some customers use an exact Zoho IP address in their MX records to specify the mail server. This is NOT recommended practice.

IP addresses may be changed for a number of valid reasons. One of them is security, so the specific IP addresses do not become targets for cyber criminals. When IP addresses change, your MX record will now point to a nonexistent server and your mail will no longer work. Zoho changed its IP addresses this week (I wonder why?), so this could be impacting your email.

This issue is easily solved by using a DNS mail server name (that represents the Zoho mail server, whatever be its IP address) in your MX record. This will automatically be resolved to the right address for you. Please update your MX record as below: 10 20

Look up to see exactly how the table will look like.

Servicios de Zoho blanco de ataque cibernetico

Posted by Posted on by

Estimados Clientes y Usuarios,

Zoho ha sido blancode un ataque criminal cibernetico a nuestra red de conectividad. Este ataqué es llamado DDoS (ataque distribuido de coneccion a redes, por sus siglas en ingles). Este comenzó a las 8:15am hora del Pacífico en Noviembre 4, 2015 y ha continuado desde entonces intermitentemente.

El objetivo principal de este ciberataque es el negar el acceso a todos los servicios de Zoho nuestros clientes al sobresaturar nuestros servidores con tráfico ilegítimo.  El ataque ha sido acompañado de amenazas e intentos de chantajes de extorsión – que nos exigen entregar dinero para prevenir que los ataques continúen.

El ataque está enfocado en negar el acceso ya que su blanco principal es la conección de red de nuestros servidores. La información de nuestros clientes se encuentra segura y sin peligro de ser accesada en estos ciberataques. Todos los datos de nuestros clientes se encuentran seguros. Solamente y desafortunadamente, el problema con estos ataques se encuentra en una negacion de acceso en ciertos momentos. Esto es como en el caso de una cuenta bancaria: uno no puede accesar al banco cuando un grupo de personas se encuentran bloqueando la entrada al banco. Su dinero esta seguro adentro, pero no puede tener acceso a él hasta que la gente se haya movido y quede desbloqueada la entrada.

Compañías como nosotros, que por muchos anos hemos ofecido servicios con acceso por internet, sabemos que podemos ser blanco de estos ataques y nos preparamos para los mismos. Sin embargo, estos ataques se han vuelto cada vez peores y mas sofisticados. De hecho, esta misma semana han sido victimas de ataques otros proveedores de servicios en linea como ProtonMail y Runbox. Este mismo año otras companias, incluyendo bancos y otras grandes empresas de negocios en linea, han sido víctimas de ataques similares.

Les podemos asegurar que estamos trabajando sin descanso, con proveedores de servicios, expertos y demás para solucionar este problema y para continuamemte mejorar nuestras defensas ante estos ataques. Tambien hemos contactado las autoridades correspondientes. No existe una “varita magica” que solucione este problema y tenemos que trabajar enfocados y con los mejores expertos en el área para poder detener estos ataques. Sabemos que estos ataques van a continuar, pero también sabemos  que nosotros vamos a triunfar sobre ellos.

Mientras logramos detener estos ciberataques contra Zoho, ustedes van a ser los que más sufren al no poder accesar con certeza a nuestros servidores. Estamos conscientes de esto y les extendemos nuestras mas sinceras disculpas. Lo mas dificil de todo esto es que no podemos determinar con precisión cuando va a volver todo a la normalidad. Simplemente no podemos saber. Pero les pedimos paciencia de antemano, sabiendo que cuentan con nosotros para manejar su negocio y para servir a sus propios clientes. Sentimos mucho este inconveniente.

Les pedimos su confianza y su respaldo mientras resolvemos este ataque. No podemos ceder ante estos criminales y ayudarlos a que lleven a cabo otros ataques ciberneticos. Gracias de nuevo por depositar su confianza en nosotros.

Nuestra pagina de status muestra los servicios que estan disponibles en un momento dado y seguiremos comunicandonos por este blog y a traves de Twitter (@zoho).

Recent Service Disruptions

Posted by Posted on by

We have been facing an on-and-off surge in network traffic that is causing these service disruptions. It is a denial of service attack, and we are working with our service providers to mitigate it.

As we work through these, we are also putting in place stronger measures so that we can withstand serious attacks in future.

We sincerely apologize for these service disruptions. Our own business relies on Zoho so we know how painful these disruptions can be. We want to assure you that we are working on both short term and long term steps to handle these attacks.

Page 3 of 33312345...102030...Last »