May 18, 2017

Even email service providers can get compromised

keyboard with email spelled out

In our quest to authenticate the world’s emails, a big part of Valimail’s job is helping domain owners get to email authentication enforcement.

But we also work with big email senders — the email service providers (ESPs) used by our customers — to help them become a more seamless part of their customers’ infrastructure. If the ESPs can ensure that their customers’ emails authenticate properly, that’s good for the ESPs, and it’s good for our customers too.

This work gives Valimail worldwide visibility into what different email services (and not just IP addresses or domain names) are actually being used by our customers, and what kinds of issues companies and EPSs face.

For instance, most people think of malicious emails as being sent from compromised hosts or from rented servers around the world, but this is not always the case. Valimail has also seen multiple cases where the ESPs themselves are the sources of malicious email. This is not due to any malfeasance by the service provider. Actually, the ESP in this case is itself a victim of bad actors who have compromised their robust email systems and are using them to get better deliverability for their own malicious emails.

For example, we recently discovered that a small email service provider (ESP) in Latin America was sending emails that appeared to come from several of our customers. Our customers told us that they had no relationship with this sender, so we followed up with the ESP and notified them of the issue.

Working together with the ESP, we were able to identify that a component in their infrastructure had been compromised and was being used to fraudulently send emails. The ESP addressed the issue and this fix put an end to the fraudulent emails. Not only did this work stop a source of unauthorized emails (thereby protecting our customers’ reputations), but it also helped the ESP preserve its own reputation.

At the end of the day, an ESP’s business is all about ensuring that they can effectively send emails on behalf of legitimate customers — and for good deliverability, a sterling reputation is essential.

Top image by miniyo73/Flickr

Subscribe to our newsletter