Valimail puts an end to attacks against a regional bank and restores domain reputation

Challenge

After hackers discovered that the bank was not protected against email impersonation, they started sending millions of unauthorized emails that appeared to come from the bank’s domain. Mail servers receiving these messages marked the bank’s domain as a “bad actor” and started blocking all emails from that domain, including legitimate messages, bringing the bank’s business to a halt.

Solution

Valimail deployed Enforce™ and got the bank to DMARC enforcement in a matter of days — stopping the attacks cold and completely blocking millions of fraudulent emails.

Results

The major mail receivers removed the bank’s domain name from blacklists, and the normal flow of the bank’s email traffic was revived. Since then, there has been an 88 percent decrease in the number of unauthorized emails attempting to impersonate the bank’s domain.

phone over city view

The business

A regional bank with over $6 billion in assets, serving consumers and businesses in the Northeast U.S. with deposit, loan, equipment finance, and cash management services through its community-focused banking offices.

The challenge

After hackers discovered that the bank was not protected against email impersonation, they used it as an opportunity to extort money. When the bank wouldn’t comply, the hackers sent millions of unauthorized emails impersonating the bank’s domain. The bank’s email volume could usually be counted in the tens of thousands of messages per week, but with its domain wide open to the hackers’ impersonation attacks, it suddenly jumped to about 20 million emails per day. It was clear that the majority of the email that appeared to be from their domain was spam, so Google and other large Mail Transport Authorities (MTAs) classified the bank’s domain as a “bad actor” and blocked all emails from that domain.

This blocked the bank’s legitimate messages as well as the spam, making it impossible to communicate with customers, partners, and others outside the bank. It appeared that the bank’s reputation was irreparably damaged.

“Given the urgency of the problem, the bank needed a quicker move to enforcement. Valimail’s automated system was able to deliver that.”

The solution

Valimail quickly deployed Enforce™ and got the bank to DMARC enforcement in a matter of days — stopping the attackers in their tracks and completely blocking millions of fraudulent emails.

In DMARC deployments, a best practice is to monitor traffic for at least thirty days before moving to enforcement. However, given the urgency of the problem, the bank needed a quicker move to enforcement. Valimail’s automated system was able to deliver that, while providing the visibility needed to identify and whitelist legitimate email senders rapidly.

Once the bad actors no longer had access to the bank’s domain, the bank was able to rebuild its reputation and email ecosystem. In the Valimail platform, the bank could see all the senders in its email ecosystem, and with one click, could authorize each of the senders it wanted to approve. By allowing only authorized senders to use the domain name, everything else was blocked by receiving mail servers and MTAs. The bank no longer needed to worry about hackers impersonating its domain.

The results

When the bank came to Valimail in June 2016, about 84 percent of the emails from its domain were unauthorized or suspicious. That number has now dropped by 88 percent, to less than 10 percent. While the bank still sees the occasional spike in unauthorized emails, it knows that with Valimail Enforce™, those emails won’t be delivered.

With this achievement, the receivers/MTAs re-evaluated the domain’s reputation and reinstated the bank’s email traffic. The bank, its customers, and the mail receivers of the world can now trust that emails from the bank’s domain are safe.

Related Case Studies