Address leak leads to phishing

A number of people in the industry are reporting getting phishing emails to addresses they used at DocuSign.
There were initial reports of a DocuSign data breach back in December. Now it appears DocuSign is being used as a phishing target.

At 8:40AM PST this morning, 1/24/2013, DocuSign became aware of new malware spam emails that are being sent as if it was coming from the DocuSign service. An example follows immediately below. These emails are not coming from DocuSign and you should not click on any links or attachments therein. They are coming from an unrelated, malicious third party attempting to copy DocuSign’s email branding in the hopes of fooling recipients into opening the email and clicking on links and/or attachments.

This seems to be a widespread phishing attack. Watch your links.

How difficult is it to get on whitelists?
A Spam Blast from the Past

Related Posts

AOL bounces and false positives

A number of people have been seeing an increase in AOL bounces over the last few days. Some of these are the new rejection 554/421 CON:B1 message. This is, basically, you’ve topped our thresholds, back off.
The other one is a bit more interesting. The error message a lot of people are seeing is 554/421 RLY:SN. Senders should only be getting this error message when they are sending email from a banned address.

Read More

Return Path partners with Symantec

Today Return Path announced a partnership with Symantec to improve their anti-phishing product. Return Path is incorporating the Symantec Trusted Domain List into their authentication and filtering product to help customers protect their brands. Press Release
Phishing scams affect everyone, and having a brand that is used in phishing can reduce consumer trust in that brand. Protecting brands in email has been one of the more difficult challenges facing the email community. With the adoption of DKIM and DMARC by major brands and ISPs it has become easier to track and address phishing.

Read More

Six months or out

Mickey Chandler has a great post up about Triage vs. Planning. Where he talks about the decisions you make differ depending on the context.
It’s a good read, and I strongly encourage everyone to go give it a look.
But his post led me to a post by Andrew Kordek at Trendline where he claims that there is an industry rule of thumb that says 6 months is the rule of thumb to define an inactive.
Wait, What?
I know there’s a huge amount of controversy in the email space about whether or not you should purge inactive addresses. I know there are some very vocal people who think that removing inactive addresses is tantamount to marketing suicide. But where did 6 months come from? Who made it an industry standard?
If we don’t know where the standard came from, if we don’t know why we’re doing it then what kind of mickey mouse industry are we running here?
There is a lot about email marketing that is empirical. You poke the black box on one side and see what happens on the other. The problem with that is, that we can “discover” a lot of effects that aren’t real, but somehow turn into “you must do this!”
I have no doubt there are times when a 6 month expiry is a good idea. A number of my clients over the last few years use a much, much shorter time because that’s what works for them. I also know there are times when longer expiry times are a good idea, too.
It’s really important that when you’re making decisions about your email marketing program that you don’t mindlessly apply “standards” to what you’re doing. Think about the practical effects of your decisions and put them in context with your overall business plan.
To do otherwise is to kneecap your email marketing program.

Read More