Email spam and malware, phishing attacks and Business Email Compromise (BEC) scams are some examples of how a person or an organization can be affected by one of the most commonly used communication channels – email.
Surely, every single one of us has at least once fallen victim to:
- Spam is an unwanted content that is delivered to an inbox, usually aimed at selling something. According to the recently published Symantec report, 53% of all incoming mail in 2015-2016 was spam.
- BEC scam activity is often directed at C-level personnel at an organization and may result in large-scale financial losses for the company. BEC scammers choose the victim and send a maximally personalized message that includes an official request for payment, bank transfer, an outstanding invoice, etc.
- Phishing is similar to spam since it is usually sent out in bulk, where the difference lies in the email content itself. These messages focus on asking for personal and security information, such as name, bank card details, account numbers, login and passwords, etc. However, the Symantec findings state that thanks to the general high level of awareness, people seem to be less likely to open, click or in any other way interact with such kind of email content.
Test mail server spam abuse
However, in order to perform any of the above-mentioned security breaches, one has to get access to some kind of an email distribution tool (software). And, here is where we can see the full picture and can easily identify all parties that are usually involved in the email spamming process:
- Spammers, who initiate and manage the distribution of spam campaigns.
- Software, the functionality of which they abuse for their benefit and without obtaining any consent from the software owners.
- End users (people and organizations), who spammers direct and specifically target all these activities at.
Are email sending systems happy about such activities? Of course not. So, what measures do they take to prevent such misuse? They introduce guidelines containing clear instructions as to what steps a person who falls victim to spam has to undertake; provide contact data and outline the procedure for filing a complaint; invest in educating users; develop automatic monitoring for all outgoing email.
With this article, the Mailtrap team wants not only to share our story but also raise awareness about the problem and contribute by helping the global community fight it.
Checking out HTML email rendering with test mail server tool
In order to perform thorough testing of email distribution and delivery, one has to be able not only to send but also capture and view how an email is being rendered by both native email clients and web services. That is why some time ago Mailtrap enabled the forwarding of testing emails from the Mailtrap’s test mail server inbox to a specified by a Mailtrap user email address or domain.
At the time, Mailtrap automatically added the [Mailtrap Forward] prefix to the subject line of every message forwarded by the service. Our team anticipated that spammers would not be willing to perform mass emailing using the feature, which already contained a predefined prefix that had nothing to do with either the recipient or the content of the message itself.
Unfortunately, that was not the case. And, back in September 2017, our team had to temporarily stop Mailtrap functioning due to a phishing attack.
Mailtrap’s new email and domain forwarding verification
As a result, in order to prevent email spam and phishing, and to enhance email user privacy and security, Mailtrap launched the new email and domain forwarding verification feature.
The new functionality requires Mailtrap testing smtp server users to carefully read through and consider the following amendments:
- Mailtrap users will have to verify email addresses they want to forward their email messages to. The system will accept the existing list of emails and automatically transfer them to ‘verified’, so only new email addresses will have to go through the verification procedure. Once an email address is verified for one inbox, a Mailtrap user will not have to verify it for all other inboxes in the account (for paid subscription plans).
- However, both old and new domains will be marked as ‘not verified’. One will also have to add a txt record to a domain, so our team can obtain confirmation that the specific domain belongs to the Mailtrap user and so – deploy it for auto-forwarding.
- In addition, the newly launched feature removes the requirement for mentioning [MAILTRAP FORWARD] in the forwarded email subject line.
Once these steps are completed, you can continue using Mailtrap’s smtp testing functionality as usual.
If you have any questions or concerns about the new features described in this article, please feel free to send them to firstname.lastname@example.org and our team will be happy to assist.