To Enterprises and ESPs: A Warning

Mike Hillyer
Oct. 18, 2011 by Mike Hillyer

Don’t talk to ISPs about messaging threats. For them, the topic is old hat. Every day, ISPs are bombarded by messaging attacks, and each is one more targeted, more fiendish, more sophisticated than the one before.

Email Devil

Rather, today’s most dangerous attacks are aimed at particular organizations or people, and they employ highly sophisticated strategies combining identity theft, spoofing and malware. They use an intimate knowledge of the targeted organization and its partners, and they employ every strategy known to marketers to make their communications seem legitimate and relevant. Motivated by financial gain, these cybercriminals ultimately erode the necessary foundation of trust between enterprises, ESPs and customers.

Just last year, RSA was hit by one of these attacks, and it was no accident that RSA is a highly trusted security provider. RSA employees received innocent-looking emails that looked like insider emails, but were spoofs that contained malware. When opened, the malware allowed the bad guys to spy on RSA long enough to launch an even sneakier, more effective phishing campaign against RSA’s client, Lockheed Martin. Not only were identities stolen, but RSA’s hard-earned trust was dealt a decisive blow.

Such attacks are just the tip of the iceberg. And because our entire email ecosystem is predicated on trust, it’s critical for all parties, not just ISPs, to protect inbound and outbound mail. Often overlooked, message streams are frequently the original source of more complex attacks, and if they are compromised, criminals can proceed despite the most robust network security provisions.

But where to begin?

With the right strategy.  My co-author Dave Lewis addressed this in the previous post, but we’re setting out some new ideas about messaging security in a new white paper. Entitled Safeguarding Message Streams for Enterprises and Email Service Providers, the paper outlines seven principles for an effective strategy, and models for putting those principles into action to protect inbound and outbound mail. We’re eager to hear your thoughts on this important topic, so please have a read and comment below.

1 Comment

Share your Thoughts

Your email address will not be published.

Related Content

Running Your First Technical Workshop: The "I Have No Idea What I'm Doing" Edition

Running a technical workshop is difficult! Where do you start? How much time do you allot? What audience do you aim for? Cole talks through what he learned.

read more

Your Email Reputation And Why It Matters

Without a good email reputation, ISPs won’t trust your mail. Join us for our upcoming webinar with BounceX and learn more about email reputation.

read more

Top 5 Reasons to Join SparkPost As An Engineering Intern

Opportunities, technology and perks galore! Our director of HR lays out the top 5 reasons you should consider joining us as an engineering intern.

read more

Start sending email in minutes!

The world’s most powerful email delivery solution is now yours in a developer-friendly, quick to set up cloud service. Open a SparkPost account today and send up to 100,000 emails per month for free.

Send 100K Emails/Month For Free

Send this to a friend