When Third Party Email Providers Leak

Written 13 years ago by Mike Cardwell

At the beginning of January I received a spam email on the address bulksms@mydomain. I’ve only ever given this email address to one company, I sent them an email to find out if their database had been compromised. This has happened a few times with different companies and typically they ignore me when I report it. That is exactly what happened late last year when I contacted about a similar problem. BulkSMS’s response however was above and beyond anything I expected.

Dear Mike,

Our apologies for the long delay in replying to you since your last correspondence with us.

After an extensive investigation, although it would be impossible to entirely rule out that the issue of a leak was on our systems, we believe this to have happened at a third party email provider but cannot prove this.

In the light of your complaint to us, we have addressed the severity of the matter by deciding to move to another email service provider with a view of strengthening our IT systems and external communications policies. We are also putting measures in place to be able to conclusively show any compromise to our system by publishing some honeypot addresses through to our external email provider and holding back some addresses to compare what spam we receive. 

Please keep us informed of any concerns, we value your feedback.

Kind regards

****** *********
Marketing & Communications

Complete transparency. Not only did they take my complaint seriously and provide excellent customer service, but they also addressed the actual problem, and put in some proper technical measures to alert them automatically if it happens again. In future, not only will they be able to detect if their email address list is compromised, but they’ll be able to detect if it was the third party provider or their own systems which leaked it.

So if your business is planning to use a third party email provider, or are already using one, take a serious look at setting up some honeypot accounts. When your email list eventually gets leaked, you’ll at least know who to blame.

Want to leave a tip?BitcoinMoneroZcashPaypalYou can follow this Blog using RSS. To read more, visit my blog index.