Email Abuse for Fun and Profit

By Andrew Davidson
on July 9, 2018

postmark We here at Under Design have been running our own web, email and other internet servers for decades, and we monitor them for malicious attacks. We use a free email monitoring service (Postmark App) from Philadelphia based Wildbit, whose weekly updates keep us up to date with email security and the general flow of SPF and DKIM aligned emails, which is a smart security precaution (and should be standard operating procedure for any company doing email transactions these days). Imagine our surprise when our usual email flow of around 30-40 emails per week exploded, as you can see from these weekly updates:

Postmark Weekly Reports from May 14 through June 4, 2018

May 14
May 21
May 28


With some basic detective work, all those 1.6 million emails originated from a few automated bots inside China and India, falsifying their header records to appear to be sent from our (relatively unused, untampered with) domain. The end result was that we discovered free email providers (hotmail being one example) were flagging all messages (both spam and real) from our domain and simply tossing them before delivery. All in all, we probably lost every email sent the week of May 21-28, 2018.

Our email flow has been back to normal since them, so I hope that will be the last of it, but with a short .com domain, I know better. I highly recommend you set up your own domain to align your SPF and DKIM records, and help stamp out spam! Postmark is a great start in email security! Special thanks to TinyPNG for compressing my graphics for quick downloads.