Some of our customers have received notification from Google concerning a possible phishing attack originating from our servers that might have lead them to believe their account and/or domain had somehow been compromised.
An investigation is currently on-going with Google and we will keep you posted as soon as we have more information.
Thank you for your understanding.
update@9:10 : We would like to confirm that this incident was related to a single account *only* and did not concern other CakeMail accounts. The account in question has been terminated and the problematic links have been neutralized. CakeMail is safe to be used to send out campaigns.
UPDATE on June 21rst - message has been sent to all account admin.
From: CakeMail Support | firstname.lastname@example.org
Subject: Explanation regarding Google phishing notifications
Recently, you may have received a notification from Google regarding possible phishing attempts using a link under a domain name you configured to work with CakeMail. We would like to let you know that:
Your account, and your customer’s accounts, have not been compromised.
The phishing was not sent from your, or one or your customers’, account.
The phishing was not sent to your subscribers nor to anyone of your customers’ account subscribers.
It is safe for you and your customers to send emails.
Yes, emails identified as “phishing” by Google were sent from CakeMail’s network:
The emails originated from a single account, which is not related to you or your customers.
This account has been terminated
The phishing URLs have been neutralized
Why have YOU been notified by Google?
When configuring your white label account with CakeMail, you added an alias using your domain for tracking links. All our white label resellers are configured the same way.
When Google identified one phishing link, it validated the link under all other known aliases and it redirected them the same destination:
If http://phishing-white-label-domain.com/c/2341234324 redirected to a phishing URL, Google tested the link using all known aliases using the same network:
which would all redirect to the phishing URL.
By seeing this, Google notified you of the potential problem. Since the URL with your domain was never sent in an email or publicized in any way, no harm has been done.
What are we doing about it?
Completely unique links are now in place:
If http://reseller1-white-label-domain.com/c/2341234324 redirects to a specific URL.
Then http://your-white-label-domain.com/c/2341234324 does not redirect at all.
So, if the situation happens again, you will not receive notifications from Google.
We also work continually to make improvements to our monitoring systems to eliminate phish and spam emails from being sent from our network.
What YOU can do about it
Although this problem didn’t originate from your account, there are a few steps you can take to help you preserve your sender’s reputation as a reseller, reduce your exposure and limit your level of vulnerability:
Limit the sending capacity for Self-Serve accounts
Monitor the first send of new accounts
Consider implementing a cap on the first two or three months of new clients with more than 5000 contacts that don’t come from another ESP:
Limit their monthly sends from 1 to 4 times their list size.
Audit the account after the trial period
Provided a positive audit, increase the limits
When in doubt, contact our deliverability team to help you assess the legitimacy of a new customer.
We thank you for your understanding and welcome any feedback you may have.