Notification from Google concerning a possible phishing attack


Some of our customers have received notification from Google concerning a possible phishing attack originating from our servers that might have lead them to believe their account and/or domain had somehow been compromised.

An investigation is currently on-going with Google and we will keep you posted as soon as we have more information.

Thank you for your understanding.

update@9:10 : We would like to confirm that this incident was related to a single account *only* and did not concern other CakeMail accounts. The account in question has been terminated and the problematic links have been neutralized. CakeMail is safe to be used to send out campaigns.

UPDATE on June 21rst - message has been sent to all account admin.

From: CakeMail Support |

Subject: Explanation regarding Google phishing notifications

Dear client,


Recently, you may have received a notification from Google regarding possible phishing attempts using a link under a domain name you configured to work with CakeMail. We would like to let you know that:

  1. Your account, and your customer’s accounts, have not been compromised.

  2. The phishing was not sent from your, or one or your customers’, account.

  3. The phishing was not sent to your subscribers nor to anyone of your customers’ account subscribers.

  4. It is safe for you and your customers to send emails.

What happened?

Yes, emails identified as “phishing” by Google were sent from CakeMail’s network:

  • The emails originated from a single account, which is not related to you or your customers.

  • This account has been terminated

  • The phishing URLs have been neutralized

Why have YOU been notified by Google?

When configuring your white label account with CakeMail, you added an alias using your domain for tracking links. All our white label resellers are configured the same way.

When Google identified one phishing link, it validated the link under all other known aliases and it redirected them the same destination:

If redirected to a phishing URL, Google tested the link using all known aliases using the same network:

which would all redirect to the phishing URL.

By seeing this, Google notified you of the potential problem. Since the URL with your domain was never sent in an email or publicized in any way, no harm has been done.

What are we doing about it?

Completely unique links are now in place:

If redirects to a specific URL.

Then does not redirect at all.

So, if the situation happens again, you will not receive notifications from Google.

We also work continually to make improvements to our monitoring systems to eliminate phish and spam emails from being sent from our network.

What YOU can do about it

Although this problem didn’t originate from your account, there are a few steps you can take to help you preserve your sender’s reputation as a reseller, reduce your exposure and limit your level of vulnerability:

  • Limit the sending capacity for Self-Serve accounts

  • Monitor the first send of new accounts

  • Consider implementing a cap on the first two or three months of new clients with more than 5000 contacts that don’t come from another ESP:

    • Limit their monthly sends from 1 to 4 times their list size.

    • Audit the account after the trial period

    • Provided a positive audit, increase the limits

  • When in doubt, contact our deliverability team to help you assess the legitimacy of a new customer.


We thank you for your understanding and welcome any feedback you may have.




Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request


Article is closed for comments.