Ken has an article up today about the ongoing attacks against ESPs and email marketers. In it he says:
Someone in permission-based email marketing should have sounded the alarm about the wedding-photo attacks months before Blumberg did.
The attacks were being talked about on at least 2 different private lists. One made up primarily of email marketers and most of them didn’t seem to take it very seriously. The other list, though, had a number of people sounding loud alarms, sharing IP addresses to block and reporting the information to various block lists and anti-spam vendors in order to protect their infrastructure. One of my clients has been aggressively chasing this for a few months, as well.
To the best of my knowledge, no one knew of any actual compromises that had happened. I only received my first phish last Wednesday. The only other company that had sent mail to that tagged address was Return Path and I immediately notified them that they appeared to be breached.
While I know nothing was made public and that may be a problem, to assert that no one sounded an alarm is untrue. There were a lot of people that were sounding alarms and sharing information to help other companies protect themselves from the phishing attacks. To the best of my knowledge the truly targeted spear phishing attacks on ESPs started about 6 weeks ago.
Ken touches briefly on something that I, and others, have been saying. Email is hostile traffic. Email marketers seem to not understand how much hostile traffic comes into the average users’ mailbox nor how many email marketing practices actually train users to be accepting of that traffic.
It’s something I will be blogging about over the next few days or months. Because it’s time for email marketers to understand just how malicious spammers are and how they can stop helping the criminals.