How to handle spam / malware email to your List.

If one of your subscriber's email accounts are hacked, they may send spam/malware to all of the addresses in their address book. This would also be sent to your mailing list.

Since the email is coming from a current subscriber, there is no reason to stop it. Also, if the threat is so new that our malware filtering is not yet aware of it, then the email could be sent to your entire list.

You cannot recall email sent via the Internet, unlike emails sent internally via Microsoft Exchange. Once the email is sent, it can never be recalled or canceled.

What To Do "Now"

Step One - Remove the Subscriber

  • Immediately remove the subscriber from your mailing list. For the integrity of your list, we don't want any repeats of this type of incident.
  • Contact the subscriber by telephone or private email to let them know their email account has been hijacked.
  • Once they can confirm to your satisfaction that they have resolved their problem, then again add the subscriber to your mailing list.

Step Two - Email Your List

  • Email your mailing list asking them to delete the bad message that was forwarded.
  • If your subscribers are relatively tech savvy, then these malicious emails will not fool them. Also, their software may have blocked the messages as potential spam.

Step Three - Remove from Archives

If you are using the Searchable Web Archive option, you can remove that email from your archives.

For help, please see How do I delete a message from the web archives

What to Consider for the Future

Consider using Mobile First Formatting

Mobile First Formatting converts all outgoing email to plain text. The advantage is:

  • Buttons, logos and tricky graphics are removed.
  • Actual links in the email are shown.
  • URLs will show exactly where the link is pointed and not a fake image meant to fool the reader.

For details, please see "Mobile First" Formatting.

 

Consider using Sender Approval for Possible Spam

Use the option to Ask Subscriber To Approve Messages That Look Like Spam. This option will reply to any message that appears to be spam, and ask the sender to approve the message.

For details, please see How do I stop spam from being sent to our mailing list?

Spammers change their tactics all the time. Even this option is not going to work if our system does not detect it is spam. If we do detect it as spam, the good news is.....hackers just send out spam. They don't reply to incoming emails asking for approval. If the sender does not approve the message, then it is not forwarded to your mailing list.

 

Consider having Subscribers Moderate Messages

Use the option to Have Subscribers Moderate Their Own Messages. This option will reply to any message a subscriber sends, asking them to reply and release their message to the list. This is helpful when someone is pretending to use your subscriber's email

The "Auto" feature in this option is useful, since it only asks subscribers who have not posted in 90 days to approve their message. In many cases, non-active users are the most likely to have their accounts hacked.

For details, please see How do I ensure that a message was posted by my subscriber and not a spammer?

------------------------------------------------------------------------------------------------------------------------------

Helpful Tips

Five easy ways to recognize and dispose of malicious emails

Five red flags for spotting malicious emails:

  1. The sender address isn’t correct.
  2. The sender doesn’t seem to know the addressee.
  3. Embedded links have weird URLs.
  4. The language, spelling, and grammar are “off.”
  5. The content is bizarre or unbelievable.

For the full article from Malwarebytes Labs, please click here.