How to handle spam / malware email sent to your List.

If one of your Subscriber's email accounts are hacked, they may send spam/malware to all of the addresses in their address book. This would also be sent to your Mailing List.

Since the email is coming from a current Subscriber, there is no reason to stop it. Also, if the threat is so new that our malware filtering is not yet aware of it, then the email could be sent to your entire List.

You cannot recall email sent via the Internet, unlike emails sent internally via Microsoft Exchange.

Once the email is sent, it can never be recalled or cancelled.

What To Do "Now"

Step One - Remove the Subscriber

  • Immediately remove the Subscriber from your Mailing List. For the integrity of your List, we don't want any repeats of this type of incident.
  • Contact the Subscriber by telephone or private email to let them know their email account has been hijacked.
  • Once they confirm to your satisfaction they have resolved the problem, then again add the Subscriber to your Mailing List.

Step Two - Email Your List

  • Email your Mailing List asking them to delete the bad message that was forwarded.
  • If your Subscribers are relatively tech savvy, then these malicious emails will not fool them. Also, their software may have blocked the messages as potential spam.

Step Three - Remove from Archives

If you use the Searchable Web Archive option, you can remove that email from your archives.

For help, please see Delete a message from Web Archives.

What to Consider for the Future

1. Consider using Mobile First Formatting

Mobile First Formatting converts all outgoing email to plain text. The advantage is:

  • Buttons, logos and tricky graphics are removed.
  • Actual links in the email are shown.
  • URLs will show exactly where the link is pointed and not a fake image meant to fool the reader.

For details, please see "Mobile First" Formatting.

 

2. Consider using Sender Approval for Possible Spam

Use the option to Ask Subscriber To Approve Messages That Look Like Spam. This option will reply to any message that appears to be spam, and ask the sender to approve it.

Spammers change tactics all the time. Even this option won't work if our system does not detect it as spam. If we do detect it as spam, the good news is.....hackers just send spam. They don't reply to incoming emails. So, if the "sender" does not approve the message, then it is not forwarded to your Mailing List.

For details, please see Spam: Prevent from sending to your Mailing List.

 

3. Consider having Subscribers Moderate Messages

Use the option to Have Subscribers Moderate Their Own Messages. This option will reply to any message a Subscriber sends, asking them to reply and release their message to the List. This is helpful when someone is pretending to use your Subscriber's email

The "Auto" feature in this option is useful, since it only asks Subscribers who have not posted in 90 days to approve their message. In many cases, non-active users are the most likely to have their accounts hacked.

For details, please see Ensure message was sent by Subscriber and not a spammer.

------------------------------------------------------------------------------------------------------------------------------

Helpful Tips

Five easy ways to recognize and dispose of malicious emails

Five red flags for spotting spam/malware:

  1. The sender address isn’t correct or doesn't match the sender name / Reply To.
  2. The sender doesn’t seem to know the addressee.
  3. Embedded links have weird URLs.
  4. The language, spelling, and grammar are “off.”
  5. The content is bizarre or unbelievable.

See the full article from Malwarebytes Labs for more details.