MXroute - Outbound emails to Comcast – Incident details

All systems operational

Outbound emails to Comcast

Resolved
Operational
Started 6 months agoLasted about 4 hours

Affected

SMTP

Operational from 5:01 PM to 8:52 PM

Updates
  • Resolved
    Resolved

    Outbound email to Comcast has been restored. Exactly 105 emails were halted by this block. We have in place significant mitigations that should begin to discourage this attacker from continuing to seek out our platform.

  • Identified
    Identified

    To mitigate a threat to our platform and IP reputation, we have temporarily disabled outbound email to comcast.net. We are working on stronger mitigation to this which does not impact legitimate email. However, the attacker is presently a few steps ahead of us.

    By all appearances, an individual who desires to send Comcast phishing emails has purchased multiple accounts from resellers, some accounts sitting dormant for as long as 4 months. We keep terminating their accounts as we identify them, but from the outside the only reasonable conclusion is that we appear to be taking no action to halt this activity on our platform. Because, to put it simply, our termination efforts have not effectively halted these outbound emails for the last 72 hours. Playing whack-a-mole may be entertaining, but we believe that it would be better for users to be unable to send email to Comcast for a few hours than any other short term option.