Re: phishing email from do-not-reply@smartertools.com
Question asked by Hemen Shah - 2/3/2020 at 11:47 PM

Had anyone received phishing email from do-not-reply@smartertools.com, this looks worry some now coming as SM domain, is it ok to paste the header here which might help others to take care at their end !!
have sent email with message and headers to SM support.


3 Replies

Reply to Thread
Bruce Replied
I received one of these this morning and as we have 12,000 SmarterMail Mailboxes checked the logs and found that over 500 of these emails were received overnight to SmarterMail mailboxes that we host.

We have blocked emails from 'do-not-reply@smartertools.com' in SMTP Blocks to prevent any more of these phishing emails being received.

It looks like SmarterMail Mail Servers are being targeted by this phishing attack.

The messages has the following and get the recipient to click a link to a phishing website.

Smartermail protected message.
Protected message was received

SmarterTools please warning your users about this phishing attack targetting your SmartMail users.
Steve Norton Replied
'Antispam - Options - Enable DMARC policy compliance check' will prevent these from being received, do you have that option enabled?
Bruce Replied
We find that the 'DMARC policy compliance check' causes too many false positives.

However, do use SPF checks and if SmarterTools changed their SPF record from a Sof Fail  "~all" to a Hard Fail "-al" then these spoofed @smartertools.com emails could have been blocked with the current anti-spam setting that we have in place.

Reply to Thread