I received one of these this morning and as we have 12,000 SmarterMail Mailboxes checked the logs and found that over 500 of these emails were received overnight to SmarterMail mailboxes that we host.

We have blocked emails from 'do-not-reply@smartertools.com' in SMTP Blocks to prevent any more of these phishing emails being received.

It looks like SmarterMail Mail Servers are being targeted by this phishing attack.

The messages has the following and get the recipient to click a link to a phishing website.

-----------------------
Smartermail protected message.

Protected message was received

------------------------

SmarterTools please warning your users about this phishing attack targetting your SmartMail users.

'Antispam - Options - Enable DMARC policy compliance check' will prevent these from being received, do you have that option enabled?

We find that the 'DMARC policy compliance check' causes too many false positives.

However, do use SPF checks and if SmarterTools changed their SPF record from a Sof Fail  "~all" to a Hard Fail "-al" then these spoofed @smartertools.com emails could have been blocked with the current anti-spam setting that we have in place.