MailChannels: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 11:22, 9 August 2021 edit Batternut (talk \| contribs) Extended confirmed users 11,743 edits Added {{Advert}} and {{Primary sources}} tags Tag: Twinkle ← Previous edit		Latest revision as of 22:05, 28 August 2024 edit undo Citation bot (talk \| contribs) Bots 5,325,009 edits Added date. \| Use this bot. Report bugs. \| Suggested by Abductive \| Category:Anti-spam \| #UCB_Category 73/91
(33 intermediate revisions by 31 users not shown)
Line 1: {{Short description\|Canadian technology company}} {{Multiple issues\| {{Advert\|date=August 2021}} {{Primary sources\|date=August 2021}} {{No footnotes\|date=June 2023}} }} {{Infobox company \| name = MailChannels \| logo = ~~\| logo = https://assets.brandfolder.com/o9xfno-3cqlmg-azcvk6/original/MC_Logo_Full_Color_Light_Background_RGB.png~~ \| type = [[Private company\|Private]] \| industry = [[information_security\|Information Security]], [[Software as a service\|SaaS]] Line 18 ⟶ 20: \| net_income = \| slogan = \| homepage = ~~{{URL\|http://www.mailchannels.com/}}~~ }} '''MailChannels''' is a Canadian technology company that specializes in email security for businesses and [[Internet service provider\|internet service providers]] (ISPs). Founded in 2004 by Ken Simpson and headquartered in [[Vancouver, British Columbia]], the company operates in [[Anti-spam_techniques\|email security]] and the infrastructure market. The business provides a products and services designed to safeguard email systems against [[Spamming\|spam]], [[phishing]], and other harmful content. They guarantee the dependable delivery of legitimate messages and offer a mail relay API for numerous websites{{Citation needed\|date=August 2024}}. '''MailChannels''' is a [[computer security\|cybersecurity]] technology company based in [[Vancouver, British Columbia]]. It provides [[Anti-spam_techniques\|email security]], and email delivery services for [[Web_hosting_service\|web hosting providers]]. ==MailChannels==▼ MailChannels specializes in software and services that detect and block the sending of [[Spam (email)\|spam]], [[phishing]] and other [[abusive]] [[email]]. Unlike most [[Anti-spam techniques\|anti-spam]] technology providers, MailChannels positions itself as a leader in blocking abusive [[email]] at its source by installing software and services within sending networks and services such as [[Internet service provider\|ISPs]] and [[Web hosting service\|web hosting providers]]. To combat outgoing [[Spam (email)\|spam]], MailChannels offers customers either a [[cloud computing\|cloud-based]] [[SMTP relay]] service or software that is installed by the customer within their network. MailChannels' software derives from the [[Open-source software\|open-source]] [[web proxy]] software [[Nginx]], and as such, the company makes the claim that its software is extremely scalable and robust.<ref>{{cite web\|title=MailChannels Transparent Filtering\|url=https://www.mailchannels.com/transparent/\|publisher=MailChannels\|accessdate=30 March 2020}}</ref> MailChannels' customers include large web hosting companies, [[internet service provider]]s, mailbox providers and [[Email service provider (marketing)\|email service providers]] such as [[Endurance International Group]], [[SendGrid]], [[Sherweb]], and Locaweb. ==Company history== ~~The company~~MailChannels was founded in 2004 by former engineers of [[ActiveState]] (acquired by [[Sophos]]), who created one of the first commercial spam filters. The company's first product was an SMTP proxy that provides [[Tarpit (networking)\|tar-pitting]] and transparent [[SMTP proxy]] functionality for inbound [[email]] filtering~~. At the 2007 MIT Spam Conference, the company's founder, Ken Simpson, was awarded the Best Paper award~~. In 2007, MailChannels joined [[M³AAWG]] and closed a [[series A round]] led by early [[Microsoft]] employees. In 2010, the company launched an outbound [[email filtering]] software that claims to be capable of filtering up to 30 million messages per hour, transparently in the network. Outbound email filtering involves scanning email traffic as it exits the network, identifying compromised accounts, and reducing the risk of having IP addresses blocked by receiving networks. In 2013, the company launched a [[cloud-based]] outbound email filtering service. In 2018, the company launched a cloud-based inbound email filtering service. In 2022, the company decided to stop supporting [[Plesk]] for outbound email filtering. == MailChannels and Email Authentication Considerations == In August 2023, security researcher Marcello Salvati presented findings at [[DEF CON\|DEF CON 31]] regarding what he termed a potential vulnerability in MailChannels' email infrastructure.<ref>{{Citation \|title=DEF CON 31 - SpamChannel - Spoofing Emails From 2M+ Domains & Virtually Becoming Satan - byt3bl33d3r \| date=16 September 2023 \|url=https://www.youtube.com/watch?v=NwnT15q_PS8 \|access-date=2023-09-27 \|language=en}}</ref> Salvati's research demonstrated that it was possible to send emails addressed from any domain through a free email sending API that MailChannels had been offering to [[Cloudflare]] Workers users. Salvati's talk highlighted how email receivers often interpret a passing [[Sender Policy Framework\|SPF]] check as an indication that an email message was authentically sent by the owner of a given domain name, even though the [[Sender Policy Framework\|SPF]] RFC specifically advises against interpreting SPF results in this manner.<ref name="RFC7208">{{cite IETF \|rfc=7208 \|section=2.4 \|title=Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1 \|date=April 2014}}</ref> SPF has several notable limitations that are described in the RFC:<ref name="RFC7208" /> # SPF only authenticates the envelope sender (MAIL FROM) and HELO/EHLO identities, not other identities in the message headers. # A passing SPF result does not guarantee the message is not spoofed or malicious. # SPF can't verify specific email addresses, only domains. The authors recommend receivers use SPF as part of a larger set of evaluations rather than treating it as dispositive on its own.<ref name="RFC7208" /> Furthermore, [[RFC 5321]], which defines [[SMTP]], explicitly states that SMTP mail is inherently insecure: {{Quote\|SMTP mail is inherently insecure in that it is feasible for even fairly casual users to negotiate directly with receiving and relaying SMTP servers and create messages that will trick a naive recipient into believing that they came from somewhere else. [...] Real mail security lies only in end-to-end methods involving the message bodies, such as those that use digital signatures.\|RFC 5321, Section 7<ref>{{cite IETF \|rfc=5321 \|section=7 \|title=Simple Mail Transfer Protocol \|date=October 2008}}</ref>}} ▲=== MailChannels' Response === MailChannels CEO Ken Simpson addressed the complexity of the situation, stating, "MailChannels sends email for 30 million different domains that are hosted behind over 600 web hosting provider networks. We cannot force every domain owner to verify the ownership of their domain because domain owners do not even authenticate domain ownership with their own hosting provider".<ref>{{Cite web \|last=Sabin \|first=Sam \|date=11 August 2023 \|title=Exclusive: An email security vendor is leaving 2M domains open to phishing hacks, study finds \|url=https://www.axios.com/2023/08/11/mailchannels-security-phishing-hacks-study \|url-status=live \|archive-url=https://web.archive.org/web/20230816160130/https://www.axios.com/2023/08/11/mailchannels-security-phishing-hacks-study \|archive-date=16 August 2023 \|access-date=28 September 2023 \|website=Axios}}</ref> In response to these findings, MailChannels developed and implemented a new security feature called "Domain Lockdown." This feature enhances domain authentication by linking registered domain names to MailChannels accounts and implementing sender ID verification, providing an additional layer of security beyond SPF.<ref>{{Cite web \|date=21 June 2023 \|title=Introducing MailChannels Domain Lockdown \|url=https://community.cloudflare.com/t/introducing-mailchannels-domain-lockdown/523913 \|access-date=28 September 2023 \|website=Cloudflare}}</ref> While not requiring [[Cloudflare]] users to register an account with MailChannels, since the mechanism operates using DNS records alone. ==See also== Line 51 ⟶ 68: ==References== {{Reflist}} ~~==External links==~~ [http://mailchannels.com/ MailChannels] [https://web.archive.org/web/20110821030639/http://www.thewhir.com/web-hosting-news/032111_MailChannels_Provides_Outbound_Spam_Filter_to_Web_Host_VPSNET Web Host Industry Review: MailChannels Provides Outbound Spam Filter to Web Host VPS.NET] [https://www.washingtonpost.com/wp-dyn/content/article/2007/04/10/AR2007041000479.html Washington Post: Technology Aims to Bore Impatient Spammers] [https://web.archive.org/web/20071021074539/http://www.networkworld.com/news/2007/040207-mit-spam-tarpits.html Network World: Tarpits deter impatient spammers] [http://www.theregister.com/2007/04/02/spam_sucks/ The Register: Spam: It sucks like a tarpit] [https://web.archive.org/web/20071014032044/http://radar.oreilly.com/archives/2007/01/spamonomics_101.html O'Reilly Radar: Spamonomics 101] [http://www.onlamp.com/pub/a/onlamp/2006/10/12/asynchronous_events.html OnLAMP: Developing High-Performance Asynchronous IO Applications] [https://blog.hostmedia.co.uk/1799/working-with-mailchannels/ Case study on using Mail Channels within the hosting industry] {{DEFAULTSORT:MailChannels}} [[Category:Anti-spam]] ~~[[Category:Spam filtering]]~~ [[Category:Technology companies established in 2004]] [[Category:Canadian companies established in 2004]]