MailChannels
MailChannels is a Canadian technology company that is specialized in email security for businesses and internet service providers (ISPs). Founded in 2004 by Ken Simpson and headquartered in Vancouver, British Columbia, the company operates in the areas of email security and infrastructure market. The business provides a variety of products and services designed to safeguard email systems against spam, phishing, and other harmful content. Simultaneously, they guarantee the dependable delivery of legitimate messages. Additionally, they offer a mail relay API for numerous websites.
Type | Private |
---|---|
Industry | Information Security, SaaS |
Founded | 2004 |
Headquarters | Vancouver, Canada |
Area served | Worldwide |
Key people | Ken Simpson, CEO |
Products | Spam Filtering, Anti-spam |
Services | Computer Security |
Company history
The company was founded in 2004 by former engineers of ActiveState (acquired by Sophos), who created one of the first commercial spam filters.
The company's first product was an SMTP proxy that provides tar-pitting and transparent SMTP proxy functionality for inbound email filtering.
In 2007, MailChannels joined M³AAWG and closed a series A round led by early Microsoft employees.
In 2010, the company launched an outbound email filtering software that claims to be capable of filtering up to 30 million messages per hour, transparently in the network. Outbound email filtering involves scanning email traffic as it exits the network, identifying compromised accounts, and reducing the risk of having IP addresses blocked by receiving networks.
In 2013, the company launched a cloud-based outbound email filtering service.
In 2018, the company launched a cloud-based inbound email filtering service.
In 2022, the company decided to stop supporting Plesk for outbound email filtering.
Email spoofing exploit
In August 2023, A presentation was given at DEF CON 31 by security researcher Marcello Salvati[1] that demonstrated how he was able to impersonate over 2 million domains registered to Mailchannel by taking advantage of their lack of authentication of domain ownership. Salvati discovered that anyone with access to a free Cloudflare account could send email using any domain registered with MailChannels. This was made possible due to MailChannels trusting all traffic from Cloudflare. The only security MailChannels had to prevent abuse of their system from Cloudflare users was a spam filter.
CEO Ken Simspon said in an interview to website Axios, "MailChannels sends email for 30 million different domains that are hosted behind over 600 web hosting provider networks. We cannot force every domain owner to verify the ownership of their domain because domain owners do not even authenticate domain ownership with their own hosting provider".[2]
Simpson and Salvati had spoken with each other months before the research was published, and in response to this serious flaw in security, MailChannels and Cloudflare implemented a new feature called "Domain Lockdown" that uses domain authentication by tying registered domain names to MailChannel accounts and sender ID to try and prevent any future domain impersonation.[3]
References
- DEF CON 31 - SpamChannel - Spoofing Emails From 2M+ Domains & Virtually Becoming Satan - byt3bl33d3r, retrieved 2023-09-27
- Sabin, Sam (11 August 2023). "Exclusive: An email security vendor is leaving 2M domains open to phishing hacks, study finds". Axios. Archived from the original on 16 August 2023. Retrieved 28 September 2023.
- "Introducing MailChannels Domain Lockdown". Cloudflare. 21 June 2023. Retrieved 28 September 2023.