Category Archives: Uncategorized

What is Spear Phishing?

Phishing attacks have become an unfortunately common occurrence.  A relatively new wrinkle is called spear phishing where the phishing email targets a specific individual, business, or organization.  Spear phishing is used for two main purposes:

  1. Steal data for malicious purposes
  2. Install malware on the target’s computer for use in against another organization

Regardless of intention, if executed properly, a spear phishing ploy is bad news for your company.

How Are Spear Phishing Attacks Performed?

Here’s a general rundown of how spear phishing scams work:

  • An email arrives in a colleague’s inbox, seemingly from a trustworthy source like a supplier, vendor or even your own corporate website. Spear phishing emails often use clever tactics like matching logos, verbiage and even similar looking URLs to those you would find normal to get the victim’s attention.)
  • The message leads the unsuspecting recipient to a well-designed bogus website either with a login portal or with a hidden cache of malware that they attempt to download and install.
  • Hackers will then sell the login credentials or malware networks to governments, private entities or other hackers for further exploitation.

Cybercriminals use tailored approaches that leverage social engineering techniques to encourage victims to act before they think to personalize messages and websites used in their scams. According to a March report on spear phishing from cybersecurity firm Barracuda Networks, these attacks are frequently researched in advance and intended to capture data, such as login credentials or other highly sensitive information. Analyzing 360,000 emails that involved spear phishing over a three-month period, the company’s researchers found that 83% of these attacks involve brand impersonation of companies users know and trust.1

Moreover, to increase success rates, spear phishing messages often contain urgent explanations on why sensitive information is needed. The combination of realistic branding and urgent need to act pushes users to act before they think.  This kind of social manipulation is “becoming the key ‘attack vector’ in cybersecurity attacks.”2  Victims are usually asked to open a malicious attachment or click on a link that takes them to a spoofed website where active passwords, account numbers, PINs, or access codes are requested. 

How to Fight Spear Phishing

Since spear phishing attacks are becoming more difficult to detect, protecting your business email is even more important. Traditional security can stop some of these scams but not all because of the clever customization. A single mistake enables fraudsters to gain access to commercially sensitive intel, forever damaging your company’s brand. In addition, spear phishing attacks can deploy malware to hijack computers, organizing them into enormous networks (botnets) that can be used for denial of service attacks.

To fight spear phishing scams, employees need to be aware of the threats, such as the possibility of bogus messages landing in their inbox. It’s a simple answer, but informed employees are the first line of defense in combatting malicious online attacks. Besides education, technology that focuses on email security is necessary.

In addition, it is important for email senders to protect their brands from use in spear phishing attempts.  Big brands like American Express, Amazon.com and PayPal were once often leveraged by fraudsters because of their wide usage, credibility and access to financial and personal information.  Now, large corporations are deploying technologies to prevent use of their brands so fraudsters are forced to use smaller, less protected brands.

Protecting Your Brand – MxToolbox Delivery Center

To protect your brand from use in phishing and fraud emails, you need to deploy new technologies like SPF, DKIM, DMARC and actively manage the information your receive from inbox providers about your email delivery status.  MxToolbox’s Delivery Center  provides your business with the email deliverability insight you need.  Our Experts combine best practices on email delivery with new technologies and our own experiences to give you best-in-class incite into the deliverability of your known email senders and early warning on emerging threats emails like spearphishing.  We can even manage your email delivery with our Managed Services program.

1, 2 Gizmodo, Privacy and Security. https://gizmodo.com/spear-phishing-attacks-are-on-the-rise-security-firm-s-1833455812

Can DMARC stop spam?

Yes, yes it can.  But, how?

DMARC, by itself, does not stop a spammer from sending email.  To be effective at reducing spam, everyone needs to implement DMARC and follow-up by improving the compliance rates of their outbound emails.  As your legitimate email becomes more DMARC compliant, you can begin to tell recipients to ignore email that isn’t compliant.  This spam will bounce and foil the spammers trying to use your brand!

Learn More about how MxToolbox can help you.

Improving DMARC Compliance

DMARC is not a set-and-forget type of technology.  It changes as your company adopts new email senders, and as fraud and phishing threats emerge.  Your legitimate email should be as compliant as possible in order to reach your audience.  Insight from MxToolbox Experts can help you improve DMARC compliance.  Learn More

INPS_DE Blacklist Offline

The INPS_DE blacklist, operated out of Germany recently decided to shut down their blacklist service due to changes in regulations. As such, we have temporarily removed them from our blacklist monitoring services. If they decide to reinstate their blacklist database we will re-evaluate their inclusion in our monitoring.

Notice of blacklist database termination from the blacklist operator:

For more than 10 years I, Christian Jung, have been working with passion and enthusiasm the inps.de DNSBL and the inps.de DNSWL. I wanted to work with these projects which have been very well received, making the internet a little bit better and also to be a small part of it.

The protection of data has always played a significant role in development. The entry into force of the basic data protection regulation DSGVO on 25.05.2018 succeeded for However, a massive insecurity and with the means available to me I can get one Legal advice, which would provide the necessary clarity, at the present time simply can not afford.

For this reason, I have decided with a heavy heart, the inps.de DNSBL for the time being “put on ice” and to offer it to the public only when there is clarity in this respect. From my DNS servers will be delivered an empty zone, so that all previously entered IP addresses to the outside are no longer registered. I thank from the bottom of my heart all those who have supported my projects in the past years so energetically supported. Without this support would be the hit rate far from being so good.

Sectoor Exitnodes shutting down

Update: We have shut down blacklist monitoring on Sectoor Exitnodes as this blacklist is in fact currently offline.

If you have received blacklist alerts regarding this list, the alerts and monitor status will be automatically corrected by our monitoring system during the next check. There is no action you need to take at this time.


Earlier today we detected abnormal behavior from the blacklist Sectoor Exitnodes. Its domain registration expired recently and their blacklist database is now showing signs it may be going offline.

We are monitoring this situation and will update this post once more details are available.

Abuse System Update

On May 9th we updated our abuse system to shutdown unauthorized and excessive access to our site and improve service to our free and paying customers.  During the update of the abuse management system all access to the site was shutdown for approximately 10 minutes instead of the shorter planned outage.

As of Noon Central US time all access has been restored.  We apologize for the inconvenience.

NoSolicitado False Positives

Blacklists operate using DNS system where a blacklist publishes a set of IP addresses that are blacklisted. We query these lists in real-time to give you a consolidated report of the blacklist reputation of and IP address. Sometimes a DNS server at a blacklist operator may get out of sync with the entire pool or the pool may get out of sync with the database. Regardless of the root cause, we always display what we receive when we query the blacklist providers’ DNS servers.

Currently, we are noticing On Friday, we noticed some issues where the Blacklist NoSolicitado is showing some IP addresses blacklisted and then quickly delisting them. These bounces are affecting customers with blacklist monitors and those searching IP addresses. We will update when there is more information.

Update:  NoSolicitado has updated their DNS and we are no longer showing false positives of listing/delisting bounces.  If you are on NoSolicitado, it is a legitimate listing.