MailChannels
Canadian technology company From Wikipedia, the free encyclopedia
Remove ads
Canadian technology company From Wikipedia, the free encyclopedia
MailChannels is a Canadian technology company that specializes in email security for businesses and internet service providers (ISPs). Founded in 2004 by Ken Simpson and headquartered in Vancouver, British Columbia, the company operates in email security and the infrastructure market. The business provides a products and services designed to safeguard email systems against spam, phishing, and other harmful content. They guarantee the dependable delivery of legitimate messages and offer a mail relay API for numerous websites[citation needed].
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
|
Company type | Private |
---|---|
Industry | Information Security, SaaS |
Founded | 2004 |
Headquarters | Vancouver, Canada |
Area served | Worldwide |
Key people | Ken Simpson, CEO |
Products | Spam Filtering, Anti-spam |
Services | Computer Security |
MailChannels was founded in 2004 by former engineers of ActiveState (acquired by Sophos), who created one of the first commercial spam filters.
The company's first product was an SMTP proxy that provides tar-pitting and transparent SMTP proxy functionality for inbound email filtering.
In 2007, MailChannels joined M³AAWG and closed a series A round led by early Microsoft employees.
In 2010, the company launched an outbound email filtering software that claims to be capable of filtering up to 30 million messages per hour, transparently in the network. Outbound email filtering involves scanning email traffic as it exits the network, identifying compromised accounts, and reducing the risk of having IP addresses blocked by receiving networks.
In 2013, the company launched a cloud-based outbound email filtering service.
In 2018, the company launched a cloud-based inbound email filtering service.
In 2022, the company decided to stop supporting Plesk for outbound email filtering.
In August 2023, security researcher Marcello Salvati presented findings at DEF CON 31 regarding what he termed a potential vulnerability in MailChannels' email infrastructure.[1] Salvati's research demonstrated that it was possible to send emails addressed from any domain through a free email sending API that MailChannels had been offering to Cloudflare Workers users. Salvati's talk highlighted how email receivers often interpret a passing SPF check as an indication that an email message was authentically sent by the owner of a given domain name, even though the SPF RFC specifically advises against interpreting SPF results in this manner.[2]
SPF has several notable limitations that are described in the RFC:[2]
The authors recommend receivers use SPF as part of a larger set of evaluations rather than treating it as dispositive on its own.[2]
Furthermore, RFC 5321, which defines SMTP, explicitly states that SMTP mail is inherently insecure:
SMTP mail is inherently insecure in that it is feasible for even fairly casual users to negotiate directly with receiving and relaying SMTP servers and create messages that will trick a naive recipient into believing that they came from somewhere else. [...] Real mail security lies only in end-to-end methods involving the message bodies, such as those that use digital signatures.
— RFC 5321, Section 7[3]
MailChannels CEO Ken Simpson addressed the complexity of the situation, stating, "MailChannels sends email for 30 million different domains that are hosted behind over 600 web hosting provider networks. We cannot force every domain owner to verify the ownership of their domain because domain owners do not even authenticate domain ownership with their own hosting provider".[4]
In response to these findings, MailChannels developed and implemented a new security feature called "Domain Lockdown." This feature enhances domain authentication by linking registered domain names to MailChannels accounts and implementing sender ID verification, providing an additional layer of security beyond SPF.[5] While not requiring Cloudflare users to register an account with MailChannels, since the mechanism operates using DNS records alone.
Seamless Wikipedia browsing. On steroids.
Every time you click a link to Wikipedia, Wiktionary or Wikiquote in your browser's search results, it will show the modern Wikiwand interface.
Wikiwand extension is a five stars, simple, with minimum permission required to keep your browsing private, safe and transparent.