Connect with us

General

The number 1 reason why you should never have your CMS send emails – A Hackers Delight

CMS email bulk delivery engines are at best poorly designed to handle bulk emailing. I won’t bore you with domain throttling, instant unsubscribe header, SPF, DKIM and the other techie stuff needed to get your emails delivered. But what I do want you to think about is what happens when a hacker breaks into your CMS.

Last updated by

on

There are a huge number of CMS offerings out there and most have some sort of email delivery engine that enables you to send emails like newsletters to your clients, suppliers and prospects all with a simple click of a button.

This might sound great but stop and have a think about this in relation to your recipients trust in your business.

CMS email bulk delivery engines are at best poorly designed to handle bulk emailing. I won’t bore you with domain throttling, instant unsubscribe header, SPF, DKIM and the other techie stuff needed to get your emails delivered but suffice to say that most CMS systems would not have a clue.

But what I do want you to think about is what happens when a hacker breaks into your CMS.

Well a smart hacker will not only download the CMS data but will also look for any email sending feature. Why?

Easy – because overtime sending emails via your CMS your clients, suppliers and prospects have whitelisted your domain/IP in their address book so there is a very good chance that a high proportion of the emails will be delivered and bypass the spam filter checks.

That is a dream for hackers – they have a pre-approved channel to send spam/links to malware all under your whitelisted CMS mail server.

So how do you remove this issue?

Your systems should be walled-off silos where communication between systems is done via an encrypted API or other channel. What that means is if you have your email sending system separate from your CMS system and your online shop is also separate from your CMS and email delivery systems – if one gets hacked then not all of your data and systems is accessible to the hacker.

So in our example if the CMS is hacked then hopefully (if setup right) the hacker cannot access the email delivery system using the same tactic. Of course your passwords are different for all systems!

The hacker can download the CMS records and send email using their own system but then its sent by a non-trusted mail server and they will have all the spam filter checks to get through.

Mobilize Mail clients are setup using the walled-off silo concept. Their email subscribers are managed by Mobilize Mail which also sends the emails. Mobilize Mail provides IP intrusion detection software and encrypted communication channels so if the clients CMS or other system is hacked the hacker will have to try another tactic to bypass Mobilize Mail’s unique security mechanisms.

This all may sound boring and hard but if you work with the right Email Service Provider its actually not hard at all. Just think of your client’s reaction to seeing porn sent from your business account. That should spur you into action!

Spotify
1password
PartnerStack