Why is Zimbra's security so poor?

  • 1
  • Question
  • Updated 2 years ago
  • Answered
My address has been hacked or spoofed several times since the migration. I will soon be searching for a new ISP
Photo of Deborah L. Hall

Deborah L. Hall

  • 7 Posts
  • 1 Reply Like
  • aggravated

Posted 2 years ago

  • 1
Photo of Old Labs

Old Labs

  • 3293 Posts
  • 3271 Reply Likes
While reports here indicate Zimbra's spam filtering may not be as robust as some would like it to be, it's not likely that your email account has been hacked (nor that the Zimbra servers have been hacked).

Spoofing is a different beast altogether and all it takes is knowing a valid email address (typically spammers, spoofers and phishers will buy lists of valid email addresses). It's as easy to spoof a from address as it is to write down someone else's return address on a letter you send through the USPS.

For spam overload, see the following tips:

http://www.spamlaws.com/prevent-spam.html

Note also that simply deleting spam email doesn't do any real good, you have to actually report them as spam/phishing attempts in order for the server's  spam filters to learn that they are actually spam and filter them accordingly in the future - if enough people do that they'll be flagged as spam eventually and it may be that Zimbra is early on in its learning process after the switch.

For an example of one way spammers obtain valid email addresses, mu wife was suffering from spam overload up until several months ago - 100s per day. Tracking the source down, it was the result of an email newsletter she had signed up for from a local mom and pop operation. The newsletters were being sent by copying the full list of subscribers in the copy field - all the spammers had to do was subscribe to the newsletter themselves to obtain a list of valid email addressed. Eventually after repeatedly reporting the spam it's slowed to a trickle (a couple a day) and they're continuously reported as spam since the spammers change their tactics and the spam filters need to learn new footprints.   
(Edited)
Photo of Diana

Diana, Viasat Employee

  • 2152 Posts
  • 382 Reply Likes
Hi Deborah, I'm sorry you feel that way.  Old Labs is correct.  Please send us a copy of the spam phishing email to exedelistens@viasat.com with your account information. We will escalate it. We also have tips on our website. Check out this link as well as the one Old Labs provided. http://help.exede.net/articles/General/Protecting-your-email-from-spam. Thanks