Sender Validation has officially gone mainstream. We received a phone call about a week ago from a guy named Rich whose colleague had received the following message:

His friend forwarded the message onto him, and he googled the second sentence “we have implemented Sender Address Verification.” Sendio popped up in the search results – a similar variation of this exists in the community invitation Sendio users send out. He picked up the phone, gave us a call, and agreed to send the message over so we could take a look.

Curious, we did a little bit of googling on our end and found that this phishing attack had been floating around all summer - targeting Verizon email users.

However, if you did happen to receive this message – hopefully you were able to pretty rapidly identify it as a phishing attempt.  HUGE red flags here included:

• The numerous grammatical mistakes (The “Verizon Internet Team” most definitely DID NOT write this message)
• The call to action: responding to an email with your username and password!? Never provide private contact information in the body of an email message.  In any situation where this is required, you will be taken to a secure login page.  Even in these situations, be wary of the url, is it really a valid Verizon page?
• The ultimatum: “Failure to do this will immediately render your email address deactivated from our database.”  Sounds pretty serious.  However, if you take a moment to really think this through – as a best business practice Verizon would NEVER do something like this.  (And if they were, the email community would surely be buzzing about it).

If any of these points snuck past you, there are a number of great articles out there that can get you up-to-speed quickly on latest phishing tactics, how to spot them, and how to avoid them.

Or for a pretty fun, tactile way to digest these same points, check out SonicWALL’s phishing IQ quiz: http://www.sonicwall.com/phishing/index.html (less than 8% of test takers could spot a phish 100% of the time!)

In an ideal world, where we focused on whether the sender of a message can be trusted, these messages would never hit an email user’s inbox – but until then, we’ll be keeping our eyes and ears to the ground.

And while it may not be the cover of Rolling Stone, this shout-out to Sender Validation feels pretty good. Spammers thrive on latest IT, culture and political trends (think “Obama” spam circa January ’08 or the Valentine’s day attacks that hit every year in February).  And we’re just a little pleased they’re finally hopping on the Sender Validation bandwagon.

As one of our team members put it, imitation IS the sincerest form of flattery.