SYNAQ Securemail mail delays 12-05-2016 Partial
Incident Report for SYNAQ
Postmortem

Summary and Impact to Customers

On Thursday 12th May 2016, SYNAQ Secure Mail experience a degraded performance incident from 12h20 until 16h04.

The impact of the event resulted in up to a 3 hour delays of mail on the SYNAQ Secure Mail platform between 12h24 to 16h04.

Root cause and Solution

The root cause of this event was a distributed denial of service attack on the SYNAQ Securemail environment. At 10h00 the platform was hit again by the spoof attackers where hundreds of thousands of emails from thousands of different IP addresses were sent to the platform.

The attack was greater than the attack of the previous day with the spoofers sending two mails per IP address and coming from hundreds of different unique IP addresses from the IP’s that were blocked the previous day. The attachment was also constantly being changed to have different names ensuring there was no commonality between all the mails.

The attacker spoofed numerous addresses on the SYNAQ Securemail environment with the from address matching the recipient. The spoofed mails also contained JavaScript attachments which contained Malicious Malware intended to acquire sensitive information from the end users this information was sent to.

The platform blocked these messages from reaching the intended recipients ensuring no compromised spoofed mails with Malicious Malware was received by the end users and ensuring the protection of the SYNAQ Securemail client base.

With these messages being blocked however bounce messages were sent back indicating the message was not delivered. With the continuous attack the bounces served to double the email load on the platform from this particular attack.

The new IP addresses were blocked at a network level which prevented mail coming from these IP addresses being processed by the platform. A patch was released to prevent bounce backs from reaching recipients and this halved the load on the platform. All spoofed mail from these spoofers were deleted from the queues.

The above measures allowed for the platform to regain stability and work through the backlog.

Remediation Actions

Over 60 000 additional addresses have been blocked from sending mails to the platform as part of this spoofing attack

A patch has been released to prevent bounce backs going to users who mails to themselves containing malicious content

Posted Nov 07, 2016 - 17:00 CAT
Resolved
The mail delay issue on SYNAQ Securemail has been resolved. Please note that a Route Cause Analysis will be sent out early next week. We understand how this effects your business and we sincerely apologize for the inconvenience caused.
Posted May 12, 2016 - 16:07 CAT
Identified
The problem has been identified and procedures are now being put in place to improve delays. Please note that a Route Cause Analysis will be sent out early next week. We understand how this effects your business and we sincerely apologize for the inconvenience caused.
Posted May 12, 2016 - 15:12 CAT
Update
The delay has reached 2 hours now for a subset of users. The team is continuing to work on the problem.
Posted May 12, 2016 - 13:43 CAT
Investigating
SYNAQ Securemail is currently experiencing a 30 minute delay affecting a sub set of the user base. This is currently being investigated.
Posted May 12, 2016 - 12:20 CAT
This incident affected: SYNAQ Securemail.
Current Status Powered by Atlassian Statuspage