On the 30th of March we have found that during the month of March 2022 a form spam bot abused the account creation form on the conference registration system which resulted in a considerable amount of spam messages from our mailing systems. If you received any unsolicited e-mails from the e-mail address used by the conference system, please accept our humble apology. If you did not receive an e-mail from EMOK please check your Spam / Junk folder as our messages may be marked as spam for a short period of time. If you wish to learn more about the problem and what we've done to resolve it and learn from others' mistakes please read the rest of this article.

What happened? During March 2022 a spam bot submitted account creation requests on the Conference Registration System for the EMOK 2022 conference. These requests were in a low enough volume to not get caught by us, but by the end of the month a few thousand spam e-mails were sent out. Because the messages contain the name specified in the form, the actual spam message was included in the e-mails effectively meaning spam messages were originating from us. Combing through the data we have found that most of the e-mail addresses were fake and used the domain names of popular free e-mail providers (GMail, Yahoo!, Outlook.com, Hotmail.com, Mail.ru etc.).

Was any user information at risk? No, personal information was not accessed and was not at risk of being accessed unauthorized.

What was our immediate response? Immediately after finding the problem we temporarily closed the account creation form to stop further messages from being sent. In the following hours we added a CAPTCHA test based on Google's ReCAPTCHA and implemented some heuristic defenses to stop automatic bots then reopened the form. We updated the e-mail template not to use user input in any form (either in the recepient information or in the message body). We then removed the offending "accounts" from our system.

What are our plans to further strengthen our infrastructure? We plan on creating distinct subdomains for newsletters and transactional e-mails so that delivery issues with on don't affect the other types. We will also audit our IT systems to make sure that unauthenticated users can not make our systems send e-mails without testing that they are actually human.

What is the impact? As most e-mail addresses were fake, the biggest impact is that the domain reputation of emok.hu was severily damaged. Most recipient addresses were from the domain names of Google, Yahoo!, Outlook.com, Hotmail.com and Mail.ru. Until these big providers regain their trust in messages sent from emok.hu they may be delivered to the Spam / Junk folder. We are keeping an eye on the reputation information available from these providers (even though even with this incident the volume of e-mails sent from emok.hu was only enought for Google to publish a domain rating) and will update this article when the delivery issues are solved.

How can I help? If you expect an e-mail from emok.hu please check your Junk / Spam folders. If you see an e-mail in there from us, open it and choose the Not Spam / Not Junk option as user interaction is an important metric used in the spam filters of the big e-mail service providers. This could help us get our domain reputation back to it's previous high level. As a general suggestion we advise you to check your spam folder at least once a week and mark miscategorised messages as not spam as a simple oversight like in this case can have a huge impact.