Originally posted by Robert Boyle (ProofPoint)

At 6:20am Pacific Time on May 25th, Proofpoint observed a large FlawedAmmy* campaign using .IQY files attached to email as the infection vector. At the start of the campaign, Proofpoint's systems allowed some of these files to pass. IQY files are 'internet query' files, typically opened by Microsoft Excel; they contain information used by Microsoft Excel to retrieve external data. If an end-user opens these email attachments in Excel, FlawedAmmy will attempt to install and operate. Our centralized filtering has subsequently been adjusted to block those files

Read more »

Proofpoint Threat Advisory - Basestriker (May 2018)
Posted by Carlos Rios on 25 May 2018 05:26 PM
Originally Posted by Chris Moores (ProofPoint)

A new vulnerability has been identified in Office 365 where an attacker can put a URL in the <base> URL tag as opposed to the normal <HREF> tag and as a result by-pass URL re-writing logic. Proofpoint Threat Operations has not identified significant usage of the technique by threat actors in the wild. In addition, we employ many layers of defense against malicious email content. URL reputation checks and URL rewriting are only one of a large set of analysis techniques used by Proofpoint’s advanced threat analytics suite, which work together to determine the potential maliciousness of an email. We will continue to monitor for the active use of this technique.

When will Proofpoint rewrite URLs using the <base> tag?
While Proofpoint has not seen significant usage of this technique by threat actors in the wild, Proofpoint engineering is working on modifying our URL rewriting logic to include <base> tags in the near future.

Read more »

Posted by Carlos Rios on 09 March 2018 08:05 PM
FuseMail GDPR site. 
Join the FuseMail Team and industry expert Michael Osterman for a look into GDPR Compliance and its Impact on Security & Data Protection Programmes. 
FuseMail held a webinar on GDPR Compliance and its impact on data security programmes with special guest speaker and industry expert Michael Osterman. The webinar was a resounding success with big interest in our VaultCritical GDPR compliant email archiving solution off the back of it.

If you missed out, you can watch the webinar recording here:

Read more »

FuseMail GDPR Notice
Posted by Carlos Rios on 09 March 2018 08:02 PM

FuseMail, as part of the j2 Global group, is taking all necessary steps to comply with the GDPR, including engaging key stakeholders across our company to assess impact of the GDPR on our customers and actively evaluating our internal controls and procedures to identify any changes that need to be implemented in order to comply with the GDPR by the May 25, 2018 deadline.

FuseMail will also be incorporating language into existing and new contracts and updating our privacy policies to provide additional assurance that we have appropriate legal mechanisms and safeguards in place to securely process and transfer personal data in relation to the services we provide.

Read more »

Reflexion Single Sign-On - ACTION REQUIRED
Posted by Carlos Rios on 28 February 2018 07:31 PM

If you are currently using the Single-Sign-On feature (SSO) in Reflexion, you will need to take steps to ensure the feature continues to work.  The current SSL certificate that supports this service on will be renewed on March 14th 2018. 

** If you are not using SSO with Reflexion, you do not have to take any actions.**

The SSO feature makes use of this certificate to secure the connection between Reflexion and your federation service. Therefore, the new Reflexion certificate needs to be added to your AD FS Relying Party Trust configuration for SSO to continue to work properly. 

If you are currently using this features, here are the steps to update the certificate on your ADFS server if you are using SSO:

1. Connect to your AD FS server that you have setup to perform SSO with Reflexion
2. Open the AD FS 2.0 Management application

3. In the management application, go to "Trust Relationships" -> "Relying Party Trusts"

The yellow warning sign indicates, that the certificate associated with Reflexion SSO is about to expire. 

4. Right click on the Reflexion Relying Party Trust and select Properties
5. Change to the "Signature" window. You should see the following: 

6. Click "Add" and select the provided Reflexion certificate (.cer format)
7. The result should look like this: 

8. Once the old certificate expires, you can remove it from this list. Keep in mind that the old certificate is still in use until Reflexion updates the production certificate on March 14th 2018

Read more »

Excel Micro Educational Session: Is Email Archiving Important?
Posted by Carlos Rios on 05 February 2018 11:46 AM

Excel Micro Educational Session: Is Email Archiving Important?

A focus on email archiving with a brief demonstration of one of our email archiving solutions.

View Recording Here:

Read more »

ERROR: This domain name does not match domain registered in the license key file (, allowed domains:,localhost, please change the product path to match the domain under Admin CP > Settings > General Settings
This product will not work properly unless untill that value is changed.

For more information please contact Kayako support at