Summary
Receiving Temu spam emails with valid DKIM signatures from domains like Disney or Homegoods is a multifaceted problem stemming from several key areas. A primary cause is affiliate marketing abuse, where unscrupulous affiliates engage in spammy tactics within legitimate programs, leveraging the brands' DKIM for authentication. This is exacerbated by potential account takeovers (ATO) or compromised systems within those organizations. Old or purchased email lists falling into the wrong hands, often used by Temu affiliates, and brand impersonation tactics further contribute to the issue. Even when DKIM is valid, factors like content, sender reputation, and recipient engagement play crucial roles in ESP filtering. The DKIM is valid, the sending practices are questionable and often involve unauthorized rebranding, domain reputation suffers due to aggressive marketing, and authentication alone is insufficient for ensuring email legitimacy.
Key findings
- Affiliate Abuse: Unscrupulous affiliates are exploiting legitimate programs, sending spam using a brand's valid DKIM.
- Compromised Accounts/ATOs: Accounts within Disney or Homegoods marketing systems may be compromised, leading to unauthorized email sending.
- Old/Purchased Lists: Temu affiliates may be using outdated or purchased email lists.
- Domain Reputation: Aggressive affiliate marketing damages the brand's domain reputation, even with valid DKIM.
- Content Matters: ESPs filter based on content, sender reputation, and engagement, regardless of DKIM.
- DKIM Limitations: DKIM verifies the sender but doesn't guarantee email legitimacy or wantedness.
- Unauthorized Branding: Unauthorized branding practices such as changing the 'Friendly From' is a sign.
- Brand Impersonation: Spammers often successfully mimic legitimate brands and compromise the brand's reputation
Key considerations
- Affiliate Monitoring: Brands must closely monitor affiliate programs for compliance and ethical marketing practices.
- Security: Implement robust security measures to prevent account takeovers and unauthorized access.
- List Hygiene: Maintain clean, up-to-date email lists.
- Reputation Management: Proactively manage domain reputation through responsible email marketing.
- Multi-Factor Authentication: Email providers use various factors to filter emails, not just DKIM.
- User Awareness: Educate users on the limitations of email authentication.
- Review Authentication Setup: Ensure SPF and DMARC records are properly configured.
- Review 3rd Party Permissions: Review the permissions 3rd parties have been given.
What email marketers say
13 marketer opinions
The reason for receiving Temu spam emails with valid DKIM signatures from reputable domains like Disney or Homegoods stems from several potential issues. The predominant factor seems to be related to affiliate marketing abuse, where unscrupulous affiliates associated with these brands engage in spammy practices while still utilizing the brand's DKIM for authentication. This can also include unauthorized branding of "Friendly Froms". Other causes include compromised email accounts within the legitimate domains, old or purchased email lists falling into the hands of Temu affiliates, and even brands suffering from domain reputation damage due to aggressive affiliate marketing tactics. Even with valid DKIM, email service providers might filter emails based on content, sender reputation, and recipient engagement, and also from spammers impersonating brands. These issues can impact email deliverability and brand reputation.
Key opinions
- Affiliate Abuse: Unscrupulous affiliates are using spammy tactics within legitimate affiliate programs, while still sending email using the companies valid DKIM.
- Compromised Accounts: Email accounts or systems within Disney or Homegoods could be compromised, leading to unauthorized sending.
- List Acquisition: Temu affiliates may have acquired old or purchased email lists, leading to spam being sent to outdated addresses.
- Reputation Damage: Aggressive affiliate marketing practices can damage a brand's domain reputation, even with valid DKIM.
- Content & Engagement: Email service providers filter emails based on content, sender reputation, and recipient engagement, irrespective of DKIM.
- Unauthorized Branding: Friendly Froms are unauthorized and de-branding the email.
Key considerations
- Monitor Affiliates: Brands need to closely monitor their affiliate programs and ensure compliance with email marketing best practices.
- Security Measures: Implement robust security measures to prevent account compromises and unauthorized access to email systems.
- List Hygiene: Regularly clean and update email lists to remove inactive or outdated addresses.
- Domain Reputation: Actively monitor and protect domain reputation through responsible email marketing and proactive spam monitoring.
- ESP Filtering: Be aware that ESPs use multiple factors to filter emails, so focus on content quality, sender reputation, and recipient engagement.
- Authentication is not enough: Authentication does not guarantee deliverability or legitimacy.
Marketer view
Marketer from Email Geeks, Brian Sisolak, asked if someone let Acoustic know about the DKIM keys still coming with spop1024. Expert from Email Geeks, Al Iverson, then shares headers with Brian and Brian lets Acoustic know, and they are on it.
28 Aug 2022 - Email Geeks
Marketer view
Email marketer from Reddit comments that affiliate programs can be difficult to control, and some affiliates may use aggressive tactics that border on spam. While the DKIM is valid, the sending practices are questionable.
4 Aug 2022 - Reddit
What the experts say
4 expert opinions
The influx of Temu spam emails bearing valid DKIM signatures from domains like Disney or Homegoods points to a combination of factors. It's suggested there may be either affiliate marketing abuse where illegitimate affiliates are sending emails using a brand's DKIM or it could be hacked accounts that is causing the issue. In all cases, the DKIM signatures pass but they do not guarantee email is legitmate, wanted, or from an ethical source.
Key opinions
- Affiliate Marketing Abuse: Unscrupulous affiliates associated with Disney or HomeGoods might be engaging in spammy practices while still using the company's DKIM.
- Hacked Account: Account Takeover could be occurring.
- Authentication Inadequacy: DKIM and other authentication methods verify the sender but don't guarantee the email is wanted or legitimate.
Key considerations
- Affiliate Monitoring: Thorough monitoring of affiliate activities is crucial to prevent spam and maintain brand reputation.
- Security Enhancements: Implementing robust security measures to prevent account takeovers is essential.
- Email Authentication Limitations: Acknowledge that email authentication alone isn't sufficient for ensuring deliverability or legitimacy; broader strategies are needed.
Expert view
Expert from Word to the Wise, Laura Atkins, emphasizes that while DKIM and other authentication methods verify the sender, they don't guarantee the email is wanted or legitimate. A compromised account or a rogue affiliate can still send spam with valid authentication.
24 Jun 2022 - Word to the Wise
Expert view
Expert from Email Geeks shares that he received a similar Temu spam email with a dkim=pass header.i=@em.homegoods.com header.s=spop1024.
30 Sep 2024 - Email Geeks
What the documentation says
4 technical articles
The documentation collectively highlights that while DKIM confirms the email was sent by an authorized server and wasn't altered in transit, it doesn't ensure the email's content is legitimate, desired, or free of spam. Spammers can exploit legitimate domains and abuse SPF records to pass DKIM checks, sending spam that appears authenticated. Therefore, valid DKIM does not guarantee the email is safe or wanted.
Key findings
- DKIM Limited Scope: DKIM verifies sender authorization and message integrity, not content legitimacy.
- Spam Exploitation: Spammers can abuse legitimate domains and SPF records to pass DKIM checks.
- No Content Guarantee: Valid DKIM doesn't guarantee the email's content is desired or spam-free.
Key considerations
- Beyond Authentication: Relying solely on DKIM for email security is insufficient; consider other factors like content analysis and sender reputation.
- Holistic Security: Implement comprehensive email security measures to combat spam, even with valid DKIM signatures.
- User Awareness: Educate users about the limitations of email authentication and encourage them to be cautious of unsolicited emails.
Technical article
Documentation from RFC Editor explains that DKIM is designed to verify the message has not been altered during transit, and that it was indeed sent by the entity which owns the signing domain. It says nothing about the content or intent of the message.
28 Aug 2023 - RFC Editor
Technical article
Documentation from Microsoft states that spammers can abuse SPF records to pass DKIM by gaining access to the domains email servers or by impersonating the domain owner.
2 Apr 2022 - Microsoft Support
Can a competitor damage my domain reputation by sending spam with my URL?
How can a phishing email pass SPF and DKIM authentication checks?
How can I identify the ESP used to send a spam email using the email headers?
How can I prevent brand and sender profile impersonation in emails and what actions can I take?
How can I stop someone from using my email address to send spam?
How can you identify the source of unsolicited emails and prevent data leaks?
