Will my regular email domain reputation be affected if I use an alternative domain during a ransomware attack?

Yes, a ransomware attack can damage your primary domain's reputation, especially if it's used for malicious activity. Using an alternative domain helps protect your primary domain's future deliverability, but the alternative domain itself might face challenges if it's not pre-warmed or properly authenticated. To understand more, read about how email blocklists actually work .

How quickly can I set up these alternative communication methods during an emergency?

Setting up alternative methods can be time-consuming during a crisis, so it's best to have them pre-configured and tested as part of your disaster recovery plan. This includes pre-registering contacts and ensuring all necessary access credentials are secure and accessible from outside your compromised network.

What kind of communications are considered 'essential' during a domain outage?

Essential communications include critical alerts to employees regarding business operations, security updates, instructions for remote work, and urgent notifications to customers or regulatory bodies about the incident. These are messages that must be delivered regardless of the primary system status, unlike typical marketing communications.

Can I use public email services like Gmail or Outlook.com for emergency communications?

While technically possible, using personal or free public email accounts for official essential communications is generally not recommended due to security, privacy, and deliverability concerns. It's better to use a dedicated, pre-established backup ESP or other formal out-of-band channels for professional communication.

How can I prevent my domain from being blacklisted (blocklisted) after a ransomware attack?

To prevent blacklisting, isolate infected systems immediately, stop any unauthorized sending, and work with your security team to clean and restore your domain. Implement strong email authentication (SPF, DKIM, DMARC) and monitor your domain reputation closely. For more details on this, see what happens when your domain is put on a blocklist .

What are alternative methods for sending essential communications if our domain is down due to a ransomware attack? - Troubleshooting - Email deliverability - Knowledge base

A ransomware attack can be devastating for any organization, potentially locking down critical systems and making your primary communication channels, including your email domain, inaccessible. When your domain is compromised or offline, the ability to send essential communications, like urgent alerts to employees, customers, or stakeholders, becomes severely hampered. This situation demands a proactive and well-thought-out contingency plan.

Relying solely on your primary email infrastructure in such a crisis is not an option. It's crucial to explore alternative methods to ensure vital messages still reach their intended recipients, even if your main domain is rendered useless. This planning isn't just about technical solutions, it's about maintaining operational continuity and safeguarding your organization's reputation during an emergency.

The impact of ransomware on email systems

Ransomware doesn't just encrypt files, it can cripple an entire network, including your DNS infrastructure and mail transfer agents (MTAs). If your DNS is affected, your domain may effectively be 'down' or unreachable, preventing any mail from being sent or received using your standard domain. This can lead to a complete communication blackout via traditional email.

Beyond technical outages, a ransomware incident can also severely impact your sender reputation. Even if you manage to restore some email functionality, your domain might end up on an email blocklist (or blacklist). Being blocklisted means that emails from your domain will likely be rejected or sent directly to spam folders by recipient mail servers.Understanding what happens when your domain is on an email blacklist is vital for recovery planning.

The reputational fallout

A compromised domain can quickly find its way onto public and private blocklists. Even after the immediate technical issues are resolved, rebuilding domain reputation can be a long and challenging process. This makes fallback communication strategies even more critical.

Another concern is the potential for spammers or bad actors to exploit your compromised domain. They might use it to send out malicious emails, further damaging your email domain reputation and potentially causing it to be blacklisted on a wider scale.

Establishing out-of-band communication

The most robust approach to crisis communication during a ransomware attack is to establish out-of-band (OoB) communication channels. These are communication systems that operate completely independently of your primary network and domain infrastructure. This ensures that even if your core systems are down, you still have a reliable way to reach employees, customers, and other essential contacts.

When setting up OoB channels, prioritize those that are less susceptible to the same types of attacks or outages as your primary systems. For instance, if your internal email server is compromised, cloud-based messaging services accessed via personal devices might still be functional. The key is diversity and independence from your affected environment.

Key principles for OoB communication

Independence: Ensure the alternative system does not rely on your compromised network, domain, or authentication.
Pre-registration: Critical contacts should be pre-registered and aware of this alternative method.
Simplicity: Choose systems that are easy to use and access during a stressful event.

Alternative communication channels and methods

While email is often the go-to, several other channels can be activated for essential communications. These might include non-corporate messaging apps, SMS, or even traditional offline methods depending on the severity and reach of the attack.

Traditional email (compromised)

Reliance: Heavily dependent on your internal domain and network infrastructure.
Vulnerability: Direct target of ransomware attacks, often making it unusable.
Reputation risk: Can lead to your domain (or IP) being blocklisted.

Alternative communication methods

SMS/Text messaging: Highly reliable for urgent, short messages, independent of internet or domain status.
Public messaging apps: Platforms like Signal or Telegram can be used for group communication, provided users have access on personal devices.
Website banners/status pages: If your website is hosted externally and remains unaffected, a static status page can convey information.
Social media: Twitter, Facebook, and LinkedIn can be effective for broad public announcements.
Direct phone calls/call trees: For highly critical, immediate notifications to a smaller group.

For situations where your primary email service is down but you need to send emails, using an alternative Email Service Provider (ESP) is a viable option. You would typically send from their shared domain (e.g., yourcompany.esp.com) or a pre-configured backup domain. Bear in mind that using an ESP's generic domain might affect how recipients perceive the email, but it prioritizes delivery during a crisis. It's also important that your access to this ESP isn't dependent on your compromised local infrastructure (e.g., via single sign-on).

Method	Speed	Reach	Reliability (during attack)	Considerations
SMS/Text messaging	Instant	High (everyone has a phone)	Very high	Short messages only, consent required for marketing
Cloud-based messaging apps	Near-instant	Medium (requires app installation)	High (if separate from network)	Requires pre-existing setup and external access. Services like Outlook or Teams may be down if linked to your compromised domain or network.
External website/status page	Moderate	High (publicly accessible)	High (if hosted externally)	Requires users to actively check the page. Ensure DNS records for this site are outside your network.
Social media	Fast	High (broad public reach)	High (if credentials are secure)	Limited character count, requires followers for effective reach.
Backup ESP with generic/backup domain	Fast	High (email lists)	Moderate (potential deliverability impact)	May face deliverability challenges, sender reputation issues (blocklists), or perceived as spam if not warmed up.

Considerations for alternative email sending

If using a backup ESP, especially one where you send from their shared domain (e.g., yourcompany.esp-emails.com), understand that deliverability may be challenging. Such domains often carry a generic reputation, and a sudden surge of mail from an unfamiliar sender could trigger spam filters. This is why email deliverability issues are critical to consider, even in an emergency.

One significant concern with using a new or generic domain is its reputation. A domain that hasn't been warmed up with legitimate sending history will look suspicious to mailbox providers. Your messages might be treated as potential spam, even if they are urgent and legitimate. This is where the concept of a fallback communication strategy becomes crucial, as highlighted by Wire.com in their discussion on cyber crisis preparedness.

To mitigate this, some organizations establish a dedicated, pre-warmed backup domain and associated ESP for disaster recovery. This domain would have its own authentication records like SPF, DKIM, and DMARC properly configured, and perhaps even minimal, consistent sending volume to maintain a good sender reputation. This proactive step helps ensure that when it's needed, its deliverability is as strong as possible. The National Cyber Security Centre (NCSC) in the UK also emphasizes effective communications in a cyber incident, underlining the need for such preparedness.

Key takeaways for ransomware preparedness

A ransomware attack highlights the critical need for a comprehensive incident response plan that extends beyond technical recovery to include robust communication strategies. Assuming your primary email domain will be unusable is a safe and prudent approach to planning.

Prioritizing the establishment of truly independent, out-of-band communication channels is paramount. These methods ensure that even when your primary systems are compromised or down, you can still reach your audience with vital information. Remember, preparedness is the best defense against the communication blackout that a ransomware attack can impose.

Views from the trenches

Best practices

Develop an out-of-band communication system that is entirely separate from your main network.

Pre-register critical contacts on alternative platforms to ensure immediate access during an incident.

Establish a dedicated, pre-warmed backup domain with proper email authentication records (SPF, DKIM, DMARC) for emergency email sending.

Regularly test your alternative communication channels to verify their functionality and reach.

Ensure access to your ESP or other communication platforms is not reliant on single sign-on tied to your compromised internal infrastructure.

Common pitfalls

Assuming your primary email or internal network will remain accessible for crisis communication.

Relying on shared ESP domains for high-volume emergency sends without prior warming or reputation.

Failing to pre-plan communication methods and contact lists before an incident occurs.

Not considering the reputational impact of sending from an unfamiliar or generic domain during a crisis.

Having alternative systems that still depend on the same compromised DNS or network infrastructure.

Expert tips

Contingency planning should focus on truly independent communication systems that do not share infrastructure with primary operations.

When selecting an ESP for emergency email, consider their ability to handle sudden volume spikes from an unfamiliar sender.

Disaster recovery for email streams should involve splitting volume across multiple sending IPs for resilience.

Using generic or shared domains for emergency email can lead to deliverability challenges, as they are not 'warmed' with your specific mail traffic.

Ensure that external access methods for critical platforms are independent of your internal network to avoid being locked out.

Marketer view

Marketer from Email Geeks says the biggest risk might be the domain being registered through a lower-tier web hosting provider, and that provider becoming compromised.

2022-03-31 - Email Geeks

Expert view

Expert from Email Geeks says that shared domains for email sending can be risky and often lead to deliverability issues, particularly with Gmail.

2022-03-31 - Email Geeks