Jump to content

Email from updates@mc.secondlife.com ?


You are about to reply to a thread that has been inactive for 136 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Posted (edited)

I got a email from a address called "updates@mc.secondlife.com" is it official or some one trying to bait again.

Topic: "Titmouse Virtual Cinema: Only in SL" with a strange emote.

Address it self does not seems as official also links inside email very suspicious. (Linked to: Removed link might be dangerous)

I wish we had a way to turn off all official emails to avoid this confusion.

Edited by RunawayBunny
Link to comment
Share on other sites

Posted (edited)
2 hours ago, RunawayBunny said:

I got a email from a address called "updates@mc.secondlife.com" is it official or some one trying to bait again.

Topic: "Titmouse Virtual Cinema: Only in SL" with a strange emote.

Address it self does not seems as official also links inside email very suspicious. (Linked to: https://secondlife.us19.list-manage.com)

I wish we had a way to turn off all official emails to avoid this confusion.

yes that's a official thing from LL i think, advertising some bling bling thing somebody shows in SL ... pure advertisement. 
( directing links seem to be a problem for some websites here, errors are normal, perhaps we need to pay for those too soon)

posts about it here
 

 

Edited by Alwin Alcott
  • Like 1
  • Confused 1
Link to comment
Share on other sites

42 minutes ago, Wulfie Reanimator said:

Since it's coming from a secondlife.com (trusted) subdomain, you know you can trust it.

Never, EVER make that assumption. It's very easy to spoof/forge an email (you basically only need a small web server with PHP support) and if RunawayBunny doesn't use an email provider that does the SPF/DKIM checks - and warns that email is not legitimate (Google/GMail does, luckily - but world is not only Google) - or just uses an old, external email client that gets the mail and does not pay attention to server headers, then... well. Can end badly.

The event is official, yes. Still, these links should be reworked, I'd say - it would also help the "spam score" for Lab's servers. A public list of valid e-mail addresses that are used to send these messages could also be nice.

  • Thanks 3
Link to comment
Share on other sites

Posted (edited)
8 hours ago, Wulfie Reanimator said:

Since it's coming from a secondlife.com (trusted) subdomain, you know you can trust it.

No, it doesn't. Look closer at the link. The sudomain is not secondlife.

I reported this to the moderators. Seems the OP accidentally posted a phishing link here.

 

Edited by ChinRey
Link to comment
Share on other sites

Posted (edited)

mc.secondlife.com is LL's subdomain for MailChimp, which is a marketing mailing list service that Linden Lab uses. It is a lot faster than most internal solutions.

The email is legitimate. I received one on my email that I only use for Second Life, as well as having inspected the email headers.

The reason it comes from mc.secondlife.com is the same reason my automated emails come from mg.MyDomainICantMentionAnymoreOrTheForumThinksItIsSpam.com: To satisfy anti-spam and phishing detection by includinf valid DMARC and DKIM information in the TXT field of the domain name. By using a subdomain, it means LL can still use secondlife.com and all it's other subdomains to send emails and what not that don't go through MailChimp, such as im.secondlife.com for object emails.

You can opt to unsubscribe from these emails by clicking the unsubscribe button at the bottom, or by unsubscribing here: https://accounts.secondlife.com/change_email/

If for some reason the above solutions do not work, you are encouraged to submit a bug report on https://jira.secondlife.com/

 

Just remember that LL will NEVER ask you for your password except during viewer login, id.secondlife.com, web-login.secondlife.com, and on secondlife.com/my/ when changing password. If you receive a email regarding a password reset that you did not request, simply delete and ignore it.

Edited by Chaser Zaks
  • Like 3
Link to comment
Share on other sites

24 minutes ago, Chaser Zaks said:

mc.secondlife.com is LL's subdomain for MailChimp, which is a marketing mailing list service that Linden Lab uses. It is a lot faster than most internal solutions.

OK. Better safe than sorry though.

This is not a good way to do it. How are people supposed to be able to distinguish those links from phising ones?

Link to comment
Share on other sites

From email addresses can be spoofed. The link out isn't a secondlife anything. It may be a goodun, but it looks like a wrongun. I would never trust an email like that.

Some organisations stupidly send emails that look wrong.

Link to comment
Share on other sites

1 minute ago, RunawayBunny said:

Thanks for answers :) If this mail from LL it looks unprofessional.

That's about par for the course. LL isn't the only place it's happening in. Too many just don't care these days.

  • Like 4
Link to comment
Share on other sites

3 hours ago, RunawayBunny said:

Thanks for answers :) If this mail from LL it looks unprofessional.

It is very unprofessional. You removed the link before I got a second look at it (just as well you did) but it was one of those domain names that are easy to "fake", that is you won't easily notice if there's one character in the middle of the mess that has been changed.

I'm actually more worried now that it turns out it was a legit message (as far as spam can be legit) because it means LL is giving a 3rd party service with a very reckless attitude to cyber security access to our contact info.

  • Like 1
Link to comment
Share on other sites

Posted (edited)
2 hours ago, ChinRey said:

It is very unprofessional. You removed the link before I got a second look at it (just as well you did) but it was one of those domain names that are easy to "fake", that is you won't easily notice if there's one character in the middle of the mess that has been changed.

I'm actually more worried now that it turns out it was a legit message (as far as spam can be legit) because it means LL is giving a 3rd party service with a very reckless attitude to cyber security access to our contact info.

The relevant part of the email:

image.png.803b90af9cc27ef83321e6b8df859bfe.png

The link address on "Titmouse" as well as the "Join watch party!" button:

https://secondlife.us19.list-manage.com/track/click?u=9ebeec7d52a633582a780d000&id=380ff18aa3&e=9429c34800

It's not spam or a scam. How do you know? If you're already logged in on the official website and use that link, you'll end up on the official website with your already logged-in account. In the event that it was a malicious link, you would at least not be already logged in.

If you go to list-manage.com, or any subdomain, you will be redirected to a plain-text page that tells you:

Quote

You probably found this page because one of our subscribers used Mailchimp to send you an email campaign and you traced a link in the email back here to investigate. Mailchimp is a marketing platform that serves millions of companies of all shapes and sizes, from all over the world. We send more than 1 billion emails every day, and we help our customers comply with spam laws and best practices so they can get their campaigns into their subscribers' inboxes.

If you go to mailchimp.com, that is their business website.

If you look at any previous emails you've received from updates@mc.secondlife.com ("mc" for "marketing campaign"), you'll notice that LL has been using Mailchimp for a long time.

Every piece of evidence points to the email being absolutely safe and coming from a reputable source.

It's literally just Linden Lab utilizing another company's tools for things like tracking how many people have engaged with their ad campaign through the email link.

8 hours ago, ChinRey said:

No, it doesn't. Look closer at the link. The sudomain is not secondlife.

I reported this to the moderators. Seems the OP accidentally posted a phishing link here.

I was referring to updates@mc.secondlife.com.

Edited by Wulfie Reanimator
  • Like 1
Link to comment
Share on other sites

Posted (edited)

This is not a marketing post, I am not affiliated with Mailchimp, nor am I endorsing it. I use a different provider for my email distribution, so I would have no reason to vouch for Mailchimp other than I know that they are a company that exists and I know they are not a bad/malicious company.

This post is only to explain to those who Mailchimp is, why it is being used, and what they do and do not have access to. So for those worried about Mailchimp:

Who is Mailchimp:

  • Mailchimp is the industry leader in marketing email list distribution(Accounting for more than 62% of this market).
  • Mailchimp is used by various big companies, including Crunchyroll, Name.com, Dailymotion, and DigitalOcean. Around 7,000+ companies use it to date.
  • Mailchimp is not the only company to provide services like this. Others include Mailgun(My choice), Sendgrid, Amazon, and Google. The later two I would have more concern about.
  • Mailchimp has been around since 2001.
  • Mailchimp does not have access to your Second Life account, or any other information.

 

What Mailchimp has access to:

They can see your email address, but that's about it. They are not interested in it for any other purpose other than fulfulling the service Linden Lab has paid for. In specific, it is only used for two purposes:

  1. Sending you emails that Linden Lab has authorized, in this case, it'd be event notifications.
  2. Protecting you from bad actors who abuse Mailchimp to spam. More specifically, the unsubscribe and report button at the bottom of the email. When you unsubscribe, the sender can no longer send you emails via Mailchimp, as it gets put into their internal "Don't send emails to this address". The sender cannot see that you blocked these emails.

 

When is Mailchimp not used?:

Linden Lab does not use Mailchimp for a varying number of emails that they send, these include, but are not limited to:

  • Emails that contain sensitive information, such as password reset, account recovery, anything regarding L$, etc. These are sent directly from Linden Lab to your inbox.
  • Marketplace emails.
  • Instant message emails.
  • Jira emails.
  • Support emails. (These are handled by Freshdesk)
  • User group mailing lists. (These are handled by Google Lists)

 

(My guess as to) why LL is using Mailchimp instead of their own servers:

Very likely due to LL's move to the cloud. Off loading various services to third parties, such as simulator and asset hosting to amazon web services, moving the forums to Invision's servers, etc. It means less money that Linden Lab has to spend to provide a better and faster service (once all the issues of moving from a internal infrastructure to cloud infrastructure is ironed out)

 

Do you have anything to worry about:

No. I do security research and internet technology related stuff. If there was an issue, I would raise issue with it. I'd honestly be more concerned about Amazon hosting simulator and assets than Mailchimp sending out emails.

 

What about the spooky "tracking link"?:

This is purely to assist with Linden Lab making better emails that will help with user engagement in the future. It basically just tells them how many people have clicked in total, how many people clicked a header image vs text link, etc. They are harmless and do not actually "track" you like tracking cookies would.

 

If you still are not ok with this:

You can make sure that Mailchimp will not have your email the next time LL sends out a marketing email by choosing "Unsubscribe" here: https://accounts.secondlife.com/change_email/?lang=en-US

Edited by Chaser Zaks
  • Like 3
Link to comment
Share on other sites

Posted (edited)
19 minutes ago, Chaser Zaks said:

This is not a marketing post, I am not affiliated with Mailchimp, nor am I endorsing it. I use a different provider for my email distribution, so I would have no reason to vouch for Mailchimp other than I know that they are a company that exists and I know they are not a bad/malicious company.

That's good to hear but how about Mallchimp and Maiichimp and Malchimp? Are they serious, reputable companies too?

The actual domain name used in the link isone even more prone to easily overlooked "alternative spellings". There iseven a digit a slash in it. And of course the fact that it isn't the main domain name for the company or not even obviously connected tot he company name at all is a problem in tiself. Those are the kind of domain names phishers because it's so easy for them to come up with something similar enough people won't notice unless they take a closer look and how many people do? This is why I called it a reckless attitude to cyber security.

Edited by ChinRey
  • Like 2
Link to comment
Share on other sites

20 minutes ago, Chaser Zaks said:

If you still are not ok with this:

You can make sure that Mailchimp will not have your email the next time LL sends out a marketing email by choosing "Unsubscribe" here: https://accounts.secondlife.com/change_email/?lang=en-US

This solves the problem thanks for heads up :) I am not interested any email from LL safer this way.

Link to comment
Share on other sites

3 minutes ago, ChinRey said:

That's good to hear but how about Mallchimp and Maiichimp and Malchimp? Are they serious, reputable companies too?

The actual domain name used in the link isone even more prone to easily overlooked "alternative spellings". There iseven a digit a slash in it. And of course the fact that it isn't the main domain name for the company or not even obviously connected tot he company name at all is a problem in tiself. Those are the kind of domain names phishers because it's so easy for them to come up with something similar enough people won't notice unless they take a closer look and how many people do? This is why I called it a reckless attitude to cyber security.

I'm not sure where you are getting Mallchimp, Maiichimp, or Malchimp from.

The domain used was mc.secondlife.com and list-manage.com. Second Life's domain is subject to these issues alone, I can easily type "secondlife secondlife secondllife secondlife secondlife sec0ndlife secondlile sesondlife secondlife seconcllife secondlife secondlife" etc. Can you count how many "alternative spellings" are listed in there?

Phishing is a problem, it has always been one, and will continue to be one no matter how good we make computers and how well we teach users. However technology has been improving to make it more difficult to phish, including various techniques such as machine learning to filter out, and users are slowly learning they need to be careful.

One thing I try to tell people is: If at all possible, if you get a email, don't click the links, instead navigate directly to page by going to a bookmark that you keep or by typing in the URL manually, and if you are ever suspicious, check the SSL certificate and see who it is signed to.

Simply put, you should always be careful what you click.

  • Like 1
Link to comment
Share on other sites

You are about to reply to a thread that has been inactive for 136 days.

Please take a moment to consider if this thread is worth bumping.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...